The Role
As the strategic architect of the Group's security services, the Head of Security Services shapes and delivers a unified vision for cyber security across a global, federated enterprise and 85+ businesses grouped into 10 divisions. Reporting into the Group Chief Information Security Officer (CISO), this leader is responsible for overseeing day-to-day operational cyber security capabilities, ensuring robust, efficient, and coordinated first and second line security operations that protect the Group's people, systems, and data from cyber‑attacks.
Role Summary
By setting the direction for security services, championing the adoption of centralised capabilities, and driving continuous innovation, this role ensures that the security operations are robust, adaptive, and future‑ready. With oversight of daily technical security functions and a relentless focus on operational excellence, the Head of Security Services builds and empowers high‑performing teams to deliver 24/7 threat detection, rapid incident response, and proactive risk management. This includes ownership of security controls, security testing, tech assurance and vulnerability and threat management, and incident response across the organisation.
Collaboration
Collaboration is at the heart of this position. By working across the GCS Leadership Team, with business and technology stakeholders, and with industry experts to align strategy, share intelligence, and drive a single, cohesive approach to security services, this leader ensures the Group not only meets but sets the benchmark for security services in a dynamic digital world.
Role Responsibilities/Accountabilities
Key Responsibilities:
Strategic Leadership & Vision
* Establish a costed strategic vision for security services across the Group's global, federated enterprise.
* Evangelist for adoption of central services and drives alignment to a single security services vision.
* Define, maintain, and regularly review the security services service catalogue and SLAs, clearly articulating what good looks like.
* Integrates AI and modernises security operations using latest technologies.
* Ensure security operations support organisational resilience and disaster recovery objectives.
* Collaborate across verticals with the GCS Leadership Team.
Operations & Service Delivery
* Oversee daily operations of technical security functions, working collaboratively with the SOCs to provide 24/7 visibility and threat detection ensuring services are resilient, risk-aware, and aligned with business needs.
* Regularly review and modernise SOC processes, technologies, and talent.
* Partner with MSSPs and build solid vendor relationships to deliver the security strategy.
* Define and collect metrics/KPIs, regularly reporting to leadership on SOC events/incidents and overall effectiveness.
* Review metrics at a group level and adjust services strategy accordingly.
* Management of the security technology stack and continuous improvement of services.
Incident Response & Threat Management
* Serve as incident commander (including on-call), leading cyber incident response activities.
* Lead on cyber incident response activities and contributing to incident management activities by advising on incident identification, assessment, classification, escalation, investigation, mitigation, monitoring and reporting to help ensure cyber incidents are managed in a timely and effectively manner to limit impact.
* Drive the development of threat management, threat modelling and identification of new threat vectors by keeping up to date with industry activity and methodology, to help ensure key assets are protected.
* Lead threat hunts to proactively discover potential compromises.
* Lead and coordinate red teaming, penetration testing, and exercising to assess and enhance the quality of services delivered by SOCs.
* Red/purple teaming to ensure standard of services testing quality of services delivered by various SOCs.
* Exercise incident response capabilities.
Threat Intelligence & Tech Assurance and Vulnerability Management
* Drive the development of threat management, threat modelling, and identification of new threat vectors.
* Maintain up‑to‑date awareness of cyber threat intelligence and emerging attack vectors, always evaluating the materiality of the threat.
* Liaise with industry experts and update strategy in line with the threat landscape.
* Lead a threat‑led, risk‑based vulnerability management programme, ensuring timely remediation in collaboration with IT.
* Own insider threat and data loss prevention (DLP) initiatives.
* Lead the emergency patching vulnerability management programme ensuring threat‑led and risk‑based prioritisation, along with collaboration with IT for timely remediation.
* Own and manage key security controls ensuring they are deployed, tuned, and monitored effectively across cloud and on‑premise assets, along with managing the vendors that are responsible for supporting the Group.
Team Leadership & Performance
* Lead a high‑performing team of cyber and project professionals, driving strategy, innovation, and continuous improvement across protection capabilities including SOC, Security Engineering, Technical Assurance and Vulnerability Management.
* Manage team performance and cost base, making informed financial decisions and supporting portfolio‑level investment planning.
* Provide technical leadership and act as a subject matter expert on information security best practices.
Collaboration & Stakeholder Engagement
* Collaborate across the GCS Leadership Team and with cross‑functional stakeholders.
* Work with Head of Manufacturing / OT security to align security operations elements in manufacturing.
* Collaborate with cross‑functional stakeholders to assess and mitigate risk, while maintaining a forward‑looking roadmap for cyber capabilities.
Experience, Knowledge, Skills & Attributes
Essential
* A certification such as CISSP CISM, GIAC, or equivalent. University Degree qualified in an engineering discipline ideally with Cyber Security Engineering, Computer Science, Information Technology, or Computer and Electronics engineering.
* Prior experience of building security teams and a global delivery operations support model.
* Demonstrable experience of building and running a technical assurance function.
* Demonstrable knowledge of industry standards such as NIST and ISO27001. Knowledge of relevant regulations such as GDPR, NIS2, and EU AI.
* Exceptional analytical and decision‑making abilities during BAU and incidents.
* Experience in leading cybersecurity incidents, implementing response procedures, and driving continuous improvements, and optimising security tools and technologies to enhance operational efficiency.
* Hands‑on experience in threat detection and prevention, including expertise in SIEM, EDR, firewall management, or similar security technologies.
* Ability to build relationships and engage with all levels of management, communicating complex technical issues to a range of audiences.
* Experience of managing service level agreements, commercial engagements, and supporting procurement with contract negotiations.
* Demonstrable experience in designing, enhancing, and implementing security processes and policies.
* Strong project management and leadership skills with the ability to prioritise both operational and project demands.
Desirable
* Experience of operating within federated environments or within an IT Service Management Provider / Consultancy
* Experience managing external supplier relationships to secure the best value and service
#J-18808-Ljbffr