Head of Security

The Head of Cyber Security plays a pivotal role in ensuring the overall security of TalkTalk. You will support the business by defining a clear security strategy, defining key security objectives aligned to the TalkTalk goals.
Working cross-functionally, you will establish and maintain the security governance framework, ensuring all key stakeholders across the Executive Leadership Team have visibility of the business security posture and security roadmap.
You will leverage key partner/supplier relationships to define performance measures required by the business across all security services, covering areas such as security risk management, operations, and penetration testing.
With responsibility for the implementation of the cyber security roadmap, you will ensure security services are cost-optimised and offer value to the business.
You will support the business to maintain compliance with relevant legislative requirements such as the Telecommunications Security Act, Investigatory Powers Act; along with broader compliance programmes such as ISO27001.

You will be responsible for:

1. Developing a clear security strategy for TalkTalk and having a multi-year plan in place to deliver the strategy.
2. Leading security governance committees including those at Exco and Board level to ensure that cyber security is appropriately governed and managed.
3. Managing the overall budget for security and ensuring security services are cost-optimised and deliver value to the business.
4. Ensuring that TalkTalk achieves compliance with various security regulatory standards such as PCI, ISO:27001, Cyber Essentials, and the Telecoms Security Act.
5. Preparing security updates and reports for Sr. Management, ELT, and the Board.
6. Delivering regular security risk reporting to various security governance committees, including the Security Committee.
7. Delivering Security Standards that support our Security Policies and Business needs.
8. Ensuring trusted 3rd party security suppliers are performing within SLA and being a point of escalation.
9. Managing the relationship with the regulator, suppliers, and industry partners in relation to cyber security.
10. Additional Experience:
11. Senior leadership experience in information security and risk management.
12. Experience managing suppliers & establishing performance management criteria.
13. Experience with ISO27001, PCI, and other security compliance standards and working with auditors.
14. Proven expertise in security governance and risk management methodologies including leveraging best practice security frameworks such as the CIS Top 20 or NIST Cyber Security Framework.
15. Experience in leading security risk management meetings, delegating responsibilities, and influencing people to take action to assist in the resolution of security risks.
16. Solid understanding and applicable knowledge of technical security concepts across different security domains.
17. Strong understanding of UK legislation such as IP Act 2017, Telecoms Security Act, and Communications Act.
18. Excellent Senior Stakeholder management skills.
19. Bachelor's Degree in Computer Science or relevant experience.
20. CISSP and/or CISM certified preferred.

As a recognised Top 50 Inclusive Employer in the UK, we know that diversity means success and innovation. We want our workplace to reflect the communities and customers we serve. Being inclusive is part of our DNA; we are all 100% human, and we create a culture where you can truly be yourself.

We’re also not your usual 9-5. We are a dynamic workplace and we want to talk to you about how you like to work.