Job Description

Description

The Group Information Security Team (GIST) is a centralised, highly visible, and responsive function enabling Arrow Global Group and its 20+ Group companies across investment, capital management, real estate, and hospitality sectors to operate securely.


The Group Cyber Security Specialist plays a critical hands-on role in delivering and maintaining core security controls while supporting both BAU/SOC activities and project delivery across the organisation. This position works closely with Group and Business Unit (BU) technology teams, providing expert security guidance, ensuring strong control operation, and strengthening our overall cyber resilience.

About the role

Act as the Group cyber security SME for projects across multiple business units, providing early engagement, risk identification, and secure-by-design guidance. Review and challenge solution designs to ensure security controls are embedded from the outset and aligned with Group policies and architectural standards. Validate that new systems, applications, integrations, and third-party suppliers meet Group security and assurance requirements. Partner with the Group Cyber Architect to ensure implementations align with strategic roadmaps, security patterns, and target architectures. Monitor, triage, and respond to SOC/MSSP alerts, supporting threat analysis, incident investigations, and remediation planning. Analyse operational security events to identify recurring issues and proactively drive control improvements and SOC maturity. Own and enhance security runbooks, detection rules, and BAU processes to strengthen response capability and reduce false positives. Manage the end-to-end vulnerability management lifecycle, including scanning, prioritisation, reporting, and stakeholder engagement. Identify systemic vulnerability trends, provide technical remediation guidance, and drive SLA-based remediation with BU IT teams. Coordinate and manage third-party penetration testing activities, from scoping through to remediation and closure of findings. Support Group assurance, compliance, and audit activities, contributing to continuous improvement against internal and external standards. Proactively monitor emerging threats and regulatory expectations, recommending improvements to tooling, automation, and Group security controls to uplift cyber maturity.

About you

Proven experience in a technical cyber security, SOC, or security engineering role within complex environments.
Strong hands-on experience with core security tooling, including EDR, SIEM, Secure Email, Secure Web, CASB, and vulnerability management platforms.

Solid understanding of incident response lifecycle, threat investigation techniques, and operational security processes.

Proven experience supporting multi-business-unit, federated, or decentralised IT environments.

Working knowledge of cloud security principles across Azure and AWS environments.

Ability to manage multiple priorities across BAU operations, security incidents, and project delivery.

Strong analytical capability with excellent written and verbal communication and documentation skills.

Experience driving security remediation and working effectively with IT teams and managed service providers.

Familiarity with security frameworks and regulatory expectations (e.g. ISO 27001, NIST CSF, FCA or equivalent).

Exposure to regulated industries such as financial services, private credit, or real estate is advantageous.

Relevant security certifications (e.g. Security+, SSCP, CySA+) with intent to pursue advanced certifications (CISSP, CISM, GIAC, or Microsoft SC-series).

Confident stakeholder engagement skills, including the ability to influence, present risk, and communicate effectively with technical and non-technical audiences across geographies.

About Arrow Global Group

Great talent comes in many forms, and we're committed to building a diverse and inclusive team. Whilst a number of our roles do require specific qualifications and experience, and industry knowledge, we also value potential, unique perspectives, and transferable skills. If you're excited about this opportunity but don't meet every requirement, we'd still love to hear from you.



We occasionally collaborate with recruitment agencies to fill niche or specialist roles. However, we do not accept agency terms or pay fees for speculative CVs submitted directly to our hiring managers or outside our Applicant Tracking System.

If you are a recruitment agency interested in partnering with us for candidate supply, please reach out to

recruitment@arrowglobal.net