Head of Security Engineering and Cyber
£180,000 - £220,000 per annum + benefits
Reporting directly to the CISO & Head of Technology Operations, the Head of Security Engineering and Cyber Strategy is a critical leadership role, both within TOCS and Enterprise wide, responsible for overseeing and enacting the businesses Cyber security fundamentals and future landscape under our Cyber Security Strategy.
Responsible in shaping the strategic direction and acting on the implementation of the business Cyber Security strategy in line with the businesses risk appetite statement. Responsibilities include;
- Protecting the business estate through the leadership and direction of the businesses IT Security and future focussed Cyber security strategies.
- Designing,Leading and executing the security strategy and wholesale improvements through the companies project's recommendations & investment.
- Assuring environments are compliant with cybersecurity regulations, standards and best practices and maintaining the strategic plan for the implementation and ongoing refresh of security technologies and processes.
- Ensuring company assets and customer service are protected through a forward looking security and resilience vision and underpinning strategy.
- Maintaining effective external awareness and providing the business representation into strategic industry developments across Security and Resilience.
- Lead and grow a talented team of c75-150 cybersecurity professionals, fostering a culture of continuous improvement and innovation.
- Formulate and set the strategic direction for the function in accordance with our business and IT strategies. Specifically, lead and execute against the project's Investment plans (£25-£40m over 3 years)
- Responsible for designing, assessing and reporting on information security controls in line with the business Risk Taxonomy and industry best practices i.e. NIST CSF, ISO27001, Cloud Security Framework.
- Building Security Capability including a skills and capability development plan and associated resourcing campaigns.
- Creating an organisational learning environment that identifies, develops, implements and maintains processes to reduce information and technology risks
- Design and implement a robust threat-led approach to identification and mitigation of priority cyber security threats across the IT estate.
- Translate the business strategic intents and investment plans and align all security and resilience plans and programmes.
- Plan and control an operating budget of (c£20M) ensuring value for money aligned to strategic objectives.
- Accountable for input into governance reporting to internal governance committees, as well as regulatory bodies (PRA and FCA) as appropriate.
- Regular interaction with FCA, PRA, ICO required and represent the business externally on relevant Security forums across the Industry.
- Keep Board and Executive leadership fully informed on all relevant matters pertaining to the function and wider industry trends.
- Maintain a clear view on the regulatory landscape and emerging areas of concern.
- Design/implementation security services to ensure a safe environment where the business can operate and grow its business.
- Through deep understanding of vulnerability management and associated monitoring solutions and practice, formulate the security architecture which aligns to strategic outcomes.
- Development of (and ensure compliance with) security policies, standards and procedures
- Work in partnership with 2LOD and 3LOD to strengthen risk management across the business and work with the business units to raise awareness of risk management concerns, facilitate enterprise risk assessment and assurance and risk management processes.