Head of IT Security
Role details
Job location
Tech stack
Job description
We are looking for a senior IT security leader to define, implement and assure our information and cyber security posture across the firm. This is a new leadership role with broad responsibility for security strategy, standards, controls and services, operating at a level aligned to CISO capability.
You will lead a proactive, risk-based approach to security, ensuring it is embedded into technology design, delivery and operations. Working closely with Governance & Risk, Architecture & Data, Platforms and Operations, you will help protect the firm against evolving threats while enabling secure innovation and service delivery., * Defining and implementing security strategy, standards and controls aligned to ISO27001, Cyber Essentials Plus and the firm's wider data, AI and innovation strategies.
- Overseeing security operations, monitoring, detection and response across areas such as SOC, SIEM, XDR, vulnerability management and incident response.
- Embedding security by design into projects, change and solution architecture, including identity, endpoint, cloud, network, email and secure remote access controls.
- Working with Governance & Risk to maintain and improve the ISMS, support audits and ensure regulatory and client expectations are met.
- Providing clear reporting on security posture, risks, incidents and improvement plans to technical and non-technical stakeholders.
- Promoting a strong security culture through awareness, training and practical guidance on secure behaviours.
Requirements
We are looking for someone who combines senior security expertise with pragmatic leadership and strong stakeholder engagement. You will bring:
- Senior IT security leadership experience, ideally with exposure to CISO-level responsibilities.
- Strong knowledge of security operations, identity and access management, cloud and network security, endpoint protection, email security and modern models such as Zero Trust / ZTNA.
- Experience working with ISO27001, Cyber Essentials Plus and recognised security frameworks such as CIS Controls or NIST.
- The ability to translate risk and compliance requirements into practical controls, services and improvement plans.
- Experience managing teams, vendors and managed security services, ideally in a SaaS-focused professional services environment.
- Clear communication skills, with the confidence to explain complex security topics to senior stakeholders, technical teams and external parties.
- A pragmatic, outcome-focused and forward-looking approach, with the resilience to work effectively under pressure.