×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager Data Security Information Security

Head of Cyber Threat Exposure and Attack Surface Management

Job in Knutsford, Cheshire, WA16, England, UK
Listing for: Barclays
Full Time position
Listed on 2026-02-19
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager, Data Security, Information Security
Salary/Wage Range or Industry Benchmark: 40000 - 60000 GBP Yearly GBP 40000.00 60000.00 YEAR
Job Description & How to Apply Below

Lead the enterprise-wide Continuous Threat Exposure Management (CTEM) strategy, ensuring that the firm continuously identifies, prioritizes, and mitigates exploitable attack paths across on-prem, cloud, and hybrid environments. The CTEM Lead partners closely with Application Security, Vulnerability Management, Red Team, and Security Operations to deliver a unified mission -- transforming exposure insights into measurable risk reduction and proactive defense.

Accountabilities

  • Own and drive the global CTEM strategy, establishing a continuous, threat-driven exposure management lifecycle aligned with NIST, MITRE, and CISA Secure-by-Design principles.

  • Lead and develop a high-performing CTEM team, fostering collaboration, technical excellence, and an outcome-driven culture.

  • Integrate and oversee key exposure management technologies, including Cloud Security Posture Management (CSPM), SaaS Security Posture Management (SSPM), Attack Surface Management (ASM), Breach & Attack Simulation (BAS), and other exposure correlation platforms.

  • Correlate assets, identity, vulnerability, and configuration to identify high-impact, exploitable attack paths and inform prioritized remediation strategies.

  • Collaborate with Application Security, Vulnerability Management, Red Team, and Security Operations to synchronize discovery, validation, and remediation of exposures across the enterprise.

  • Align CTEM outputs with real-world adversary behaviors, leveraging Red Team and Threat Intelligence input to validate attack paths and focus on exploitable conditions.

  • Drive automation and AI-enabled analytics to continuously map, assess, and measure reductions in the organization’s attack surface.

  • Translate technical findings into business risk language, enabling senior leadership and risk committees to make data-driven investment decisions.

  • Define and lead CTEM governance and operating models, ensuring exposure assessments, validation, and remediation tracking are embedded in operational processes.

  • Establish clear KRIs and maturity metrics that demonstrate continuous improvement in visibility, validation, and response effectiveness.

  • Partner with architecture and engineering teamsto embed proactive exposure management practices earlier in design and delivery pipelines.

  • Represent the organization externally, contributing to sector-wide initiatives (FS-ISAC, MITRE Engenuity, etc) to advance exposure management practices across financial services.

Essential Skills / Basic Qualifications

  • Experience in cybersecurity with direct exposure to vulnerability management, red teaming, or threat exposure reduction.

  • Proven track record leading programs integrating CSPM, SSPM, ASM, BAS, or exposure correlation technologies.

  • Strong understanding of attack paths, adversary emulation, and continuous validation concepts.

Desirable skills/

Preferred Qualifications:

  • Experience in financial services or other regulated sectors.

  • Familiarity with MITRE ATT&CK/CTID, CISA Secure-by-Design, NIST CSF 2.0/CRI Profile, and DORA/FFIEC exposure frameworks.

  • Experience with cloud environments (AWS, Azure, GCP) and hybrid infrastructure exposure management.

  • Understanding of vulnerability exploitability scoring (EPSS, CVSSv4) and exposure correlation methods.

  • Advanced degree or certifications such as CISSP, OSCP, or GCP/Azure security specialist.

  • Demonstrated ability to build data-driven dashboards for exposure visibility and remediation governance.

Purpose of the role

To keep our customers, clients, and colleagues safe by identifying cyber-vulnerabilities across the Bank, using a risk-based approach to prioritise them, and to drive effective remediation activity.

Accountabilities

  • Allocation of the correct risk rating and remediation prioritation to a vulnerability based on industry standards for assessment, available threat intelligence concerning exploitation, the reachability of the host (or asset) and the value of the service(s) running on the impacted host.

  • Development of vulnerability management operating model, policies and procedures to ensure consistency in vulnerability identification, remediation and reporting. Element owner of the Vulnerability Management Standard including Issues…

Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search