Director, UK Security Risk & Governance (SIRO) in London

Location: United Kingdom (Hybrid / Flexible)

Security Clearance: Must be eligible for high-level UK security clearance

Overview

At DXC Technology, we deliver mission-critical IT services to some of the UK’s most secure and complex organisations across government, Defence, and regulated industries. We are looking for an exceptional Senior Information Risk Owner (SIRO) to lead information security risk across our UK business (~$1bn annual revenue). Reporting to the Group Operations Lead, this is a pivotal leadership role responsible for safeguarding DXC’s information assets, ensuring compliance with UK regulatory frameworks, and enabling secure growth across highly classified environments. This role will also act as a Security Control Officer, requiring a UK national with the ability to operate at the highest levels of trust with government, Defence, and international stakeholders.

Key Responsibilities

• Information Risk Leadership
  • Own and oversee information security risk across DXC UK, aligned to global security strategy.
  • Lead risk assessment and mitigation across government, Defence, and commercial portfolios.
  • Provide independent challenge and strategic guidance on decisions impacting information risk.
• Regulatory & Stakeholder Engagement
  • Act as a senior point of contact for customer SIROs, UK regulators and government agencies.
  • Represent DXC’s security posture externally, building trust and maintaining compliance.
  • Support business development activities, providing assurance on security and regulatory obligations.
• Defence Security & Classified Environments
  • Overseeing Defence security frameworks, accreditations, and cleared systems.
  • Managing risk reporting, incidents, and residual exposure.
  • Liaising with national authorities and defence bodies.
  • Sponsoring insider threat, FOCI risk, and security awareness initiatives.
• Governance & Compliance
  • Lead the UK Security Risk & Governance function, including:
  • Information security policy and assurance.
  • Compliance and audit readiness.
  • Vetting and personnel security programmes.
  • Security awareness initiatives.
  • Ensure compliance with GDPR, UK data legislation, and emerging AI regulations.
• Cyber Incident Leadership
  • Act as the UK lead for major cyber incidents (e.g. ransomware, data breaches, supply chain attacks).
  • Coordinate responses with regulators, law enforcement, and internal leadership.
• Third-Party & Supply Chain Risk
  • Oversee third-party and supply chain security risks, ensuring UK-specific exposures are identified and mitigated.
• Collaboration & Culture
  • Partner with CISO, Resilience, Protective Security, and Insider Threat teams.
  • Promote a strong security-first culture across the UK business.

Skills & Experience

Essential

• Extensive senior leadership experience in information security risk within complex, regulated environments.
• Proven experience supporting UK government, defence, or NATO customers at high classification levels.
• Strong understanding of UK, EU, and US regulatory frameworks, including cyber and data legislation.
• Demonstrated ability to influence and engage executive stakeholders and regulators.
• Track record of leading multi-disciplinary security teams (cyber, personnel security, governance).

Highly Desirable

• Qualified UK solicitor (15+ years PQE) with cyber or data specialisation.
• Experience as a UK Director within a US-listed organisation.
• Deep expertise in security-cleared environments and personnel risk management.

Key Attributes

• Decisive & Responsive – Able to act quickly and effectively in high-pressure situations.
• Strategic Thinker – Anticipates emerging threats and aligns security with business priorities.
• Collaborative Leader – Builds strong cross-functional partnerships.
• People-Focused – Develops high-performing teams and supports succession planning.
• Outcome-Driven – Balances attention to detail with delivery of impactful results.

Why Join DXC?

• Lead information security for a critical national-scale portfolio.
• Engage at the highest levels with government, defence, and global stakeholders.
• Shape the future of secure digital transformation in the UK.
• Be part of a collaborative, purpose-driven organisation that values innovation, trust, and people.

If you’re ready to take on a strategic leadership role at the forefront of UK information security, we’d love to hear from you.

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritises in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.