Head of Cyber and Information Security

Head of Cyber and Information Security

This position will be a hybrid role based out of London.

Description

Purpose of Role:

The Head of Cyber & Information Security forms part of the senior leadership team within the Security function reporting directly to the Chief Security Officer (CSO)

You will act as a trusted advisor to the CSO and C-Suite stakeholders across the UK and work with them to ensure the business is secure and compliant with the policies, standards and regulations set out in the Security Operating Model

This is a highly operational and highly visible leadership role, as you will take overall charge of the UK's Cyber Defence and Security Operations teams. You will also have overall responsibility for Security Governance, Risk & Compliance and lead the Business Continuity and Crisis Management teams, working across the whole of the business to ensure we are resilient and prepared should business interruption occur.

Team Description:

We work in a heavily regulated environment and must secure one of the most visited websites in the UK, a very large retail channel and numerous back-office systems spread across both on premise datacenters and the Cloud.

The Security function is comprised of 3 Team Groups

Enterprise Security

• Security Architecture
• Security Design Engineering
• Security Consultancy
• Security Testing

Cyber & Information Security

• Governance, Risk & Compliance
• Cyber Defence
• Security Operations

Protective Security

• Physical Security
• Investigations
• Intelligence

The Cyber & Information Security team form a key pillar in our security operating model - you will be responsible for leading the activities of the Cyber and Information security team, and you will be expected to get deeply involved in ensuring our key suppliers operate to the same high security standards we demand of ourselves.

Key Accountabilities or Duties:

• Manage, develop & Lead the Cyber & Information Security teams
• Be a member of the Security SLT
• Identify, measure, control and report on security risks within information systems
• Accountable for the creation and upkeep of our documented security standards, policies, processes
• Manage the budget of the Cyber & Information Security Cost Centre
• Co-create the security strategy
• Manage operational teams that protect, defend and respond to threats
• Anticipate, influence and assist the organization to assess and rapidly adjust to changing threat conditions and trends both internally and externally
• Establish and maintain relationships with industry peers, other Group operating companies and external security organisations, working with Specialist consultants where appropriate
• Implement KPIs and metrics to measure our security performance and assess and track our exposure to risk
• Accountable for continuous improvement / maturity of our Cyber Defence team and ensuring our capabilities are operating at optimal levels to both identify threats and maintain effectiveness of the SOC
• Overall Accountability for overall leadership of the 24/7 SOC and the efficient response to Cyber attacks.
• Overall Accountability for Business Continuity and Crisis Management the UK
• Overall Accountability for ensuring we maintain or achieve certification to ISO22301/2700/27701/27002/PCI DSS/ WLA SCS2020 / NCSC CAF
• As part of the senior nature of this role, you'll be required to be available outside of normal office hours

Skills & Experience:

The successful individual will be one of the most important Information Security professional across the global organisation and will advise the most senior of our employees on Security Operations. As well as having the experience and influence to operate in this manner, you will have:

• At least five years' experience gained in a technically focussed security role
• Demonstrable experience of successful delivery in a technically focussed role
• Ability to articulate complex technical or sensitive issues to a wide audience is essential
• Experience of managing internet threats and risk mitigation
• Strong understanding of external and internal threat landscapes
• Broad experience of a wide range of security technologies and products
• Understanding of information security governance principles
• Ability to demonstrate an understanding of common security management principles (eg PCI-DSS)
• Bring the skills, experience and ability to adapt to be able to deliver any desired solution potentially using a wide variety of technologies that will help reduce security related risks
• Excellent communication skills
• Excellent judgement
• Line management experience
• Experienced in deploying security technology in a cloud environment.
• Cyber security incident management experience

Desirable:

• Experience of working with AWS and Azure
• Working in a regulated environment