Head of Cyber Security

Head of Cyber Security

The Head of Cyber and Information Security is responsible for leading the strategic direction of cyber and information security at CareTech. This includes evolving an effective Information Security Management System (ISMS) to achieve and obtain ISO27001 certification. The role ensures risk-based alignment between cyber risk and business priorities, promotes a security-focused approach, and supports CareTech in proactively managing threats and responding to incidents. Proven experience in bridging the gap between complex security requirements and operational needs is a must.

Key Accountabilities

Evolve a cyber and information security strategy aligned with ISO27001 standards and business objectives.

Lead the design, implementation, and continuous improvement of the Information Security Management System (ISMS).

Oversee risk management activities, including risk assessments, mitigation planning, and incident response.

Work with senior stakeholders to ensure alignment between security initiatives and organisational priorities.

Drive continuous improvement of the cyber and information security programme through regular reviews and updates.

Manage cyber security incidents to ensure effective and timely resolution.

Support a security-aware environment through training, awareness activities, and clear communication.

Ensure compliance with all relevant legal, regulatory, and contractual obligations.

Experience, Skills and Knowledge

Extensive experience (typically 10+ years) in cyber and information security.

Strong understanding of industry standards like NIST, CIS, Cyber Essentials, Cyber Essentials Plus, ISO27001 standards and hands-on experience in developing, implementing, and maintaining an Information Security Management System (ISMS).

Proven experience managing cyber security incidents and leading effective response strategies.

Demonstrated ability to lead and develop high-performing cyber security teams internally and externally.

Strong analytical and problem-solving skills, with the ability to assess complex risks and develop practical solutions.

Clear and confident communicator, with experience engaging and influencing senior stakeholders.

Strong organisational skills, with the ability to manage multiple priorities in a fast-paced environment, across multi-functional teams.

Strategic mindset with a focus on continuous improvement and professional development.

Experience aligning cyber security initiatives with broader business objectives and risk priorities.

Experience with AI and Gen AI to enable business objectives preferred.

Experience and understanding of the UK Social Care or similar regulated environment highly preferred.

SYS-21158