Title: Director of Cyber Security
Reference No: 2148
Company: Infrastructure Providers
Location: Newcastle, Edinburgh or Maidenhead (with travel as required)
Reports to Chief Digital Officer
Work pattern Hybrid – 3 days office based
Salary: Generous
The Role
About us:
One of the UK’s leading edge infrastructure providers. Regional businesses and service providers use this cutting-edge infrastructure platform to build, connect and deploy the applications they need to innovate and grow. The platform is underpinned by a network of 14 strategically located edge data centres, interconnected through a low latency network fabric delivering access to cloud, connectivity, and compute services across the UK. Over 300 people across our data centres and three core corporate office locations in Edinburgh, Gateshead and Maidenhead have a strong heritage in helping around 1000 clients to achieve their digital ambitions.
Job Purpose:
As a provider of digital infrastructure, the threat of a cyber-attack on our own systems or on the services we provide to our clients is an ever-evolving risk. The Director of Cyber Security is the most senior role responsible for Cyber security. You will be accountable for protecting both our business and the services we provide to our clients from security threats and vulnerabilities. Responsible for driving, evolving and ensuring adherence to our Cyber Security strategy and management of the total security threat landscape. This includes responsibility for effective cyber security management and driving relevant improvement programmes, ensuring these are clearly understood and met company wide.
This role is a pivotal role, providing the opportunity to shape, direct and lead the existing team and external partners and providing leadership across the organisation to stay ahead of managing security threats and vulnerabilities. It is about protecting against cyber risks, managing the security of our systems and data to ensure that we continue to operate in a secure way while achieving our growth ambitions.
This role must provide visible leadership engaging internally and externally to anticipate changes to the threat landscape and to ensure that our approach to cyber security is well understood and governed.
Key Responsibilities:
• Lead on the development and execution of the Cyber Security strategy. Ensuring we have strong industry communication channels and knowledge to remain ahead of the changing landscape and progressive threats, to minimise risk to the organisation and its clients
• Develop and lead the small inhouse Cyber Security team, working closely with third parties to drive delivery on strategic and operational priorities
• Engage with our leaders and specialists to ensure that products and services are developed and run in line with Cyber Security best practice
• Working in partnership with the Risk and Assurance team and Corporate IT using a framework for regular detailed Information Security & Cyber risk assessments and owning the planning & implementation of actions necessary to minimise threats and vulnerabilities
• Horizon scanning and providing thought leadership on the latest IT Security innovations and keeping abreast of latest cyber security technologies, risks and industry best practice to mitigate or manage these giving the organisation a voice in the industry in relation to this
• Leading and overseeing the security relationships with key suppliers and partners in relation to the security services delivered
• Establishing and ensuring adherence, across the whole business, to our standard methods and approach to ensure our infrastructure, systems and services comply with the relevant, current security standards and protocols
• Working with the Risk & Assurance team, support the requirement for compliance to both partner and external security accreditations, e.g. CE+ and ISO27001
• Present and lead on key insight for all areas of the business. Educate and evangelise with regards to appropriate security measures in all aspects of our business
• Mentoring, coaching, management support and development including annual reviews, evaluations and reporting of individual performance targets for team members
• Work closely with the product and pre-sales teams to outline our security position and standards for new clients and/or large complex bid requirements, undertaking client presentations and engagements as necessary
• Engaging with shareholders and insurers to outline the Information and Cyber Security policies, procedures, metrics and future improvement roadmaps.
Candidate profile:
The Director of Cyber Security is a visible presence both inside and outside the organisation. With relevant technical and Information Security related academic qualifications and professional development, coupled with extensive leadership experience they are not only a subject matter expert, but also confident to deploy their expertise to support both internally and with all external stakeholders, including our Board, external stakeholders such as Insurers and clients.
• Substantial experience leading, developing and motivating internal team members, to include those in experienced roles and those in early career roles
• Extensive experience of working with senior stakeholders both internal and external
• Extensive experience of working with external parties delivering cyber services into the organisation i.e. SOC, SIEM, Vulnerability, Incident Management
• Experience of providing thought leadership content for publication
• Forward thinking and abreast of emerging IS & Cyber Security risks and the changing threat landscape facing UK companies
• Extensive experience at enterprise level of implementing an effective security strategy
• Confident senior leader with the skills to empower and inspire teams and Cyber Security practitioners and having gained a trusted position within the company and with its clients
• Extensive experience of influencing stakeholders at a senior level within complex infrastructure and systems environments with some customer facing responsibilities
• Recognised as a Cyber Security expert, experienced in working in a commercial environment and able to represent company security credentials clearly and effectively
• Experience of defining and driving improvements and Key Performance Indicators related to Information and Cyber Security
• Extensive experience of working with the NIST Cyber Security Framework (NCSF), and other associated Information and Cyber Security standards
• Experience of budget planning, ownership and cost control management
• Experience of driving culture change in a multi-site organisation
• A person with first class relationship management and influencing skills, who is enthusiastic, driven and committed to problem solving and driving solutions, with a confident and friendly approach
• A high degree of commercial acumen, resilient, logical thinker and passionate about IT and the security surrounding it
• Detailed knowledge of security standards including Cyber Essentials, PAS 555, ISO/IEC 27032 ISO/IEC 27001, PCI-DSS and NIST CSF
• With a Technical/Information Security Degree or equivalent experience, plus at least two of the following:
o Certified Ethical Hacker (CEH)
o CompTIA Security+
o Certified Information System Security Professional (CISSP)
o Certified Information Security Manager (CISM)
o Certified Information Systems Auditor (CISA)
o NIST Cybersecurity Framework (NCSF)
o Computer Hacking Forensic Investigator (CHFI)