Head of Information Security

You'll oversee governance, architecture, operations, and incident response, while working closely with senior leadership to safeguard critical systems, data, and digital services. Acting as a trusted advisor, you'll translate complex cyber risks into clear business insight and drive a secure-by-design culture across the organisation.This is an exceptional opportunity for an experienced information security leader to make a significant impact within a forward-thinking and highly regulated environment., * Define, develop, and drive a global information security strategy aligned to organisational priorities and risk appetite.

• Lead multidisciplinary teams spanning governance, risk, compliance, architecture, operations, and incident response.
• Embed recognised frameworks such as ISO 27001, NIST CSF, NIS2, and DORA into policies, processes, and technology platforms.
• Oversee security operations, including monitoring, threat detection, incident response, and vulnerability management.
• Conduct and support risk assessments, ensuring robust controls are implemented and maintained.
• Partner with Technology, Risk, Compliance, Legal, and wider operational teams to identify, manage, and mitigate cyber risks.
• Ensure secure-by-design principles are incorporated into technology architecture, transformation programmes, and business change.
• Support business continuity and disaster recovery planning by integrating cybersecurity into resilience frameworks.
• Act as the organisation's senior representative on information security matters, advising board-level stakeholders when required.
• Lead engagement with external partners, networks, auditors, and regulatory bodies.

• Proven senior security leadership experience in cybersecurity or information security within a complex, multi-site, or multinational organisation.
• Extensive experience developing enterprise-wide security strategies aligned to frameworks such as ISO 27001, NIST CSF, CIS Controls, or DORA.
• Strong understanding of cloud and hybrid security environments, including Microsoft 365 and Azure.
• Strong operational expertise across EDR/XDR, SIEM (eg, Microsoft Sentinel, Splunk), identity protection, and vulnerability management.
• Experience with security audits, compliance programmes, and regulated industry requirements.
• Excellent communication and influencing skills, with confidence engaging senior executives and leadership teams.
• Strategic mindset with the ability to balance commercial priorities, operational demands, and cyber risk.

• £68,000 - £80,000 per annum (depending on experience)
• Discretionary performance-based bonus scheme, circa 10-15%
• Joint contributory pension scheme 8% - potential to be reviewed in coming months
• 33 days leave including bank holidays
• Buy and sell holiday scheme
• Hybrid working (3 days onsite)
• Career development opportunities with access to accredited training and qualifications