IT Security Project Manager

About Olympus

We are an equal opportunities employer and we are committed to ensuring that no applicant or employee receives less favorable treatment on the grounds of gender, age, disability, religion, belief, sexual orientation, marital status, or race, or is disadvantaged by conditions or requirements which cannot be shown.

The job is conducted in line with our Core Values which are: Patient Focus, Integrity, Innovation, Impact and Empathy. Olympus is an equal opportunities employer championing a culture of equality, diversity and inclusion embedded throughout the organization and workforce.

Job Summary

The IT Security Project Manager is responsible for the successful delivery of cybersecurity and information security projects within the organization, managing and coordinating the full project lifecycle from initial risk assessment and requirements capture to deployment and transition into business-as-usual. This role specializes in delivering projects that span security tooling implementations, vulnerability remediation programs, identity and access management, regulatory compliance initiatives, and security operations improvements, ensuring all security changes are planned, governed, and executed in alignment with the organization's risk posture.

The IT Security Project Manager is responsible for delivering an agreed scope on time and within budget, through driving risk-reduction outcomes and managing risks, assumptions, issues, and dependencies across security programs such as endpoint detection and response rollouts, zero-trust initiatives, penetration test remediation, and regulatory compliance programs. The IT Security Project Manager will work with security engineering, SOC, GRC, and legal teams, as well as managed security service providers (MSSPs), and keep sponsors and risk owners updated through robust governance and regular reporting.

PRIMARY DUTIES AND RESPONSIBILITIES

Project Management

• Deliver an agreed technology scope on time and within budget.
• Drive value-based outcomes through the full project lifecycle from initial analysis to post-deployment.
• Own (create and maintain) the project plan of key activities, outputs, and dependencies.
• Own the project financials (forecasting, budgeting) and resource model.
• Identify and onboard resources required to deliver the project scope, oversee and coordinate day to day team activities aligned to the project plan

Project Governance and Communications

• Track and mitigate risks and issues, document and manage assumptions and dependencies, escalating where required.
• Effectively manage relationships with delivery teams, including 3rd parties where required.
• Manage expectations of sponsors and other stakeholders through timely, well-structured communications on progress and project health.
• Drive robust project governance, taking into consideration delivery, architecture, and change management requirements
• Establish the regular meeting cadence required to effectively manage and govern project delivery

Security Program Delivery

• Lead end-to-end delivery of cybersecurity projects including security remediation initiatives, endpoint protection rollouts, identity and access management (IAM/PAM) programs, zero-trust architecture initiatives, vulnerability management programs, and regulatory compliance remediation efforts.
• Coordinate with the Security Operations Center (SOC), GRC team, and legal/privacy counsel to align project scope with active threat intelligence, audit findings, and regulatory timelines, ensuring security projects are sequenced and prioritized against current risk exposure.
• Manage security tool and service procurement in partnership with vendors, procurement, and finance, including evaluation of MSSPs, pen testing firms, and security software providers; oversee contract execution and ensure deliverables meet agreed security and compliance standards.
• Own the security project risk register, tracking identified vulnerabilities, control gaps, and remediation owners; escalate unresolved risks to the CISO, IT leadership, or steering committee as appropriate and ensure audit evidence is collected and maintained throughout the project lifecycle.
• Maintain a working understanding of the organization's threat landscape, vulnerability backlog, and security control maturity to inform project sequencing, prioritization, and business case development in alignment with the broader cybersecurity strategy.

Program/Project Management Community

• Actively participate in a program/project management community to share good practice and lessons learnt from a global and regional perspective as well as to hone skills and master core capabilities.
• Provide input and support to establish good practice project guidelines and a clear project framework to be adhered to by all programs and projects; continuously update with good practices.

People Management

• Lead, motivate, develop, and appraise team members so that their individual and collective performance is of the required standard and meets the current and future needs of the business.

Technical Competencies

• Risk management - Carry out risk management activities. Identify and assess risks and vulnerabilities, develop mitigation strategies and reports into the business while involving specialists and domain experts as necessary.
• Project management - Define, document and execute small to medium-scale projects using appropriate project management methods and tools. Provide effective leadership to the project team to ensure project deliverables are completed within agreed cost, timescale and resource budgets.
• Portfolio, Program and project support - Support program or project control boards, project assurance teams and quality review meetings. Use and recommend project control solutions for planning, scheduling and tracking projects and provides basic guidance on project proposals.
• Requirements definition and management - Define and manage scoping, requirements definition and prioritization activities for initiatives of medium size and complexity by facilitating input from stakeholders, providing constructive challenge and enabling effective prioritization.
• Benefits management - Identify specific metrics and mechanisms to measure benefits and monitoring them against the business case.
• Collect and use feedback from customers and stakeholders to help measure effectiveness of stakeholder management. Develop and enhance customer and stakeholder relationships.
• Cybersecurity domain knowledge - Demonstrate working knowledge of core security domains including identity and access management, endpoint security, network security, cloud security, application security, and data protection. Apply this knowledge to assess project scope, understand technical dependencies, and challenge delivery teams on security control adequacy.
• GRC and compliance management - Navigate governance, risk, and compliance (GRC) frameworks relevant to project scope. Translate regulatory requirements and audit findings into actionable project scope, track remediation progress, and produce evidence packages for internal and external auditors.
• Security vendor and MSSP management - Evaluate and manage security tool vendors, managed security service providers (MSSPs), and specialist consultancies (e.g., pen testing firms, forensic responders). Assess statements of work, validate security credentials and certifications, track SLA and KPI performance, and escalate issues to ensure contractual and security obligations are met throughout the engagement.

Other Competencies (Behavioral, Leadership)

• Strategic mindset - Seeing ahead to future possibilities and translating them into breakthrough strategies.
• Cultivates innovation - Creating new and better ways for the organization to be successful.
• Drives results - Consistently achieving results, even under tough circumstances.
• Decision quality - Making good and timely decisions that keep the organization moving forward.
• Balances stakeholders - Anticipating and balancing the needs of multiple stakeholders.
• Drives engagement - Creating a climate where people are motivated to do their best to help the organization achieve its objectives.
• Collaborates - Building partnerships and working collaboratively with others to meet shared objectives.

MINIMUM QUALIFICATIONS

Education

• Bachelor's degree or higher in IT, Computer Science or Business Management (or equivalent and related experience preferred).
• Project Management qualifications: PMP Required; Security-related certifications are strongly preferred, including Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), CompTIA Security+, or equivalent. Familiarity with security frameworks such as NIST CSF, ISO 27001, or SOC 2 is a significant advantage.

Experience

• Minimum 3-5 years of working experience as a Project Manager in the IT sector.
• Proven track record of successfully driving and delivering end-to-end large complex scaled IT solutions/ projects or system implementations projects.
• Solid technical background, with understanding or hands-on experience in cybersecurity operations, security architecture, or GRC functions, including familiarity with security tooling (SIEM, EDR, IAM, vulnerability scanners, firewalls) and common attack vectors and mitigation strategies.
• Experience of negotiation and working with project and process management.
• Experience in stakeholder management.
• Experience working with Microsoft Office suite (Project, Word, Excel) and familiarity with security project and GRC tooling such as ServiceNow Security Operations, Jira, vulnerability management platforms (e.g., Qualys, Tenable, Rapid7), and GRC tools (e.g., Archer, OneTrust, or equivalent).