Ciso jobs in LondonCreate job alerts

The Security Administrator, Access Management & Governance / IAM forms a key role within the Security Administration, Governance Risk & Compliance IAM Team supporting the identity & access management function, secondarily supporting the GRC team and the CISO in delivery of high quality governance r

Chief Information Security Officer- Interim-CISO-. Chief Information Security Officer- Interim-CISO. Chief Information Security Officer- Interim-CISO.

Head of Cyber Security / CISO-level leader.

Security Team , reporting to the. Chief Information Security Officer (CISO). Do you have the defence security expertise and leadership skills to deliver UK GovS 007 compliance in a maritime defence environment? This is a permanent, site-based leadership role within the.

A leading technology firm based in London is in search of a strategic security leader to develop their security program. The position allows for remote work, emphasizing the need to foster a strong culture of security awareness across the organization. This vital role requires expertise in risk mana

Bringing your experience of understanding secure SDLC processes, including concepts of DevSecOps and security testing automation, you will report directly into the CISO, building the Security Architecture and Engineering capability into a world-class team, working on the cutting edge of technology.

We are seeking a high-calibre EUC Solutions Architect (Slack & Google Workspace) to join a major, multi-year transformation programme for a Tier-1 Global Bank. This role is at the heart of a strategic modernisation initiative, focusing on collaboration tool resilience and complex carve-out/separation scenarios . As the Lead for the collaboration ecosystem, you will sit at the intersection of technology strategy and programme delivery, ensuring the bank maintains a secure, compliant, and scalable posture while transitioning platforms. Key Responsibilities Architectural Governance: Serve as the Lead Solutions Architect for all matters related to Google Workspace , Slack Enterprise Grid , and associated integration ecosystems (Identity, Security, Messaging). Solution Design: Define future-state collaboration architectures aligned to transformation objectives and enterprise banking standards. Discovery & Analysis: Lead technical workshops with CISO, Engineering, and Risk partners to translate business requirements into robust architectural artefacts. Integration Patterns: Design complex integration patterns between Slack, Google, and core banking systems (IAM, DLP, Monitoring, and Workflow automation). Carve-out Strategy: Provide hands-on guidance for Slack Enterprise Grid configurations and Google sharing controls specifically for divestiture and separation activities. Essential Experience & Technical Stack EUC / Collaboration Architecture: Proven track record of designing and governing large-scale workplace solutions within highly regulated environments (Banking/FS). Slack Enterprise Grid: Deep expertise in EKM (Enterprise Key Management), user provisioning, DLP, eDiscovery, and retention compliance. Google Workspace: Comprehensive knowledge of Gmail, Drive, Shared Drives, and Admin Console governance. Security & Identity: Strong understanding of SAML/OAuth , event frameworks, and API-based automation. Programme Experience: Experience working on 'Carve-outs' or complex platform migrations is essential. Desirable Qualifications Slack Certified Admin or Consultant. Google Workspace Admin or Technology certifications. Architectural Frameworks (TOGAF / Zachman). Experience with the wider ecosystem (Atlassian, O365, etc.). TPBN1_UKTJ

We’re working with a leading London-based Managed Service Provider (MSP) and Cyber Security specialist, recognised as one of the UK’s top SME employers in both technology and overall workplace excellence. With strong partnerships across Microsoft technologies and a growing cyber security function, this organisation delivers tailored solutions to help clients improve performance, reduce risk and strengthen their security posture. This is a fantastic opportunity to join a high-performing and collaborative cyber team, with clear progression and funded certifications to support your career growth. The Role We’re looking for a Project Delivery Engineer (Cyber Security) to join an expanding Cyber Security Projects team. In this role, you’ll focus on the deployment and delivery of security solutions for a wide range of clients, while also supporting cyber assessments and audit activities. You’ll collaborate closely with the wider security team (SOC, Analysts, Assessors) and play a key role in delivering high-quality, client-facing security projects. Key Responsibilities • Deploy and configure Microsoft security solutions (XDR, SIEM, EDR), • Deliver cyber security project work packages for clients, • Support vulnerability remediation and security improvements, • Act as an escalation point for security incidents and alerts, • Assist with Microsoft 365 and cloud security assessments, • Contribute to security reporting, analytics, and documentation, • Support Cyber Essentials / Cyber Essentials Plus assessments, • Assist with client onboarding onto security platforms, • Work closely with the CISO on technical and pre-sales activities, • Provide a professional, client-focused service at all times Technical Requirements • Experience deploying Microsoft Security solutions, • Strong knowledge of:, • Microsoft Defender XDR, • Microsoft Defender for Endpoint / Office 365, • Exposure to Microsoft 365 security from a threat perspective, • Experience with tools such as:, • SentinelOne (EDR), • Tenable (vulnerability management), • Mimecast / Egress (email security) Experience Required • Minimum 2+ years in a similar cyber/security engineering role, • MSP experience highly desirable Certifications (One Required) • SC-200 (Security Operations Analyst), • SC-300 (Identity & Access Administrator) Personal Skills • Strong communication and client-facing ability, • Highly motivated with a proactive attitude, • Strong attention to detail, • Ability to work under pressure and manage multiple tasks, • Flexible and team-oriented mindset What’s on Offer Hybrid working (3 days in the office), fully funded training and certifications, clear progression within a growing cyber security team, gym membership and wellbeing benefits, cycle to work scheme, regular team and social events, supportive, high-performing team culture

Lynx are looking for a Cloud Security & Governance Engineer who can design, automate, and enforce cloud controls at scale. If you enjoy building policy-as-code frameworks, enabling shift-left security, and strengthening cloud governance across complex environments, this role is for you. The Role Youll own the design and implementation of organization-wide cloud controls across AWS and Azure. Youll work closely with DevOps, Security, Risk, and Compliance teams to embed secure-by-default practices and ensure continuous adherence to security and regulatory requirements. This is a hands-on engineering role where youll build automation, develop policy frameworks, and help teams remediate issues efficiently. Key Responsibilities Design, implement, and manage organization-wide cloud controls using Azure Policies, AWS Organizations, SCPs, Config Rules, and Cloud Custodian Architect and enforce Zero Trust and least-privilege models (RBAC, PBAC), region restrictions, and platform security controls Collaborate with DevOps/Cybersecurity teams to resolve non-compliant cloud resources Monitor control effectiveness and drive continuous improvement of cloud governance Provide technical leadership and mentor teams on cloud policy best practices Work with risk, compliance, and audit teams to produce control evidence Implement and manage CNAP policies using Wiz for posture assessment and remediation Embed security early by integrating vulnerability scanning, IaC policy enforcement, and compliance checks into GitLab CI/CD Develop policy-as-code frameworks using OPA/Rego to prevent misconfigurations pre-deployment Integrate security controls into Terraform and other IaC workflows Champion shift-left practicesenabling developers to self-remediate issues during build and coding stages Build SOAR playbooks to automate response and remediation workflows Experience Requirements 3+ years in Cybersecurity and CNAP-focused roles Deep AWS security expertise: IAM, Organizations, SCPs, cloud security architecture Hands-on experience with Cloud Custodian or similar policy automation tools Proficiency with Terraform or AWS CloudFormation Strong understanding of cloud compliance frameworks (CIS, NIST, ISO, etc.) Expertise in OPA/Rego for policy-as-code Experience with Wiz CNAP for cloud security posture management Advanced Python scripting for automation and remediation workflows Experience driving DevSecOps automation and shift-left security adoption Strong collaboration skills across engineering and CISO/leadership teams TPBN1_UKTJ

The Role Group Cyber Security Overview The Group Cyber Security team are responsible for ensuring that the cyber risk is managed appropriately across the Group. The cyber strategy has been updated and there is a renewed focus recognising that cyber security needs to be part of the Groups culture and DNA. The Group operates a highly federated business model. The cyber strategy has considered the most effective way to build improved cyber capabilities while supporting the effectiveness of this operating model. It’s an exciting time to join the Group Cyber Security team – a time of significant investment. With the adoption of the new strategy, Group Cyber Security will be responsible for setting the cyber standard and measuring compliance to this standard for all businesses within the Group. A multi-year transformation programme has been established to build improved cyber capabilities. This is a diverse programme touching all areas of cyber security. This permanent role will play a key part in shaping and supporting the delivery of the transformation programme, before assuming responsibility for embedding, operating, and continually improving the new initiatives as they transition into business‑as‑usual Role Summary As the strategic architect of Manufacturing and OT cyber security future, the Head of Manufacturing and OT Security develops and owns the OT cyber security strategy, shaping a resilient, forward-thinking environment where operational technology and manufacturing plants are safeguarded against evolving threats. Reporting into the Group CISO, this role sets the strategic vision, defines the security technology roadmap, and establishes robust controls and governance frameworks that empower every division to operate securely and resiliently. By partnering with divisions to drive risk reduction and security improvements and championing regulatory excellence and continuous improvement, this leader will deliver step-change transformation across the global Manufacturing/OT landscape. Through dynamic collaboration, expert guidance, and charismatic leadership, the Head of Manufacturing and OT Security will inspire teams and stakeholders to elevate security awareness, respond decisively to incidents, and build a legacy of operational resilience that enables the Group to thrive in a rapidly changing digital world. Role Responsibilities/Accountabilities Key Responsibilities: 1. Manufacturing / OT Security Assurance and Culture • Develop and own the costed Manufacturing and OT cyber security strategy, laying out the vision for Manufacturing and OT resilience and improving the operational resilience of plants from cyber-attacks. • Define the technology roadmap for Manufacturing and OT security, ensuring alignment with business objectives and transformation goals. • Define and uphold standard controls and architecture blueprints for Manufacturing/OT security. • Define, develop, and continuously improve the Manufacturing/OT security operating model, including sourcing appropriate support services. • Manage and assure regulatory compliance with respect to Manufacturing/OT Cyber Security and coordinate the submission of NIS2 requirements, leveraging the GRC and Technical Assurance teams. • Maintain a register of Manufacturing/OT projects relevant to Manufacturing/OT security and assure that security processes are followed and reviewed with system owners. • Establish and run appropriate governance boards for OT and Manufacturing cyber security. • Champion Manufacturing/OT Security Governance within the business area, including risk management, internal governance boards, compliance frameworks, and supply chain. • Champion education and awareness about Manufacturing/OT cyber risks. • Support and champion the Manufacturing/OT step change improvements that are delivered through the GCS Transformation programme. • Collaborate across verticals with the GCS Leadership Team. 2. Risk Management • Coordinate and assure delivery of Manufacturing/OT cyber security risk reduction activities, providing assurance to manufacturing security owners that risks are effectively managed. • Review risk assessments for security concerns to ensure quality and identify common gaps. • Partner with divisions to drive risk reduction and security improvements. • Assure Manufacturing/OT security vulnerability intelligence is reviewed, with appropriate responses communicated to stakeholders. 3. Third Party Management • Ensure relationships with Manufacturing and OT third-party suppliers are managed, with secure connectivity, alignment with the Group security standards, and appropriate risk management in coordination with System Owners. • Enable third-party risk and assurance, including supplier assessments, contractual compliance, and secure third-party connectivity. 4. Incident Response • Assuring Manufacturing/OT Security Incident Response plans are in place and tested, and the appropriate business division representatives are included in Manufacturing/OT Incident Response Teams. • Be a key member of the Cyber Incident Management Team, assisting in coordination for incident response and ensuring Manufacturing/OT incident response plans are in place, tested, and inclusive of relevant business/division representatives. 5. Awareness, Training & Leadership • Raise awareness of Manufacturing/OT security risks and partner with divisions to provide training and build a culture of security. • Champion education and awareness about Manufacturing/OT cyber risks across the group. • Lead and manage the Manufacturing/OT security team, setting clear objectives and fostering a culture of continuous improvement. • Act as a subject matter expert (SME) and trusted advisor to system owners, divisions, and senior stakeholders. • Demonstrate charismatic, all-round leadership to drive change and inspire teams. Experience, Knowledge, Skills & Attributes • 7+ years’ experience in Manufacturing/OT cyber security within a large, complex organisation. • Deep understanding of OT environments (SCADA, ICS, PLCs, DCS), securing industrial control systems and critical infrastructure, knowledge of OT-specific protocols (Modbus, OPC, DNP3, etc.) and risk assessment and threat modelling for OT systems. • Strong knowledge of cyber security frameworks (ISO 27001, NIST, CIS Controls) and OT security standards such as IEC62443 and NIST 800-82. • Expertise in relevant regulatory compliance such as NIS2 and H&S regulations. • Proven experience developing and implementing enterprise-wide cyber risk management processes. • Professional certifications such as CISSP, CISM, GICSP or ISA/IEC 62443 certificates. • Excellent leadership, communication, and influencing skills. • Excellent collaboration skills with cross-functional teams. • Ability to drive cultural change and embed security awareness. Desirable • Experience operating within a federated business model

The Role Role Summary As the strategic architect of the Group’s security services, the Head of Security Services shapes and delivers a unified vision for cyber security across a global, federated enterprise and 85+ businesses grouped into 10 divisions. Reporting into the Group Chief Information Security Officer (CISO), this leader is responsible for overseeing day-to-day operational cyber security capabilities, ensuring robust, efficient, and coordinated first and second line security operations that protect the Group’s people, systems, and data from cyber-attacks. By setting the direction for security services, championing the adoption of centralised capabilities, and driving continuous innovation, this role ensures that the security operations are robust, adaptive, and future-ready. With oversight of daily technical security functions and a relentless focus on operational excellence, the Head of Security Services builds and empowers high-performing teams to deliver 24/7 threat detection, rapid incident response, and proactive risk management. This includes ownership of security controls, security testing, tech assurance and vulnerability and threat management, and incident response across the organisation. Collaboration is at the heart of this position. By working across the GCS Leadership Team, with business and technology stakeholders, and with industry experts to align strategy, share intelligence, and drive a single, cohesive approach to security services, this leader ensures the Group not only meets but sets the benchmark for security services in a dynamic digital world. Role Responsibilities/Accountabilities Key Responsibilities: Strategic Leadership & Vision • Establish a costed strategic vision for security services across the Group’s global, federated enterprise. • Evangelist for adoption of central services and drives alignment to a single security services vision. • Define, maintain, and regularly review the security services service catalogue and SLAs, clearly articulating what “good” looks like. • Integrates AI and modernises security operations using latest technologies. • Ensure security operations support organisational resilience and disaster recovery objectives. • Collaborate across verticals with the GCS Leadership Team. Operations & Service Delivery • Oversee daily operations of technical security functions, working collaboratively with the SOCs to provide 24/7 visibility and threat detection ensuring services are resilient, risk-aware, and aligned with business needs. • Regularly review and modernise SOC processes, technologies, and talent. • Partner with MSSPs and build solid vendor relationships to deliver the security strategy. • Define and collect metrics/KPIs, regularly reporting to leadership on SOC events/incidents and overall effectiveness. • Review metrics at a group level and adjust services strategy accordingly. • Management of the security technology stack and continuous improvement of services. Incident Response & Threat Management • Serve as incident commander (including on-call), leading cyber incident response activities. • Lead on cyber incident response activities and contributing to incident management activities by advising on incident identification, assessment, classification, escalation, investigation, mitigation, monitoring and reporting to help ensure cyber incidents are managed in a timely and effectively manner to limit impact. • Drive the development of threat management, threat modelling and identification of new threat vectors by keeping up to date with industry activity and methodology, to help ensure key assets are protected. • Lead threat hunts to proactively discover potential compromises. • Lead and coordinate red teaming, penetration testing, and exercising to assess and enhance the quality of services delivered by SOCs. • Red/purple teaming to ensure standard of services—testing quality of services delivered by various SOCs. • Exercise incident response capabilities. Threat Intelligence & Tech Assurance and Vulnerability Management • Drive the development of threat management, threat modelling, and identification of new threat vectors. • Maintain up-to-date awareness of cyber threat intelligence and emerging attack vectors, always evaluating the materiality of the threat. • Liaise with industry experts and update strategy in line with the threat landscape. • Lead a threat-led, risk-based vulnerability management programme, ensuring timely remediation in collaboration with IT. • Own insider threat and data loss prevention (DLP) initiatives. • Lead the emergency patching vulnerability management programme ensuring threat-led and risk-based prioritisation, along with collaboration with IT for timely remediation. • Own and manage key security controls ensuring they are deployed, tuned, and monitored effectively across cloud and on-premise assets, along with managing the vendors that are responsible for supporting the Group. Team Leadership & Performance • Lead a high-performing team of cyber and project professionals, driving strategy, innovation, and continuous improvement across protection capabilities including SOC, Security Engineering, Technical Assurance and Vulnerability Management. • Manage team performance and cost base, making informed financial decisions and supporting portfolio-level investment planning. • Provide technical leadership and act as a subject matter expert on information security best practices. Collaboration & Stakeholder Engagement • Collaborate across the GCS Leadership Team and with cross-functional stakeholders. • Work with Head of Manufacturing / OT security to align security operations elements in manufacturing. • Collaborate with cross-functional stakeholders to assess and mitigate risk, while maintaining a forward-looking roadmap for cyber capabilities. Experience, Knowledge, Skills & Attributes Essential • A certification such as CISSP CISM, GIAC, or equivalent. University Degree qualified in an engineering discipline ideally with Cyber Security Engineering, Computer Science, Information Technology, or Computer and Electronics engineering. • Prior experience of building security teams and a global delivery operations support model. • Demonstrable experience of building and running a technical assurance function. • Demonstrable knowledge of industry standards such as NIST and ISO27001. Knowledge of relevant regulations such as GDPR, NIS2, and EU AI. • Exceptional analytical and decision-making abilities during BAU and incidents. • Experience in leading cybersecurity incidents, implementing response procedures, and driving continuous improvements, and optimising security tools and technologies to enhance operational efficiency. • Hands-on experience in threat detection and prevention, including expertise in SIEM, EDR, firewall management, or similar security technologies. • Ability to build relationships and engage with all levels of management, communicating complex technical issues to a range of audiences. • Experience of managing service level agreements, commercial engagements, and supporting procurement with contract negotiations. • Demonstrable experience in designing, enhancing, and implementing security processes and policies. • Strong project management and leadership skills with the ability to prioritise both operational and project demands. Desirable • Experience of operating within federated environments or within an IT Service Management Provider / Consultancy • Experience managing external supplier relationships to secure the best value and service

The Role Group Cyber Security Overview The Group Cyber Security team are responsible for ensuring that the cyber risk is managed appropriately across the Group. The cyber strategy has been updated and there is a renewed focus recognising that cyber security needs to be part of the Groups culture and DNA. The Group operates a highly federated business model. The cyber strategy has considered the most effective way to build improved cyber capabilities while supporting the effectiveness of this operating model. It’s an exciting time to join the Group Cyber Security team – a time of significant investment. With the adoption of the new strategy, Group Cyber Security will be responsible for setting the cyber standard and measuring compliance to this standard for all businesses within the Group. A multi-year transformation programme has been established to build improved cyber capabilities. This is a diverse programme touching all areas of cyber security. This permanent role will play a key part in shaping and supporting the delivery of the transformation programme, before assuming responsibility for embedding, operating, and continually improving the new initiatives as they transition into business‑as‑usual Role Summary The Head of Cyber Security Governance, Risk & Compliance (GRC) serves as the driving force behind the Groups vision for world-class cyber resilience and is accountable for defining and advancing the enterprise cyber risk and assurance strategy. This role champions a culture of proactive risk management, robust governance, and unwavering compliance, ensuring that the Group not only meets, but sets the standard for information security across a complex, global business landscape. Through the cultivation of strong partnerships across divisions and leadership, the Head of GRC empowers the organisation to anticipate emerging threats, adapt to regulatory change, and embed security at the core of every decision, enabling the Group to achieve its objectives securely in a rapidly evolving digital world. Role Responsibilities/Accountabilities Key Responsibilities: 1. Governance • Define and maintain the cyber security governance framework, policies, and standards. • Lead the liaison with divisional GRC roles, supporting the development and maintenance of the GRC operating model and framework. • Ensure alignment with the Cyber Standard and global regulatory requirements (e.g., NIS2, GDPR). • Provide direction on cyber security tooling relating to governance and assurance objectives. • Collaborate with the Technical Assurance team to define and implement metrics and reporting standards for divisions. • Chair governance forums and provide regular reporting to senior leadership and audit committees. • Plan, coordinate and facilitate Security Working Group (SWG) meetings. • Assist in the preparation of board papers and materials for annual reporting and Group level risk management. 2. Risk Management • Develop and implement enterprise-wide cyber risk management processes. • Lead risk quantification initiatives by implementing risk quantification methodologies and developing metrics to measure and communicate risk reduction. • Provide assurance that cyber risks are identified, assessed, and mitigated across all divisions. • Maintain and update risk registers, ensuring Group risks are accurately captured, assessed, and managed. • Conduct and oversee risk assessments at Group level in support of all divisions and business units. • Track and manage deviations from policy, including the documentation and approval of exceptions. • Conduct horizon scanning for regulatory changes and emerging cyber security requirements, ensuring the risk landscape is proactively managed. 3. Compliance & Assurance • Build and lead the non-automated second line assurance capability to monitor compliance to the Groups cyber standard. • Oversee readiness for internal audits and external regulatory reviews, liaising with internal audit and external bodies to support audit activities, address findings, and drive remediation. • Report monthly on GRC and assurance activities to senior management and divisional stakeholders. • Respond to ad-hoc reporting requests from divisions, business units, and senior management. 4. Third Party Security • Develop the strategy for third party cyber security. Deliver a step change in third party security capabilities through the Third Party Management workstream of the cyber transformation programme. • Manage cyber security third-party risk and assurance, at point of contract and through ongoing assurance. • Deliver a demonstrable and measurable reduction in third party cyber security risk. 5. Strategic Leadership • Lead the Group Cyber Security GRC function, establishing a robust second line of defence and embedding risk-based decision-making. • Provide strategic direction on GRC initiatives, ensuring continuous improvement and alignment with business objectives whilst supporting the delivery of the cyber transformation programme. • Act as a trusted advisor to the CISO and senior stakeholders on governance and compliance matters. • Influence organisational culture to embed security awareness and risk-based thinking. • Work in partnership and collaborate across verticals with the GCS Leadership Team. 6. Stakeholder Engagement • Collaborate with divisional GRC functions, BISOs, legal, finance, and operational teams to ensure integrated risk management. • Represent the Group in external forums and regulatory engagements. • Build and maintain trusted relationships with senior stakeholders, demonstrating a personable and collaborative approach. • Ensure positive engagement and communication with all internal and external stakeholders. Experience, Knowledge, Skills & Attributes Essential • 7+ yrs experience in governance, risk, and compliance within a large, complex organisation. • Strong knowledge of cyber security frameworks (ISO 27001, NIST, CIS Controls). • Expertise in regulatory compliance (GDPR, NIS2, SOX). • Excellent leadership, communication, and influencing skills. • Professional certifications such as CISSP, CISM, CRISC. • Proven experience developing and implementing enterprise-wide cyber risk management processes • Excellent collaboration skills with cross-functional teams • Strong relationship-building and communication skills, with a personable and credible approach Desirable • Experience in a federated business model. • Familiarity with risk quantification tools and methodologies. • Ability to drive cultural change and embed security awareness. • Experience building a strong relationship with internal audit. • Experience implementing an effective third party security risk management service

The Role Role Summary The Group are transforming the way in which the cyber security risk is managed across the group. A new cyber strategy has been agreed; there is a short-term focus on security hygiene and resilience while a multi-year transformation programme is initiated to introduce new and make improvements to existing cyber capabilities and services. The Cyber Security Culture Manager will be the driving force behind a mission to create a security-first mindset across a global, diverse organisation. This role sets the vision for cyber security culture, embedding security as a core value and shaping behaviours that protect people, processes, and assets. By defining clear goals and delivery roadmap for cultural maturity, it ensures alignment with business objectives, regulatory requirements, and industry best practice. Reporting to the CISO, this role builds strong relationships with senior leaders and advocates across Group’s divisions, influencing change and creating a unified security posture. Acting as a cultural leader, the role champions continuous improvement, leveraging data-driven insights to strengthen security behaviours and reduce human risk. It fosters collaboration across security teams and business units, enhancing engagement and building a high-performing, values-driven environment. Through compelling communications and thought leadership, the role amplifies the voice of the CISO and ensures security messaging resonates at every level of the organisation. Success in this role means delivering measurable improvements in security culture—where secure choices are intuitive, risk is reduced at scale, and every colleague feels empowered to navigate cyber threats confidently. This is a unique opportunity to shape the future of security culture and leave a lasting impact on the resilience of a global enterprise. Role Responsibilities/Accountabilities Key Responsibilities: Set the Strategic Vision for Security Culture • Define and own the long-term strategy for cyber security culture, ensuring alignment with business objectives, regulatory requirements, and industry best practice., • Establish a clear roadmap for cultural maturity and embed security as a core value. Drive Continuous Improvement of Security Culture • Monitor and assess cultural maturity through surveys, KPIs, and behavioural metrics., • Identify gaps and implement initiatives that strengthen security behaviours and reduce human risk., • Champion best practices and foster collaboration between security teams and business units. Enhance the Culture of Security Teams • Promote a high-performing, collaborative, and values-driven environment within and across the security teams., • Develop initiatives that improve team engagement, communication, and alignment with the security vision., • Act as a role model for cultural leadership within the security function, • Plan, coordinate and facilitate Group Cyber Security (GCS) team meetings. Create and Curate Strategic Content on Behalf of the CISO • Develop high-quality, impactful content for internal audiences, including executive communications, presentations, and thought leadership pieces., • Ensure messaging reflects the Groups security vision, priorities, and cultural objectives., • Collaborate with corporate communications to maintain consistency and clarity in all security-related messaging. Collaborate with the Global Cyber Security • Partner with Global Cyber Security peers to ensure cultural initiatives complement technical controls, risk frameworks, and strategic priorities., • Work closely with the Cyber Transformation Programme and BTS to deploy phishing simulation campaigns and implement tools that uplift cyber culture., • Align cultural objectives with broader security programmes to deliver a unified and effective security posture. Stakeholder Engagement and Advocacy • Build strong relationships with senior leaders, divisional business units, and functional teams to influence and embed security culture., • Represent the Group in relevant forums, working groups, and industry networks to share insights and adopt best practices. Measurement and Reporting • Define KPIs and success metrics for cultural initiatives and report progress to the CISO and senior leadership. Use data-driven insights to refine strategies and demonstrate measurable improvements in security culture. Experience, Knowledge, Skills & Attributes Essential • Proven experience in cyber security awareness, culture, or behavioural change programs within a large, complex organisation., • Proven track record of working with senior partners to deliver metrics and reporting and progress updates., • Strong understanding of human risk factors and security best practices., • Excellent written, presentation and verbal skills with fluent English (written and verbal)., • Articulate and effective communicator across a range of formats, able to convey complex topics with ease to a variety of audiences and persuade others of the importance of security., • Build excellent relationships, credibility and influence easily with people at different levels, working to persuade them of the need to work with security in-mind. Desirable • Experience of working in a federated environment., • Experience of operating security standards / frameworks such as ISO27001, NIST 800-53, NIS2., • Experience and involvement with major Cyber Security transformation projects or programmes

£900/day | Inside IR35 | SC Cleared | London/Manchester/Bristol (Hybrid) | 3 months We're supporting a government department seeking an experienced Head of Cyber Security / CISO‑level leader for a short paternity cover assignment. You'll provide senior cyber leadership, risk oversight, and continuity across several key initiatives. Key Responsibilities Provide senior leadership at Head of Cyber/CISO level. Oversee risk management, PAWS and PAM environments. Support security automation/orchestration and dependency management work. Assist with the department's transition. Essential Requirements Active SC clearance CCP, ISO 27001, C‑Risk qualifications. Prior experience as Head of Cyber or CISO. Technical understanding of PAWS, PAM, security automation, and risk. If you're an established cyber leader who can step in quickly and provide immediate stability, we'd love to hear from you...