Skills

Leadership Penetration Testing Risk Management Cloud Security Microsoft 365 Monitoring Change Management Training Risk Identification Azure AWS Marketing Cost Management GCP

Job Specifications

JOB TITLE Technology Security Manager

DEPARTMENT: Technology

LOCATION: Stamford Bridge (London) with occasional travel to Cobham (Surrey).

CONTRACT: Permanent.

JOB FUNCTION: This position is responsible for leading the strategic and operational direction of Chelsea FC’s Information and Cyber Security, reporting into to the Director of Technology.

This role is both strategic and operational: it defines the security vision, embeds governance, and drives risk reduction across the Club’s football and commercial operations, while also providing leadership in day-to-day cyber defence.

The postholder will influence senior leadership, ensure compliance with key regulations, and work with internal teams and external partners to build a resilient, future-ready security posture that enables innovation on and off the pitch.

Closing date: 13th November

We encourage you to apply as soon as possible. In the event that we receive a large number of applications, the position may be filled before the listed closing date. To avoid missing out, please submit your application at your earliest convenience.

MAIN RESPONSIBILITIES:

1. Strategic Leadership and Governance:

Define and evolve Chelsea FC’s cybersecurity strategy aligned with Club objectives and industry best practice.
Lead the development and enforcement of information security policies, standards, and frameworks.
Drive the Information Security Risk Management programme, reporting on key risks, mitigation, and maturity progress.
Provide strategic security insights to the Information Security Steering Committee, Director of Technology, COO, CDO, CFO, CEO, etc. - as required.
Act as subject matter expert and advisor to executives and other business stakeholders on cyber risk, emerging threats, and technology opportunities.

2. Risk and Compliance

Ensure compliance with all applicable standards and regulations, including PCI DSS, GDPR, and Premier League cybersecurity requirements.
Oversee periodic independent security maturity assessments and ensure remediation plans are executed.
Maintain the risk register in collaboration with IT, Risk & Compliance, and business stakeholders.
Embed security considerations into procurement, contract negotiations, and third-party vendor management.

3. Security Operations

Provide senior oversight for security operations, ensuring effective monitoring, detection, and response.
Govern the SOC provider, ensuring SLAs and threat detection capabilities meet the Club’s requirements.
Lead response to significant security incidents, engaging with senior leadership, regulators, law enforcement, and insurers.
Ensure a robust vulnerability management and penetration testing programme is in place and actioned.
Oversee endpoint, email, and identity security across the Club’s workforce and infrastructure.

4. Secure Technology and Development

Champion secure design and “security by default” across infrastructure and applications.
Oversee identity and access management, including MFA, privileged access, and zero trust principles.
Lead the adoption of SSDLC/DevSecOps practices across the Club’s development workflows.
Partner with Infrastructure and Cloud teams to ensure Azure, GCP, Microsoft 365 and AWS environments are governed and secure.

5. Culture, Awareness and Training

Develop and deliver the Club’s security awareness programme, including phishing simulations, campaigns, and training.
Provide security briefings and horizon-scanning reports for senior leaders.
Ensure new employees receive induction training in information security.
Promote a culture of shared responsibility for security across all functions.

6. Programme and Change Leadership

Act as security lead on major transformation projects (e.g., CCTV infrastructure upgrade, authentication improvements, data warehouse programmes).
Embed security into the Technology change management process, ensuring early engagement and risk identification.
Evaluate and approve new third-party tools and SaaS platforms from a security perspective.

KEY RELATIONSHIPS:

Internal: Director of Technology, Risk & Compliance, Legal, HR, Technology Infrastructure, Service Desk, Facilities, Football Operations, Marketing & Commercial teams, Physical Security, Matchday Safety, etc.

External: SOC, Microsoft, Security Vendors, cyber insurers, regulators, and law enforcement (NCSC, Action Fraud), Payment Service Providers, Credit Card Schemes, Cyber Insurer, Premier League

MEASURES OF PERFORMANCE:

Effective management of IT security risks and incidents.
Compliance with organisational and regulatory standards.
Reporting on security.
Operational efficiency and cost management in line with budgetary goals.
Successful alignment of security strategy with organisational outcomes.

EXPERIENCE/REQUIREMENTS:

Essential:

Significant experience in an information security leadership role (e.g. Security Manager) within a complex, high-profile organisation.
Strong knowledge of: Cloud security (Azure, GCP, Microsof

About the Company

Chelsea Football Club, with over a century of rich sporting heritage, has paved the way for a superior collection of hospitality, events and leisure facilities all at one venue. Boasting 25 function rooms and 60 syndicate rooms, alongside two hotels, a sports bar and grill, a music venue, the Chelsea FC Museum, megastore, ticket office and a luxury health club and spa all found at London's most complete venue, Stamford Bridge. Know more