Information Security Solutions Ltd

Information Security Solutions Ltd - Latest Vacancieshttps://www.informationsecuritysolutions.com/All of the latest vacancies from Information Security Solutions Ltd.en-gbTue, 28 Apr 2026 14:10:24 GMTwww.firefishsoftware.comHead of OT Security

Title:	Director of Operational Technology (OT) & Manufacturing Security
Reference No:	2152
Company:	FTSE100
Location:	London – 3 days in the office (Tuesday -Thursday) plus if required for specific meetings on other 2 days
Working pattern:	This hybrid role is 37.5 hour week Monday – Friday
Reports to:	Group CISO
Salary:	£130K - £150K

The Role

Group Cyber Security Overview

The Group Cyber Security team are responsible for ensuring that the cyber risk is managed appropriately across the Group. The cyber strategy has been updated and there is a renewed focus recognising that cyber security needs to be part of the Groups culture and DNA.

The Group operates a highly federated business model. The cyber strategy has considered the most effective way to build improved cyber capabilities while supporting the effectiveness of this operating model.

It’s an exciting time to join the Group Cyber Security team – a time of significant investment. With the adoption of the new strategy, Group Cyber Security will be responsible for setting the cyber standard and measuring compliance to this standard for all businesses within the Group. A multi-year transformation programme has been established to build improved cyber capabilities. This is a diverse programme touching all areas of cyber security. This permanent role will play a key part in shaping and supporting the delivery of the transformation programme, before assuming responsibility for embedding, operating, and continually improving the new initiatives as they transition into business‑as‑usual

Role Summary

As the strategic architect of Manufacturing and OT cyber security future, the Head of Manufacturing and OT Security develops and owns the OT cyber security strategy, shaping a resilient, forward-thinking environment where operational technology and manufacturing plants are safeguarded against evolving threats.

Reporting into the Group CISO, this role sets the strategic vision, defines the security technology roadmap, and establishes robust controls and governance frameworks that empower every division to operate securely and resiliently. By partnering with divisions to drive risk reduction and security improvements and championing regulatory excellence and continuous improvement, this leader will deliver step-change transformation across the global Manufacturing/OT landscape.

Through dynamic collaboration, expert guidance, and charismatic leadership, the Head of Manufacturing and OT Security will inspire teams and stakeholders to elevate security awareness, respond decisively to incidents, and build a legacy of operational resilience that enables the Group to thrive in a rapidly changing digital world.

Role Responsibilities/Accountabilities

Key Responsibilities:

1. Manufacturing / OT Security Assurance and Culture

• Develop and own the costed Manufacturing and OT cyber security strategy, laying out the vision for Manufacturing and OT resilience and improving the operational resilience of plants from cyber-attacks.

• Define the technology roadmap for Manufacturing and OT security, ensuring alignment with business objectives and transformation goals.

• Define and uphold standard controls and architecture blueprints for Manufacturing/OT security.

• Define, develop, and continuously improve the Manufacturing/OT security operating model, including sourcing appropriate support services.

• Manage and assure regulatory compliance with respect to Manufacturing/OT Cyber Security and coordinate the submission of NIS2 requirements, leveraging the GRC and Technical Assurance teams.

• Maintain a register of Manufacturing/OT projects relevant to Manufacturing/OT security and assure that security processes are followed and reviewed with system owners.

• Establish and run appropriate governance boards for OT and Manufacturing cyber security.

• Champion Manufacturing/OT Security Governance within the business area, including risk management, internal governance boards, compliance frameworks, and supply chain.

• Champion education and awareness about Manufacturing/OT cyber risks.

• Support and champion the Manufacturing/OT step change improvements that are delivered through the GCS Transformation programme.

• Collaborate across verticals with the GCS Leadership Team.

2. Risk Management

• Coordinate and assure delivery of Manufacturing/OT cyber security risk reduction activities, providing assurance to manufacturing security owners that risks are effectively managed.

• Review risk assessments for security concerns to ensure quality and identify common gaps.

• Partner with divisions to drive risk reduction and security improvements.

• Assure Manufacturing/OT security vulnerability intelligence is reviewed, with appropriate responses communicated to stakeholders.

3. Third Party Management

• Ensure relationships with Manufacturing and OT third-party suppliers are managed, with secure connectivity, alignment with the Group security standards, and appropriate risk management in coordination with System Owners.

• Enable third-party risk and assurance, including supplier assessments, contractual compliance, and secure third-party connectivity.

4. Incident Response

• Assuring Manufacturing/OT Security Incident Response plans are in place and tested, and the appropriate business division representatives are included in Manufacturing/OT Incident Response Teams.

• Be a key member of the Cyber Incident Management Team, assisting in coordination for incident response and ensuring Manufacturing/OT incident response plans are in place, tested, and inclusive of relevant business/division representatives.

5. Awareness, Training & Leadership

• Raise awareness of Manufacturing/OT security risks and partner with divisions to provide training and build a culture of security.

• Champion education and awareness about Manufacturing/OT cyber risks across the group.

• Lead and manage the Manufacturing/OT security team, setting clear objectives and fostering a culture of continuous improvement.

• Act as a subject matter expert (SME) and trusted advisor to system owners, divisions, and senior stakeholders.

• Demonstrate charismatic, all-round leadership to drive change and inspire teams.

Experience, Knowledge, Skills & Attributes

• 7+ years’ experience in Manufacturing/OT cyber security within a large, complex organisation.

• Deep understanding of OT environments (SCADA, ICS, PLCs, DCS), securing industrial control systems and critical infrastructure, knowledge of OT-specific protocols (Modbus, OPC, DNP3, etc.) and risk assessment and threat modelling for OT systems.

• Strong knowledge of cyber security frameworks (ISO 27001, NIST, CIS Controls) and OT security standards such as IEC62443 and NIST 800-82.

• Expertise in relevant regulatory compliance such as NIS2 and H&S regulations.

• Proven experience developing and implementing enterprise-wide cyber risk management processes.

• Professional certifications such as CISSP, CISM, GICSP or ISA/IEC 62443 certificates.

• Excellent leadership, communication, and influencing skills.

• Excellent collaboration skills with cross-functional teams.

• Ability to drive cultural change and embed security awareness.

Desirable

• Experience operating within a federated business model.

]]>https://www.informationsecuritysolutions.com/job/head-of-ot-security-189.aspxhttps://www.informationsecuritysolutions.com/job/head-of-ot-security-189.aspxhttps://www.informationsecuritysolutions.com/job/head-of-ot-security-189/apply.aspxMon, 27 Apr 2026 08:15:55 GMThttps://www.informationsecuritysolutions.com/job/head-of-ot-security-189/apply.aspx189Head of OT Security338PermanentOT SecurityHead of OT SecurityLondonMon, 27 Apr 2026 08:15:55 GMTMon, 11 May 2026 08:15:55 GMTIain Sutherlandiain@informationsecuritysolutions.com020 7887 6090130000.00150000.00Per YearGBPUKHead of Cyber Security Governance, Risk and Compliance

Title:

Head of Cyber Security Governance, Risk and Compliance

Reference No:

2154

Company:

FTSE100

Location:

London – 3 days in the office (Tuesday -Thursday) plus if required for specific meetings on other 2 days

Working pattern:

This hybrid role is 37.5 hour week Monday – Friday

Reports to:

Group CISO

Salary:

£110K - £120K

The Role

Group Cyber Security Overview

Role Summary

The Head of Cyber Security Governance, Risk & Compliance (GRC) serves as the driving force behind the Groups vision for world-class cyber resilience and is accountable for defining and advancing the enterprise cyber risk and assurance strategy. This role champions a culture of proactive risk management, robust governance, and unwavering compliance, ensuring that the Group not only meets, but sets the standard for information security across a complex, global business landscape.

Through the cultivation of strong partnerships across divisions and leadership, the Head of GRC empowers the organisation to anticipate emerging threats, adapt to regulatory change, and embed security at the core of every decision, enabling the Group to achieve its objectives securely in a rapidly evolving digital world.

Role Responsibilities/Accountabilities

Key Responsibilities:

1. Governance

• Define and maintain the cyber security governance framework, policies, and standards.

• Lead the liaison with divisional GRC roles, supporting the development and maintenance of the GRC operating model and framework.

• Ensure alignment with the Cyber Standard and global regulatory requirements (e.g., NIS2, GDPR).

• Provide direction on cyber security tooling relating to governance and assurance objectives.

• Collaborate with the Technical Assurance team to define and implement metrics and reporting standards for divisions.

• Chair governance forums and provide regular reporting to senior leadership and audit committees.

• Plan, coordinate and facilitate Security Working Group (SWG) meetings.

• Assist in the preparation of board papers and materials for annual reporting and Group level risk management.

2. Risk Management

• Develop and implement enterprise-wide cyber risk management processes.

• Lead risk quantification initiatives by implementing risk quantification methodologies and developing metrics to measure and communicate risk reduction.

• Provide assurance that cyber risks are identified, assessed, and mitigated across all divisions.

• Maintain and update risk registers, ensuring Group risks are accurately captured, assessed, and managed.

• Conduct and oversee risk assessments at Group level in support of all divisions and business units.

• Track and manage deviations from policy, including the documentation and approval of exceptions.

• Conduct horizon scanning for regulatory changes and emerging cyber security requirements, ensuring the risk landscape is proactively managed.

3. Compliance & Assurance

• Build and lead the non-automated second line assurance capability to monitor compliance to the Groups cyber standard.

• Oversee readiness for internal audits and external regulatory reviews, liaising with internal audit and external bodies to support audit activities, address findings, and drive remediation.

• Report monthly on GRC and assurance activities to senior management and divisional stakeholders.

• Respond to ad-hoc reporting requests from divisions, business units, and senior management.

4. Third Party Security

• Develop the strategy for third party cyber security. Deliver a step change in third party security capabilities through the Third Party Management workstream of the cyber transformation programme.

• Manage cyber security third-party risk and assurance, at point of contract and through ongoing assurance.

• Deliver a demonstrable and measurable reduction in third party cyber security risk.

5. Strategic Leadership

• Lead the Group Cyber Security GRC function, establishing a robust second line of defence and embedding risk-based decision-making.

• Provide strategic direction on GRC initiatives, ensuring continuous improvement and alignment with business objectives whilst supporting the delivery of the cyber transformation programme.

• Act as a trusted advisor to the CISO and senior stakeholders on governance and compliance matters.

• Influence organisational culture to embed security awareness and risk-based thinking.

• Work in partnership and collaborate across verticals with the GCS Leadership Team.

6. Stakeholder Engagement

• Collaborate with divisional GRC functions, BISOs, legal, finance, and operational teams to ensure integrated risk management.

• Represent the Group in external forums and regulatory engagements.

• Build and maintain trusted relationships with senior stakeholders, demonstrating a personable and collaborative approach.

• Ensure positive engagement and communication with all internal and external stakeholders.

Experience, Knowledge, Skills & Attributes

Essential

• 7+ yrs experience in governance, risk, and compliance within a large, complex organisation.

• Strong knowledge of cyber security frameworks (ISO 27001, NIST, CIS Controls).

• Expertise in regulatory compliance (GDPR, NIS2, SOX).

• Excellent leadership, communication, and influencing skills.

• Professional certifications such as CISSP, CISM, CRISC.

• Proven experience developing and implementing enterprise-wide cyber risk management processes

• Excellent collaboration skills with cross-functional teams

• Strong relationship-building and communication skills, with a personable and credible approach

Desirable

• Experience in a federated business model.

• Familiarity with risk quantification tools and methodologies.

• Ability to drive cultural change and embed security awareness.

• Experience building a strong relationship with internal audit.

• Experience implementing an effective third party security risk management service.

]]>https://www.informationsecuritysolutions.com/job/head-of-cyber-security-governance,-risk-and-compliance-191.aspxhttps://www.informationsecuritysolutions.com/job/head-of-cyber-security-governance,-risk-and-compliance-191.aspxhttps://www.informationsecuritysolutions.com/job/head-of-cyber-security-governance,-risk-and-compliance-191/apply.aspxMon, 27 Apr 2026 08:15:55 GMThttps://www.informationsecuritysolutions.com/job/head-of-cyber-security-governance,-risk-and-compliance-191/apply.aspx191Head of Cyber Security Governance, Risk and Compliance338PermanentIT/Information/Cyber SecurityHead of GRCLondonMon, 27 Apr 2026 08:15:55 GMTMon, 11 May 2026 08:15:55 GMTIain Sutherlandiain@informationsecuritysolutions.com020 7887 6090110000.00120000.00Per YearGBPUKDirector of Group Cyber Security Services

Title:	Director of Group Cyber Security Services
Reference No:	2153
Company:	FTSE100
Location:	London – 3 days in the office (Tuesday -Thursday) plus if required for specific meetings on other 2 days
Working pattern:	This hybrid role is 37.5 hour week Monday – Friday
Reports to	Group CISO
Salary:	£140K - £160K

The Role

Role Summary

As the strategic architect of the Group’s security services, the Head of Security Services shapes and delivers a unified vision for cyber security across a global, federated enterprise and 85+ businesses grouped into 10 divisions. Reporting into the Group Chief Information Security Officer (CISO), this leader is responsible for overseeing day-to-day operational cyber security capabilities, ensuring robust, efficient, and coordinated first and second line security operations that protect the Group’s people, systems, and data from cyber-attacks.

By setting the direction for security services, championing the adoption of centralised capabilities, and driving continuous innovation, this role ensures that the security operations are robust, adaptive, and future-ready. With oversight of daily technical security functions and a relentless focus on operational excellence, the Head of Security Services builds and empowers high-performing teams to deliver 24/7 threat detection, rapid incident response, and proactive risk management. This includes ownership of security controls, security testing, tech assurance and vulnerability and threat management, and incident response across the organisation.

Collaboration is at the heart of this position. By working across the GCS Leadership Team, with business and technology stakeholders, and with industry experts to align strategy, share intelligence, and drive a single, cohesive approach to security services, this leader ensures the Group not only meets but sets the benchmark for security services in a dynamic digital world.

Role Responsibilities/Accountabilities

Key Responsibilities:

Strategic Leadership & Vision

• Establish a costed strategic vision for security services across the Group’s global, federated enterprise.

• Evangelist for adoption of central services and drives alignment to a single security services vision.

• Define, maintain, and regularly review the security services service catalogue and SLAs, clearly articulating what “good” looks like.

• Integrates AI and modernises security operations using latest technologies.

• Ensure security operations support organisational resilience and disaster recovery objectives.

• Collaborate across verticals with the GCS Leadership Team.

Operations & Service Delivery

• Oversee daily operations of technical security functions, working collaboratively with the SOCs to provide 24/7 visibility and threat detection ensuring services are resilient, risk-aware, and aligned with business needs.

• Regularly review and modernise SOC processes, technologies, and talent.

• Partner with MSSPs and build solid vendor relationships to deliver the security strategy.

• Define and collect metrics/KPIs, regularly reporting to leadership on SOC events/incidents and overall effectiveness.

• Review metrics at a group level and adjust services strategy accordingly.

• Management of the security technology stack and continuous improvement of services.

Incident Response & Threat Management

• Serve as incident commander (including on-call), leading cyber incident response activities.

• Lead on cyber incident response activities and contributing to incident management activities by advising on incident identification, assessment, classification, escalation, investigation, mitigation, monitoring and reporting to help ensure cyber incidents are managed in a timely and effectively manner to limit impact.

• Drive the development of threat management, threat modelling and identification of new threat vectors by keeping up to date with industry activity and methodology, to help ensure key assets are protected.

• Lead threat hunts to proactively discover potential compromises.

• Lead and coordinate red teaming, penetration testing, and exercising to assess and enhance the quality of services delivered by SOCs.

• Red/purple teaming to ensure standard of services—testing quality of services delivered by various SOCs.

• Exercise incident response capabilities.

Threat Intelligence & Tech Assurance and Vulnerability Management

• Drive the development of threat management, threat modelling, and identification of new threat vectors.

• Maintain up-to-date awareness of cyber threat intelligence and emerging attack vectors, always evaluating the materiality of the threat.

• Liaise with industry experts and update strategy in line with the threat landscape.

• Lead a threat-led, risk-based vulnerability management programme, ensuring timely remediation in collaboration with IT.

• Own insider threat and data loss prevention (DLP) initiatives.

• Lead the emergency patching vulnerability management programme ensuring threat-led and risk-based prioritisation, along with collaboration with IT for timely remediation.

• Own and manage key security controls ensuring they are deployed, tuned, and monitored effectively across cloud and on-premise assets, along with managing the vendors that are responsible for supporting the Group.

Team Leadership & Performance

• Lead a high-performing team of cyber and project professionals, driving strategy, innovation, and continuous improvement across protection capabilities including SOC, Security Engineering, Technical Assurance and Vulnerability Management.

• Manage team performance and cost base, making informed financial decisions and supporting portfolio-level investment planning.

• Provide technical leadership and act as a subject matter expert on information security best practices.

Collaboration & Stakeholder Engagement

• Collaborate across the GCS Leadership Team and with cross-functional stakeholders.

• Work with Head of Manufacturing / OT security to align security operations elements in manufacturing.

• Collaborate with cross-functional stakeholders to assess and mitigate risk, while maintaining a forward-looking roadmap for cyber capabilities.

Experience, Knowledge, Skills & Attributes

Essential

• A certification such as CISSP CISM, GIAC, or equivalent. University Degree qualified in an engineering discipline ideally with Cyber Security Engineering, Computer Science, Information Technology, or Computer and Electronics engineering.

• Prior experience of building security teams and a global delivery operations support model.

• Demonstrable experience of building and running a technical assurance function.

• Demonstrable knowledge of industry standards such as NIST and ISO27001. Knowledge of relevant regulations such as GDPR, NIS2, and EU AI.

• Exceptional analytical and decision-making abilities during BAU and incidents.

• Experience in leading cybersecurity incidents, implementing response procedures, and driving continuous improvements, and optimising security tools and technologies to enhance operational efficiency.

• Hands-on experience in threat detection and prevention, including expertise in SIEM, EDR, firewall management, or similar security technologies.

• Ability to build relationships and engage with all levels of management, communicating complex technical issues to a range of audiences.

• Experience of managing service level agreements, commercial engagements, and supporting procurement with contract negotiations.

• Demonstrable experience in designing, enhancing, and implementing security processes and policies.

• Strong project management and leadership skills with the ability to prioritise both operational and project demands.

Desirable

• Experience of operating within federated environments or within an IT Service Management Provider / Consultancy

• Experience managing external supplier relationships to secure the best value and service

]]>https://www.informationsecuritysolutions.com/job/director-of-group-cyber-security-services-190.aspxhttps://www.informationsecuritysolutions.com/job/director-of-group-cyber-security-services-190.aspxhttps://www.informationsecuritysolutions.com/job/director-of-group-cyber-security-services-190/apply.aspxMon, 27 Apr 2026 08:15:55 GMThttps://www.informationsecuritysolutions.com/job/director-of-group-cyber-security-services-190/apply.aspx190Director of Group Cyber Security Services338PermanentIT/Information/Cyber SecurityHead of Security OperationsLondonMon, 27 Apr 2026 08:15:55 GMTMon, 11 May 2026 08:15:55 GMTIain Sutherlandiain@informationsecuritysolutions.com020 7887 6090140000.00160000.00Per YearGBPUKCyber Security Culture Manager

Title:	Cyber Security Culture Manager
Reference No:	2155
Company:	FTSE100
Location:	London – 3 days in the office (Tuesday -Thursday) plus if required for specific meetings on other 2 days
Working pattern:	This hybrid role is 37.5 hour week Monday – Friday
Reports to	Group CISO
Salary:	£100,000

The Role

Role Summary

The Group are transforming the way in which the cyber security risk is managed across the group. A new cyber strategy has been agreed; there is a short-term focus on security hygiene and resilience while a multi-year transformation programme is initiated to introduce new and make improvements to existing cyber capabilities and services.

The Cyber Security Culture Manager will be the driving force behind a mission to create a security-first mindset across a global, diverse organisation. This role sets the vision for cyber security culture, embedding security as a core value and shaping behaviours that protect people, processes, and assets. By defining clear goals and delivery roadmap for cultural maturity, it ensures alignment with business objectives, regulatory requirements, and industry best practice.

Reporting to the CISO, this role builds strong relationships with senior leaders and advocates across Group’s divisions, influencing change and creating a unified security posture. Acting as a cultural leader, the role champions continuous improvement, leveraging data-driven insights to strengthen security behaviours and reduce human risk. It fosters collaboration across security teams and business units, enhancing engagement and building a high-performing, values-driven environment. Through compelling communications and thought leadership, the role amplifies the voice of the CISO and ensures security messaging resonates at every level of the organisation.

Success in this role means delivering measurable improvements in security culture—where secure choices are intuitive, risk is reduced at scale, and every colleague feels empowered to navigate cyber threats confidently. This is a unique opportunity to shape the future of security culture and leave a lasting impact on the resilience of a global enterprise.

Role Responsibilities/Accountabilities

Key Responsibilities:

Set the Strategic Vision for Security Culture

• Define and own the long-term strategy for cyber security culture, ensuring alignment with business objectives, regulatory requirements, and industry best practice.

• Establish a clear roadmap for cultural maturity and embed security as a core value.

Drive Continuous Improvement of Security Culture

• Monitor and assess cultural maturity through surveys, KPIs, and behavioural metrics.

• Identify gaps and implement initiatives that strengthen security behaviours and reduce human risk.

• Champion best practices and foster collaboration between security teams and business units.

Enhance the Culture of Security Teams

• Promote a high-performing, collaborative, and values-driven environment within and across the security teams.

• Develop initiatives that improve team engagement, communication, and alignment with the security vision.

• Act as a role model for cultural leadership within the security function

• Plan, coordinate and facilitate Group Cyber Security (GCS) team meetings.

Create and Curate Strategic Content on Behalf of the CISO

• Develop high-quality, impactful content for internal audiences, including executive communications, presentations, and thought leadership pieces.

• Ensure messaging reflects the Groups security vision, priorities, and cultural objectives.

• Collaborate with corporate communications to maintain consistency and clarity in all security-related messaging.

Collaborate with the Global Cyber Security

• Partner with Global Cyber Security peers to ensure cultural initiatives complement technical controls, risk frameworks, and strategic priorities.

• Work closely with the Cyber Transformation Programme and BTS to deploy phishing simulation campaigns and implement tools that uplift cyber culture.

• Align cultural objectives with broader security programmes to deliver a unified and effective security posture.

Stakeholder Engagement and Advocacy

• Build strong relationships with senior leaders, divisional business units, and functional teams to influence and embed security culture.

• Represent the Group in relevant forums, working groups, and industry networks to share insights and adopt best practices.

Measurement and Reporting

• Define KPIs and success metrics for cultural initiatives and report progress to the CISO and senior leadership.

Use data-driven insights to refine strategies and demonstrate measurable improvements in security culture.

Experience, Knowledge, Skills & Attributes

Essential

• Proven experience in cyber security awareness, culture, or behavioural change programs within a large, complex organisation.

• Proven track record of working with senior partners to deliver metrics and reporting and progress updates.

• Strong understanding of human risk factors and security best practices.

• Excellent written, presentation and verbal skills with fluent English (written and verbal).

• Articulate and effective communicator across a range of formats, able to convey complex topics with ease to a variety of audiences and persuade others of the importance of security.

• Build excellent relationships, credibility and influence easily with people at different levels, working to persuade them of the need to work with security in-mind.

Desirable

• Experience of working in a federated environment.

• Experience of operating security standards / frameworks such as ISO27001, NIST 800-53, NIS2.

• Experience and involvement with major Cyber Security transformation projects or programmes.

]]>https://www.informationsecuritysolutions.com/job/cyber-security-culture-manager-192.aspxhttps://www.informationsecuritysolutions.com/job/cyber-security-culture-manager-192.aspxhttps://www.informationsecuritysolutions.com/job/cyber-security-culture-manager-192/apply.aspxMon, 27 Apr 2026 08:15:54 GMThttps://www.informationsecuritysolutions.com/job/cyber-security-culture-manager-192/apply.aspx192Cyber Security Culture Manager338PermanentInformation/Business RiskSecurity Awareness ManagerLondonMon, 27 Apr 2026 08:15:54 GMTMon, 11 May 2026 08:15:54 GMTIain Sutherlandiain@informationsecuritysolutions.com020 7887 60900.00Per YearGBPUK