Protect the IT and data infrastructure by leading the development and embedding of cyber and network security policies, controls, and incident response procedures.
This role ensures the business remains resilient to cyber threats, compliant with relevant standards, and aligned to best practices in technology risk management.
Main Duties, including but not limited to:
- Develop, implement, and maintain our cybersecurity strategy, policies, and standards in line with business needs and regulatory requirements across business (IT) and Operational Technology (OT)
- Monitor and respond to cybersecurity threats, vulnerabilities, and incidents, ensuring effective incident detection, response, and recovery
- Manage and oversee technical security controls, including firewalls, customer and internal networks, endpoint protection, access management, and intrusion detection systems
- Conduct regular risk assessments, audits and penetration testing, and ensure that identified risks are tracked, mitigated, and reported
- Work with IT teams to define solutions that embed security across infrastructure, applications and cloud environments from design through to operation within the confines of business and groups policies
- Lead security awareness and training initiatives to promote a culture of cyber resilience across the organisation
- Ensure compliance with industry standards and frameworks (e.g. ISO 27001, GDPR, NIS2) and support internal and external audits
- Maintain and test business continuity and disaster recovery plans related to cybersecurity
- Serve as the primary point of contact for cybersecurity vendors, regulators, and third-party assessments
- Provide regular reporting and strategic advice to the Senior European IT & Data Director and senior leadership on security posture, risks, and priorities
Qualifications and Experience:
- Proven experience in cybersecurity management, including threat detection, incident response, and vulnerability management
- Strong knowledge of security frameworks and standards such as ISO 27001, NIST, CIS Controls, and regulatory requirements like GDPR and NIS2
- Hands-on experience with security technologies including firewalls, SIEM, endpoint protection, identity and access management (IAM), and intrusion detection/prevention systems (IDS/IPS)
- Familiarity with cloud security best practices across platforms such as Azure or AWS
- Strong understanding of networking, infrastructure, and application security, including secure design principles and architecture
- Experience conducting risk assessments, audits, and managing remediation plans
- Ability to lead the development and maintenance of incident response plans, business continuity, and disaster recovery strategies
- Proficiency in interpreting cybersecurity threat intelligence and translating it into actionable controls or mitigation strategies