Head of Cyber Security and Information Risk
Location: Manchester, UK
Contract type: Permanent
Seniority level: Executive
Employment type: Full-time
Industry: Manufacturing
As the most senior cybersecurity position at PZ Cussons, the Head of Cybersecurity & Security Operations provides strategic leadership, architectural governance, and operational oversight to protect our global technology environment, data, and digital assets from cyber threats.
The Role
The role combines strategic leadership, security architecture governance, cyber‑operations oversight, and governance, risk & compliance (GRC) management.
Key Responsibilities
* Serve as the single point of accountability for cybersecurity and resilience across the enterprise.
* Act as PZ Cussons’ senior cybersecurity authority, owning and evolving the enterprise security vision, strategy, and roadmap.
* Define and execute the cybersecurity programme aligned to business objectives and recognised frameworks.
* Partner with the Director of Infrastructure & Operations, CIO, Legal, Risk, HR, and Supply Chain to embed security into all business operations and change programmes.
* Lead the integration of secure‑by‑design principles into technology and transformation initiatives.
* Advise senior leadership on evolving cyber risks and strategic mitigation priorities.
* Contribute to investment planning, project prioritisation, and IT strategy through a security‑first lens.
* Provide regular reporting and assurance on threat posture, incidents, and maturity.
* Establish measurable KPIs/KRIs and continuous‑improvement plans for cyber‑risk reduction.
* Act as executive lead during cyber or data‑related crises, coordinating response across IT, Legal, Communications, and external partners.
* Lead the GRC and Information Risk function, ensuring enterprise‑wide visibility of cyber and information risks.
* Maintain oversight of the IT & Cyber Risk Register and drive security governance through policy, process, and risk‑based controls.
* Chair internal cybersecurity governance forums and ensure compliance with audit, regulatory, and policy requirements.
* Own policy, standards, and control environment for cybersecurity, aligned to corporate governance.
* Lead third‑party and supplier assurance, ensuring contractual security obligations and oversight mechanisms.
* Translate strategic objectives into architectural principles across cloud, identity, endpoint, and network domains.
* Provide governance and oversight of enterprise and solution security architecture.
* Evaluate new technologies, transformation initiatives, and integrations for security risk.
* Maintain awareness of core technical controls and validate configurations remain effective.
* Provide subject‑matter input into architecture reviews, change boards, and project delivery gates.
* Partner with architecture and technical operations teams to embed security within design reviews, change control, and project delivery.
* Monitor emerging threats and technologies to keep architecture current.
* Lead and direct day‑to‑day cyber‑defence operations across internal and managed‑service teams.
* Ensure robust processes for detection, triage, containment, and recovery from security incidents.
* Act as primary escalation point for significant security events and coordinate executive communication.
* Manage security service partners to ensure performance, value, and continuous improvement against SLAs and KPIs.
* Oversee vulnerability management, threat intelligence, and continuous monitoring programmes.
* Champion automation and analytics within the security stack.
* Track and report operational metrics (MTTD, MTTR, vulnerability closure %, incident trends).
* Align closely with IT operations teams to ensure consistent implementation of security controls.
* Collaborate with the Data Protection Officer, Legal, and Risk teams to harmonise cybersecurity, data privacy, and corporate‑governance obligations.
* Lead enterprise security‑awareness and behaviour‑change programme, promoting a positive security culture.
* Design and sponsor internal campaigns and targeted training for cybersecurity awareness.
* Oversee enterprise cyber‑resilience and disaster‑recovery planning.
* Chair or contribute to crisis‑management exercises and incident post‑mortems.
* Lead, mentor, and develop the cybersecurity, GRC, and information‑risk team.
* Provide clear goals, performance measures, and career development for direct reports.
* Represent cybersecurity at senior forums, providing authoritative guidance on risk and resilience.
Knowledge, Skills & Experience
* 10+ years in cybersecurity leadership within a complex, multi‑region organisation.
* Deep understanding of cyber threats, enterprise technology, risk management, and security architecture across cloud, identity, and endpoint ecosystems.
* Skilled in aligning to recognised frameworks (ISO 27001, NIST CSF, CIS Controls) and tailoring them to organisational maturity.
* Experienced in enterprise risk management, audit engagement, and assurance reporting. Understanding of data‑protection and corporate‑governance codes.
* Strong executive presence and ability to influence across functions.
* Excellent communicator; capable of briefing senior executives and the Board.
* Certifications (preferred) – CISSP, CISM, CRISC, or equivalent. Cloud‑security or Microsoft‑security certifications advantageous.
Key Stakeholders
* Director of Infrastructure & Operations
* CIO and Audit & Risk Committee / Internal Audit
* Data Protection Officer / Legal Counsel
* Technical Operations, Service Delivery, and Architecture teams
* Managed service and security operations partners
* Business Unit and Regional IT Leads
Equal Opportunities
At PZ Cussons, we value diversity and inclusion. We welcome applicants from all backgrounds. Please note that we are not able to offer visa sponsorship or relocation support for this role.
Applicants must have the right to work in the country where this role is located before applying.
We offer a supportive work environment and flexibility – finish at 1 pm every Friday.
#J-18808-Ljbffr