Head of Global IT Security

Remit & Responsibilities: 

1. Define and maintain the security governance framework, and lead the development and delivery of a multi-year cybersecurity strategy, including core policies, controls, and risk-based prioritisation.
2. Lead collaboration with infrastructure and business teams to ensure security baselines across cloud platforms (Azure, M365) are in place.
3. Maintain the Cyber Incident Response Plan and coordinate security events, audits and post-incident reviews.
4. Ensure vendor, project and application security is addressed through due diligence and policy alignment.
5. Promote a culture of secure behaviour and support awareness, training and continuous improvement.
6. Drive organisation-wide security awareness through structured training, campaigns, and practical guidance tailored to different user groups.

Job Specific Education Required: 

Essential (E): 

• Formal post-secondary education (degree, diploma, or equivalent) in any discipline, or equivalent practical experience
• Relevant security certifications (e.g. ISO 27001, Cyber Essentials Plus, Security+)
• Familiarity with frameworks such as NIST, GDPR, Cyber Essentials Plus, CIS Controls

Desirable (D): 

• ISO27001 awareness or training
• Microsoft Azure certifications (e.g. AZ-104, AZ-305)
• CompTIA Security+ or equivalent
• Relevant vendor certifications (e.g. Cisco)

Work Experience Required:

Essential (E): 

• Minimum 7 years of experience in IT or information security roles, with increasing responsibility
• Experience developing and delivering long-term information or cyber security strategies
• Proven track record in infrastructure-heavy environments, with exposure to networks, endpoints and cloud platforms.
• Experience working in lean or mid-maturity organisations, where security delivery depends on influence and collaboration.
• Hands-on experience with Microsoft-centric environments (Azure, M365, Intune, Defender, etc.)
• Experience coordinating security incidents, risk assessments, or response activities.
• Demonstrated ability to embed or guide security through projects, vendors and operational processes
• Ability to design and deliver security awareness training and promotes a strong security culture across all levels of the organisation
• Participation in compliance intiatives and audits related to Cyber Essentitals Plus, ISO 27001, NIST or GDPR

Desirable (D):

• Experience supporting or overseeing external MDR/VSOC providers.
• Exposure to vendor due diligence, SaaS onboarding and third-party risk management.
• Familiarity with industrial services, engineering, or project-based technical environments.
• Involvement in security policy rollout, training initiatives or user-facing awareness efforts

Skills & Knowledge Required

Essential (E)

• Strong working knowledge of Microsoft-based technologies (Azure, M365), IAM principles and endpoint security
• Ability to define, implement and monitor technical and procedural security controls
• Clear understanding of risk management, incident response and compliance frameworks
• Confident communicator with ability to influence across business and technical teams
• Able to operate independently, prioritise across multiple demands and lead security initiatives in a mid-maturity IT environment

Desirable (D): 

• Awareness of emerging threats, vulnerability trends and industry threat intelligence practices
• Understanding of vendor security evaluation methods and procurement-related security considerations
• Familiarity with automation or scripting in a security context (e.g. PowerShell, Defender API usage)
• Experience engaging with executive stakeholders on security posture, risks and investment needs

Requirement to travel

• Occasional travel to our global sites may be required. 

We look forward to hearing from you