I am currently recruiting for a Senior Cyber Security Engineer to join a Not-for-Profit organisation based in Basingstoke. This role is designed to safeguard the organisation’s reputation and digital assets by ensuring robust, secure, and resilient platforms - even when managed by external partners. This individual will not only conduct independent PEN testing and identify security improvements but also act as the internal advocate for digital best practices, coordinating across multiple suppliers to drive continuous improvement in platform governance, availability, and risk management. Key Responsibilities · Conduct penetration testing (PEN testing) and security reviews across TrustMark’s digital products and supplier-managed environments (AWS, APIs, websites, and data platforms). · Identify vulnerabilities and provide clear, actionable recommendations for improvement to third-party suppliers. · Act as the internal champion for digital security, operational resilience, and governance best practices. · Collaborate with suppliers (TechInfluence, FutureProcessing, and Crozier) to align on TrustMark’s security and operational expectations. · Develop, refine, and monitor security and resilience standards to be adopted across the supplier ecosystem. · Provide assurance and reporting to TrustMark stakeholders on the health, risks, and maturity of the digital estate. · Facilitate periodic reviews, audits, and testing exercises to evaluate infrastructure and application robustness. · Stay abreast of emerging threats, vulnerabilities, and regulatory standards relevant to cloud-native and outsourced environments. Essential Skills and Experience · Proven experience in cybersecurity, PEN testing, and cloud infrastructure (preferably AWS). · Strong understanding of cloud-native architectures, DevOps processes, and third-party risk management. · Familiarity with governance frameworks (ISO 27001, NIST, Cyber Essentials, etc.). · Excellent communication and stakeholder engagement skills. · Experience working in or alongside highly outsourced technology delivery models.