Head of Cyber Security

The Role

To support business strategy and digital transformation, we are building a new 1st line Information Security Practice to ensure a coordinated response to the increasing cyber security threat, enable risk decisions to be made consistently across the organisation and establish sustainable security capabilities that are integrated with the business. Our vision for Information Security is to 'protect our stakeholders by securing our information assets, managing our cyber risk, and enabling business strategies in an efficient and effective way, fully supported by executive leadership and underpinned by all employees.

The Head of Cyber Security is hence responsible for executing the 1st line cyber security in below 3 functional areas:

1. Operations

2. Technology

3. Defence

Key accountabilities & responsibilities

Leadership

• Communicating a vision and motivating and leading others towards the achievement of goals and business objectives

• Develop long term resource and succession planning for the Security team to ensure appropriately skilled staff are available to resource activities

• Contribute extensively to the annual planning and budgetary process for the IT function by providing key resourcing and budgetary information

Cyber Security

• Lead the implementation of the Target Operating Model, agreed between the CSO and the CIO

• Act as a key advisor to senior management (CEO, CIO, CRO, CSO) on information security matters (e.g., information risk management, cybersecurity, information security control, monitoring, information privacy, operations, identity access management, security architecture, forensics)

• Collaborate with and support the Group Information Security Practice comprising of Operations, Technology & Defence areas as well as other stakeholders as necessary to ensure that information security within the local entity is relevant, cost-effective and is delivered in accordance with the UKI

Information Security Strategy

• Serve as an expert advisor to senior management of the local entity in the implementation and maintenance of information security

• Promote a culture of information security and raise awareness

• Identify and implement coordinated responses to information security audit and compliance issues

• Ensure the core security processes are defined and executed in accordance with the Information Security Standard

• Lead the development, implementation and successful execution of information security operations not offered by security shared services (including vulnerability management and identity and access management) at the local entity

Financial Management

• Partner with Finance to develop and track department budget

• Monitor performance and improvement in key metrics

Deliver operational improvement and financial benefits to meet or exceed annual target