Director of Cybersecurity

Director of Cybersecurity: Reporting & Metrics

London - 2 days a week on site

£165,000 + bonus

About the Role

We are seeking an experienced and strategic Director of Cybersecurity Security Reporting & Metrics to lead a newly established Security Reporting and Metrics team within our IT Security Governance and Management function. This is a high-impact leadership role responsible for developing and delivering executive-level cybersecurity reporting, performance metrics, and risk insights that enable informed decision-making across senior leadership and Board-level stakeholders.

The successful candidate will build and lead a high-performing team, establish robust reporting capabilities, and drive a data-driven approach to security management. This role requires a strong blend of cybersecurity knowledge, leadership experience, business acumen, data analytics expertise, and stakeholder management skills.

Key Responsibilities

Leadership & Team Development

  • Establish and lead the Security Reporting and Metrics team, defining its operating model, governance framework, processes, roles, and responsibilities.
  • Build a high-performing, collaborative team culture focused on excellence, innovation, and continuous improvement.
  • Ensure team objectives align with the wider IT Security strategy and organisational goals.
  • Provide leadership, coaching, and professional development to team members.

Executive Security Reporting

  • Develop and deliver strategic cybersecurity reporting and metrics for executive leadership and Board audiences.
  • Produce detailed and consolidated reports on the organisation's security posture, security capabilities, and risk landscape in collaboration with key stakeholders, including the Chief Information Officer team
  • Translate complex technical security information into clear, concise, and actionable business insights.
  • Ensure reporting supports effective decision-making and drives accountability across the organisation.

Security Risk & Performance Measurement

  • Lead the measurement, monitoring, and reporting of security risks and performance metrics.
  • Establish frameworks for tracking and communicating security risk remediation progress, emerging risks, and potential barriers to delivery.
  • Design, implement, and oversee Key Performance Indicators (KPIs) for all IT Security-owned services and processes.
  • Define performance benchmarks and reporting standards to drive continuous measurement and improvement.
  • Deliver regular reporting and insights to IT Security leadership teams and governance forums.

Reporting Transformation & Continuous Improvement

  • Drive the evolution of security reporting methodologies, analytics capabilities, and data visualisation approaches.
  • Introduce innovative reporting solutions that improve the clarity, accuracy, and impact of cybersecurity communications.
  • Leverage modern Business Intelligence and data analytics tools to enhance reporting effectiveness and decision support.
  • Establish scalable reporting and metrics capabilities that support long-term organisational growth and maturity.

Stakeholder Engagement & Governance

  • Foster strong partnerships across IT Security, Technology, Risk, Compliance, Audit, and executive stakeholder groups.
  • Ensure consistency, accuracy, and relevance of reporting through effective collaboration and governance.
  • Represent the Security Reporting and Metrics function in governance committees, leadership forums, and stakeholder meetings.
  • Provide expert advice and insight on security reporting, metrics, and performance trends.

About You

We are looking for a strategic security leader who can:

  • Inspire and lead a Security Reporting and Metrics team, creating clarity of purpose and accountability.
  • Develop and execute transformational reporting and analytics programmes that strengthen cybersecurity governance and oversight.
  • Identify priorities and opportunities to build a world-class reporting function tailored to organisational needs.
  • Deliver meaningful insights that support executive decision-making and enhance security risk management.
  • Influence senior stakeholders and communicate complex technical information effectively to both technical and non-technical audiences.
  • Drive a culture of continuous improvement, innovation, and data-led decision-making.

Skills & Experience

Essential Experience

  • 12-15 years' experience in cybersecurity reporting, security governance, risk management, data analytics, or a related discipline.
  • Approximately 8-10 years' leadership experience managing teams focused on security reporting, metrics, analytics, or risk oversight.
  • Proven experience operating within highly regulated environments.
  • Demonstrated success designing and implementing enterprise-scale security reporting and metrics frameworks.
  • Experience developing executive and Board-level reporting materials.
  • Strong understanding of cybersecurity risk measurement, performance management, and governance processes.
  • Experience leading transformation initiatives involving reporting, analytics, or Business Intelligence capabilities.
  • Proven ability to communicate complex technical concepts to senior business stakeholders.

Technical Expertise

  • Strong knowledge of security metrics, KPIs, KRIs, risk reporting, and performance measurement frameworks.
  • Experience leveraging business intelligence, reporting, and data visualisation tools to generate actionable insights.
  • Strong analytical, problem-solving, and data interpretation skills.
  • Understanding of security governance, risk management, and compliance principles.

Professional QualificationsEssential

  • Strong understanding of relevant cybersecurity regulations, compliance obligations, and industry standards.
  • Demonstrated ability to interpret and apply regulatory requirements within security reporting and governance frameworks.

Desirable

  • Industry certifications such as:
    • CISSP (Certified Information Systems Security Professional)
    • CISM (Certified Information Security Manager)
    • CRISC (Certified in Risk and Information Systems Control)
    • CGEIT (Certified in the Governance of Enterprise IT)
    • Relevant data analytics, business intelligence, or project management certifications

Why Join Us?

This is a unique opportunity to shape and lead a newly established Security Reporting & Metrics function that will play a critical role in strengthening cybersecurity governance, transparency, and decision-making across the organisation. You will work closely with executive leaders, influence strategic outcomes, and establish capabilities that directly enhance the organisation's security maturity and resilience.

If you are a strategic security leader with a passion for data, analytics, and meaningful business insight, we would love to hear from you.

Apply Now
Apply Now

Job Details

Company
Spencer Rose Ltd
Location
London, United Kingdom
Employment Type
Permanent
Salary
GBP 165,000 Annual
Posted