Head of Cybersecurity

Head of Cybersecurity

Location: London (Hybrid, with 2 days a week on site

Salary: £110,000

About the role

We are hiring for a Head of Cybersecurity for a global technology company powering some of the world's most demanding analytics workloads across highly regulated industries.

This Head of Cybersecurity to set the technical security direction for the organisation and take full ownership of day-to-day cyber defence. This is a senior leadership role with broad scope, covering strategy, security operations, cloud and AI security, incident response, and management of an external SOC. You will have the mandate and backing to shape how cybersecurity is delivered as the business scales.

This is a genuinely hybrid role: strategic and hands-on. You will define the vision and roadmap, while remaining close to the technology - in the SIEM, in the cloud console, and directly involved when incidents occur.

You will work closely with peers across IT, product security, and information security compliance. Clear ownership, strong partnership, and practical execution are essential.

What you'll be responsible for

Cybersecurity strategy & leadership

  • Define and execute a cybersecurity strategy aligned to business growth, PE milestones, and customer obligations
  • Build, mentor, and scale the cybersecurity function, starting with one direct report
  • Act as a trusted security leader for executives, auditors, regulators, and enterprise customers

Technical security operations

  • Own the security of a predominantly AWS-based cloud environment and a corporate estate built on Microsoft 365, Entra ID, and Microsoft Defender
  • Manage and optimise an external SOC partnership, ensuring strong detection quality and real operational value
  • Own SIEM strategy, detection engineering, and security monitoring
  • Lead vulnerability management end-to-end using Qualys or equivalent tooling, from discovery to remediation accountability
  • Serve as the technical incident response lead, covering preparation, exercises, live incidents, and post-incident learning

AI & data security

  • Secure internal AI platforms, including training data, models, integrations, and downstream systems
  • Define AI security guardrails, controls, and acceptable-use standards
  • Partner with engineering teams to embed security into AI-driven workflows and system integrations

Controls, policies & standards

  • Define and maintain technical security standards and controls across the technology stack
  • Partner closely with the Information Security Compliance team, who owns compliance reporting and evidence, while you ensure the underlying controls are technically sound and effective
  • Support frameworks including SOC 2, ISO 27001, NIST CSF/800-53, CMMC/DFARS/ITAR alignment, and Cyber Essentials

What we're looking for

Experience

  • Proven experience leading cybersecurity in a cloud-native, regulated, or high-assurance environment
  • Exposure to regulated environments is highly desirable
  • Demonstrated success building and scaling security functions, not just maintaining them
  • Strong hands-on background - you have personally done the work you now lead
  • Experience operating in a private-equity-backed environment is a plus

Technical expertise

  • Deep AWS security capability (IAM, networking, KMS, GuardDuty, Security Hub, logging architectures)
  • Strong Microsoft 365, Entra ID, and Microsoft Defender security operations
  • SIEM ownership and detection engineering experience
  • Vulnerability management tooling such as Qualys or Tenable or other similar tools
  • Proven incident response leadership through real-world incidents
  • Practical understanding of AI/ML security risks, data protection, and system integration patterns

Leadership & communication

  • Comfortable engaging with executives, auditors, regulators, and enterprise customers
  • Able to partner effectively across IT, product, and compliance, building influence rather than silos
  • Strong people leader with the ability to coach, develop, and hire talent

Certifications (desirable)

We are open on the exact mix. Relevant examples include:

  • CISSP
  • AWS Security - Specialty
  • CCSP, CCSK, CISM, SABSA
  • GIAC certifications (eg GCIH, GCIA)

We invite individuals from underrepresented groups to apply for any of our roles and are committed to supporting accessibility needs.

If this sounds like the role for you, hit the apply button now!

Apply Now
Apply Now

Job Details

Company
Spencer Rose Ltd
Location
London, United Kingdom
Hybrid / Remote Options
Employment Type
Permanent
Salary
GBP 110,000 Annual
Posted