About The Role
Reporting to the IT Director, you will lead the cybersecurity function through a modern, 3-Layer Operating Model. Your primary focus is to govern our outsourced Managed Detection & Response (MDR/SOC) partners, own the internal GRC (Governance, Risk, and Compliance) framework, and ensure data protection standards are met. You will act as the strategic link between external security experts and our internal Architecture and Platform Engineering teams to ensure the organisation remains secure, compliant, and AI-ready.
About The Group
My client is a large, privately owned international business operating across multiple sectors, with a significant presence in retail, wholesale, healthcare, property, manufacturing, and financial services. With operations spanning several regions, the business serves millions of customers and employs a substantial workforce across its various divisions.
The company is focused on long-term growth, operational excellence, and innovation, investing in modern technology platforms and data-driven capabilities to support its strategic objectives. Cybersecurity, data protection, and digital transformation are key priorities as the organisation continues to modernise its technology landscape and expand the use of cloud and AI-enabled services.
Key Responsibilities
* Act as the primary owner for our outsourced 24/7 SOC/MDR partners. Monitor their performance against SLAs, manage incident escalations, and ensure they are proactively hunting threats across our Azure and Snowflake environments.
* Own the implementation and operation of data security to discover, classify, and protect sensitive data across the group, supporting our broader AI roadmap.
* Maintain the Group Information Security Policy, Cyber Risk Register, and Risk Appetite statements.
* Lead internal and external security audits, ensuring UK GDPR compliance and managing regulatory reporting.
* Partner with the technology team to ensure that cybersecurity policies are translated into automated "Golden Path" guardrails.
* Translate complex security alerts into business-relevant risk stories for the IT Director and the Board.
Required Skills And Experience (Must-have)
* Proven experience managing high-performance external Managed Security Service Providers (MSSP) or MDR vendors.
* Deep knowledge of ISO 27001, NIST, and UK GDPR. Experience maintaining a formal Enterprise Risk Register.
* Familiarity with DSPM (Data Security Posture Management) tools like Cyera or similar data discovery platforms.
* High-level understanding of Azure/AWS security controls, Identity protocols (OIDC/SAML), and MFA strategies (Entra ID).
* Experience coordinating response and recovery efforts between external forensic teams and internal IT functions.
* Ability to tell "risk stories" that align security investment to margin preservation and business continuity.
* Skilled at holding external partners accountable and driving value from service contracts.
* Focuses on material risk reduction rather than theoretical compliance.
#J-18808-Ljbffr