Head of Cyber Security

Our client is seeking an experienced, hands-on and visionary Head of Cyber Security to drive the strategic development, implementation, and continuous improvement of their security programs.

This role requires a proactive leader who can safeguard the organisation against evolving cyber threats while fostering a strong culture of security and compliance across all departments. The successful candidate will play a pivotal role in securing digital assets, ensuring regulatory compliance, and driving enterprise-wide security initiatives.

This role offers the potential to evolve into a Chief Information Security Officer (CISO) position based on your experience and performance.

Key Responsibilities

1. Develop and execute the company's cyber security strategy, ensuring alignment with business goals, regulatory requirements, and industry best practices.
2. Establish, maintain, and enforce cybersecurity governance frameworks, policies, and procedures to protect the organisation's assets and ensure compliance with global security standards.
3. Lead risk management efforts, including risk assessments, business impact analyses, and mitigation planning.
4. Provide strategic security guidance to the C-suite, ensuring security priorities align with business objectives.
5. Lead annual audit programmes from external entities validating the organisations credentials. Experience in PCI DSS V4 +, SWIFT CSCF & ISO 27001:x is preferred.
6. Oversee the investigation, analysis, and documentation of security incidents and breaches, ensuring swift and effective resolution.
7. Ensure well-defined incident response protocols are in place.
8. Develop and test business continuity and disaster recovery plans to minimise business disruption in the event of a cyberattack.
9. Drive threat intelligence programs, proactively identifying and mitigating emerging risks.
10. Manage external teams of security penetration testers working on monthly cycles to test and improve security implementations.
11. Design, implement, and manage robust security measures across networks, endpoints, cloud platforms, and IT infrastructure to safeguard systems and data.
12. Oversee the deployment and management of firewalls, intrusion detection systems (IDS), endpoint security solutions, and zero-trust architectures.
13. Collaborate with IT and DevOps teams to embed security into cloud environments (AWS, Azure, Google Cloud) and application development lifecycles.
14. Implantation and management of SOC and EDR functions.
15. Conduct regular vulnerability assessments, penetration testing, and red-team exercises, working closely with external partners to continuously test and improve security defences.
16. Develop a comprehensive risk register, prioritising risks based on business impact and likelihood of exploitation.
17. Implement continuous monitoring and advanced threat detection tools to proactively identify security threats and vulnerabilities.
18. Develop and deliver security training programs for employees, promoting a company-wide culture of cyber awareness.
19. Conduct phishing simulations, cybersecurity drills, and awareness campaigns to improve security posture across the organisation.
20. Engage with business units to ensure secure development practices and adherence to security policies.
21. Act as the primary security advisor for internal teams, ensuring seamless collaboration with IT, engineering, compliance, legal, and operations.
22. Assess and manage third-party security risks, ensuring vendors and partners comply with security requirements.
23. Provide clear, actionable security reports and recommendations to senior leadership, translating technical risks into business terms.

Key Skills & Experience

1. Proven track record of leadership in cybersecurity, with at least 5+ years of experience in senior security roles.
2. Experience leading cybersecurity programs, teams, and enterprise-wide security initiatives.
3. Ability to influence C-suite executives on cybersecurity priorities and risk management.
4. Deep understanding of security architectures, network security, cloud security, and endpoint protection.
5. Hands-on expertise in firewalls, IDS/IPS, SIEM solutions, IAM (Identity and Access Management), and zero-trust frameworks.
6. Strong knowledge of secure software development practices (DevSecOps) and modern application security methodologies.
7. Experience with forensic analysis, malware analysis, and threat hunting.
8. Strong familiarity with financial, e-commerce, and payment security regulations, including PCI DSS and ISO 27001.
9. Experience working within highly regulated industries, ensuring compliance with GDPR, NIST, and SOC 2.
10. In-depth understanding of cyber threat intelligence, MITRE ATT&CK framework, and cyber kill chain methodologies.
11. Exceptional ability to communicate technical security concepts to non-technical stakeholders.