Head of Cyber Security and Information Risk

Job title: Head of Cybersecurity & Security Operations Lead the GRC and Information Risk function, ensuring enterprise-wide visibility of cyber and information risks. Maintain oversight of the IT & Cyber Risk Register, ensuring risks are documented, owned, and mitigated within defined tolerances. Drive security governance through policy, process, and risk-based controls. Chair internal cybersecurity governance forums to review risks, progress, and control effectiveness. Ensure compliance with internal and external audit, regulatory, and policy requirements. Own the policy, standards, and control environment for cybersecurity, ensuring alignment to corporate governance requirements. Lead third-party and supplier assurance, ensuring contractual security obligations and oversight mechanisms are in place. Lead, mentor, and develop the cybersecurity, GRC, and information-risk team, including the Security Operations Analyst. Provide clear goals, performance measures, and career development for direct reports. Promote a culture of shared accountability, awareness, and proactive engagement across the business. Represent cybersecurity at senior forums, providing authoritative guidance on risk and resilience. Build internal capability through education, communication, and recognition of best practice. 10+ years in cybersecurity leadership within a complex, multi-region organisation. Demonstrated success combining governance, architecture oversight, and operational management. Deep understanding of cyber threats, enterprise technology, risk management, and security architecture across cloud, identity, and endpoint ecosystems. Skilled in aligning to recognised frameworks (ISO 27001, NIST CSF, CIS Controls) and tailoring them to organisational maturity. Experienced in enterpise risk management, audit engagement, and assurance reporting. Understanding of data-protection and corporate-governance codes. Strong executive presence with ability to influence across functions and manage both internal and external teams through accountability and collaboration. Excellent communicator; capable of briefing senior executives and the Board on cybersecurity posture, risk, and mitigation priorities. Certifications (preferred) - CISSP, CISM, CRISC, or equivalent. Cloud-security or Microsoft-security certifications advantageous.