Job Title: Head of Security Change
Location: Scotland (Hybrid)
Reporting to: Chief Information Security Officer (CISO)
About the Role
We are seeking a dynamic and experienced Head of Security Change to lead a multi-year programme of cyber and information security enhancements across our growing business. Sitting within the Cyber & Information Security function and reporting directly to the CISO, you will shape and drive the delivery of a c.£5 million programme of strategic security improvements.
You will also manage a team of security consultants who act as embedded partners to business and technology change initiatives, ensuring security is effectively integrated into transformation efforts across the enterprise.
Key Responsibilities
Security Programme Leadership
* Own and drive delivery of a strategic, multi-year security change programme (approx. £5 million budget).
* Shape the programme roadmap in line with cyber risk priorities, threat landscape, regulatory expectations, and business strategy.
* Deliver measurable improvements in security posture, controls, and resilience.
* Define and track key performance and risk indicators for programme success.
* Ensure timely and effective stakeholder engagement across technology, operations, and executive leadership.
Security in Change Oversight
* Lead a team of embedded security consultants aligned to business and technology change portfolios.
* Ensure security requirements are identified early and incorporated into all relevant change initiatives.
* Oversee security design reviews, risk assessments, and assurance activities across projects.
* Provide security sign-off and governance for new technologies, processes, and services.
* Promote secure-by-design principles and influence architecture and delivery practices.
Team & Stakeholder Leadership
* Lead, coach, and develop a high-performing team of cyber security professionals.
* Foster a collaborative, delivery-focused culture with a strong understanding of risk, pragmatism, and business context.
* Build trusted relationships with senior stakeholders including CTO, CIO, COO, Head of Risk, Programme Directors, and third parties.