Head of Security

The Head of Cyber Security plays a pivotal role in ensuring the overall security of TalkTalk. You will support the business by defining a clear security strategy, defining key security objectives aligned to the TalkTalk Business goals.
Working cross-functionally, you will establish and maintain the security governance framework, ensuring all key stakeholders across the Executive Leadership Team have visibility of the business security posture and security roadmap.
You will leverage key partner/supplier relationships to define performance measures required by the business across all security services, covering areas such as security risk management, operations, and penetration testing.
With responsibility for the implementation of the cyber security roadmap, you will ensure security services are cost-optimised and offer value to the business.
You will support the business to maintain compliance with relevant legislative requirements such as Telecommunications Security Act and Investigatory Powers Act; along with broader compliance programmes such as ISO27001.

Responsibilities

You will be responsible for:

1. Developing a clear security strategy for TalkTalk and having a multi-year plan in place to deliver the strategy.
2. Leading security governance committees including ones at Exco and Board level to ensure that cyber security is appropriately governed and managed.
3. Managing the overall budget for security and ensuring security services are cost-optimised and deliver value to the business.
4. Ensuring that TalkTalk achieves compliance with various security regulatory standards such as PCI, ISO:27001, Cyber Essentials, and the Telecoms Security Act.
5. Preparing security updates and reports for Sr. Management, ELT, and the Board.
6. Delivering regular security risk reporting to various security governance committees, including the Security Committee.
7. Delivering Security Standards that support our Security Policies and Business needs.
8. Ensuring trusted 3rd party security suppliers are performing within SLA and being a point of escalation.
9. Managing the relationship with the regulator, suppliers, and industry partners in relation to cyber security.

Preferred Experience

Be great to also have the following experience:

1. Senior leadership experience in information security and risk management.
2. Experience with ISO27001, PCI, and other security compliance standards and working with auditors.
3. Proven expertise in security governance and risk management methodologies including leveraging best practice security frameworks such as the CIS Top 20 or NIST Cyber Security Framework.
4. Experience in leading security risk management meetings, delegating responsibilities, and influencing people to take action to assist in the resolution of security risks.
5. Solid understanding and applicable knowledge of technical security concepts across different security domains.
6. Strong understanding of UK legislation such as IP Act 2017, Telecoms Security Act, and Communications Act.
7. Bachelor's Degree in Computer Science or relevant experience.
8. CISSP and/or CISM certified preferred.

As a recognised Top 50 Inclusive Employer in the UK, we know that diversity means success and innovation. We want our workplace to reflect the communities and customers we serve. Being inclusive is part of our DNA; we are all 100% human, and we create a culture where you can truly be yourself.

We’re also not your usual 9-5. We are a dynamic workplace and we want to talk to you about how you like to work.

About Us

We’re on a mission to bring simple, affordable, reliable, and fair connectivity to everyone. We believe every customer matters, so we’ve been challenging the status quo from the word go to change things for the better.

We’ve created a working environment where you can be yourself and give your all whether that be from your front room or the boardroom. You’ll be called on to out-think the competition and work closely with your colleagues to come up with new ideas and deliver great results for our customers.

It won’t always be easy, but it’s always exciting. There are great opportunities for you, and our business, if you’re ready to stand for something.