Back to search

Group IT Director - Security and Risk

West Midlands Permanent
  • Unique opportunity to work for a highly successful business and household name
  • Reporting into the CIO, this role has a broad scope of influence and complexity

About Our Client

A large complex organisation undergoing significant M&A and integration activity. If you are looking to be part of something really exciting then look no further, the industry sector is fast paced, dynamic and essentially recession proof.

Job Description

A key element of the role is working with executive management to determine acceptable levels of risk for the organisation. He or she will proactively work with wider IT function, business units, suppliers and partners to implement practices that meet standards for security, and understand and articulate the impact of cybersecurity on the business, and be able to communicate this to the board of directors and other senior stakeholders.

  • The post holder will devise and implement appropriate policies and governance to achieve the agreed strategic aims for information security.
  • Establish, lead and develop a new IT and information security function across the group to ensure consistent and high-quality IT and information security management in support of the business goals
  • Facilitates a security governance structure through the implementation of a hierarchical governance program, including the formation of an IT and information security steering committee or advisory board
  • Provides regular reporting on the current status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes
  • Develops, promotes and coordinates approval and implementation of security policies
  • Directs the creation of a targeted information security awareness training program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences
  • Ensures the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management
  • Provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls
  • Ensures that the group stays ahead of new and impending security risks and standards
  • Supports the CIO and Senior IT Team to develop an information security vision and strategy that is aligned to the groups priorities and enables and facilitates the groups business objectives
  • Works effectively with business units to facilitate information security risk assessment and risk management processes
  • Supports both new and existing customer risk assessments and any dialogue in relation to IT and information security
  • Develops and maintains a document framework of continuously up-to-date IT and information security policies, standards and guidelines. Oversees the approval and publication of these policies and practices
  • Collaborates and liaises with the Data Protection Officer and third party consultants to ensure that data privacy requirements are included where applicable
  • Defines and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings
  • Work with IT leadership team to ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines
  • Leads the response to information security incidents. Manages and contains information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation
  • Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action
  • Leads the development, testing and implementation of security incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event
  • Provides advice, direction, support and in-house consulting in information security and risk management areas
  • Effective leadership of small team of information security professionals to deliver on the companies objectives
  • Ensure effective due diligence is undertaken for cyber security and risk management in any M&A activities, and that results/recommendations are clearly communicated
  • Leads the development, testing and implementation of security incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event
  • Provides advice, direction, support and in-house consulting in information security and risk management areas
  • Effective leadership of small team of information security professionals to deliver on the companies objectives
  • Ensure effective due diligence is undertaken for cyber security and risk management in any M&A activities, and that results/recommendations are clearly communicated

The Successful Applicant

  • Expert for cyber security and information technology risk management
  • Able to assess/chose/select IT solutions and service providers
  • Able to construct roadmap and portfolio of work to deliver change
  • Business relationship management
  • Financial Skills - navigate budget setting and operate within financial constraints of the group
  • Quality approach to area of expertise
  • Demonstrated experience and success in senior leadership roles in risk management, information security, and IT security
  • Degree in business administration or a technology-related field, or equivalent work or education related experience
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT
  • Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies
  • Desired, but not required:
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials
  • Experience of successfully executing programs that meet the objectives of excellence in a dynamic business environment
  • Experience with contract and vendor negotiations

What's on Offer

  • A six figure basic salary + Car or Car Allowance + Bonus (always paid)
  • Generous corporate benefits package
  • Flexible and Hybrid working
  • The opportunity to work with some very impressive leaders and reporting into a high profile Chief Information Officer
  • Significant career progression opportunities in a massively growing and exciting organisation
  • Location is Open, providing you are happy to attend key stakeholder and team meetings on a regular basis
Contact
Russell Livesey
Quote job ref
JN-022023-5925557

Job summary

Function
CIO & IT Leadership
Subsector
CIO & IT Leadership Subsector
Industry
Technology Media & Telecoms
Location
West Midlands
Contract type
Permanent
Consultant name
Russell Livesey
Job reference
JN-022023-5925557

About Page Executive

Page Executive are inclusive Recruiters and Hirers, as reflected in our Clear Assured Gold Standard Accreditation from the Clear Company. We are passionate about attracting diverse talent and are committed to ensuring our processes are inclusive and supportive.