Overview:

We are seeking an experienced, hands-on and visionary Head of Cyber Security to drive the strategic development, implementation, and continuous improvement of our security programs across our infrastructure, endpoints, cloud environments, and online platforms. This role requires a proactive leader who can safeguard the organisation against evolving cyber threats while fostering a strong culture of security and compliance across all departments. The successful candidate will play a pivotal role in securing digital assets, ensuring regulatory compliance, and driving enterprise-wide security initiatives. This role offers the potential to evolve into a Chief Information Security Officer (CISO) position based on your experience and performance.

Key Responsibilities:

Strategic Leadership & Governance:

• Develop and execute the company’s cyber security strategy, ensuring alignment with business goals, regulatory requirements, and industry best practices.
• Establish, maintain, and enforce cybersecurity governance frameworks, policies, and procedures to protect the organisation’s assets and ensure compliance with global security standards.
• Lead risk management efforts, including risk assessments, business impact analyses, and mitigation planning.
• Provide strategic security guidance to the C-suite, ensuring security priorities align with business objectives.
• Lead annual audit programmes from external entities validating the organisations credentials. Experience in PCI DSS V4 +, SWIFT CSCF & ISO 27001:x is preferred

Threat Management, Incident Response & Security Testing:

• Oversee the investigation, analysis, and documentation of security incidents and breaches, ensuring swift and effective resolution.
• Ensure well-defined incident response protocols are in place.
• Develop and test business continuity and disaster recovery plans to minimise business disruption in the event of a cyberattack.
• Drive threat intelligence programs, proactively identifying and mitigating emerging risks.
• Manage external teams of security penetration testers working on monthly cycles so test and improve security implementations

Infrastructure & Cloud Security:

• Design, implement, and manage robust security measures across networks, endpoints, cloud platforms, and IT infrastructure to safeguard systems and data.
• Oversee the deployment and management of firewalls, intrusion detection systems (IDS), endpoint security solutions, and zero-trust architectures.
• Collaborate with IT and DevOps teams to embed security into cloud environments (AWS, Azure, Google Cloud) and application development lifecycles.
• Implantation and management of SOC and EDR functions.

Vulnerability & Risk Management:

• Conduct regular vulnerability assessments, penetration testing, and red-team exercises, working closely with external partners to continuously test and improve security defences.
• Develop a comprehensive risk register, prioritising risks based on business impact and likelihood of exploitation.
• Implement continuous monitoring and advanced threat detection tools to proactively identify security threats and vulnerabilities.

Security Awareness & Culture:

• Develop and deliver security training programs for employees, promoting a company-wide culture of cyber awareness.
• Conduct phishing simulations, cybersecurity drills, and awareness campaigns to improve security posture across the organisation.
• Engage with business units to ensure secure development practices and adherence to security policies.

Stakeholder Collaboration & Vendor Management:

• Act as the primary security advisor for internal teams, ensuring seamless collaboration with IT, engineering, compliance, legal, and operations.
• Assess and manage third-party security risks, ensuring vendors and partners comply with security requirements.
• Provide clear, actionable security reports and recommendations to senior leadership, translating technical risks into business terms.

Leadership & Strategic Vision:

• Proven track record of leadership in cybersecurity, with at least 5+ years of experience in senior security roles.
• Experience leading cybersecurity programs, teams, and enterprise-wide security initiatives.
• Ability to influence C-suite executives on cybersecurity priorities and risk management.

Technical Expertise:

• Deep understanding of security architectures, network security, cloud security, and endpoint protection.
• Hands-on expertise in firewalls, IDS/IPS, SIEM solutions, IAM (Identity and Access Management), and zero-trust frameworks.
• Strong knowledge of secure software development practices (DevSecOps) and modern application security methodologies.
• Experience with forensic analysis, malware analysis, and threat hunting.

Industry Knowledge & Compliance:

• Strong familiarity with financial, e-commerce, and payment security regulations, including PCI DSS and ISO 27001.
• Experience working within highly regulated industries, ensuring compliance with GDPR, NIST, and SOC 2.
• In-depth understanding of cyber threat intelligence, MITRE ATT&CK framework, and cyber kill chain methodologies.

Communication & Problem-Solving:

• Exceptional ability to communicate technical security concepts to non-technical stakeholders.
• Strong analytical skills and the ability to make sound decisions under pressure.
• Ability to prioritise tasks effectively in fast-paced environments, managing multiple projects simultaneously.