Head of Cyber Security Delivery

The Head of Cyber Delivery is accountable for defining, mobilising and executing the Cyber Security change portfolio in alignment with the organisation’s cyber strategy. Operating within the Cyber Security Leadership Team and reporting directly to the CISO, the role ensures that strategic cyber objectives are translated into structured, governed and measurable programmes of delivery across a complex, highly regulated Critical National Infrastructure (CNI) environment. The role leads a team of Project Managers and provides functional oversight to multidisciplinary technical delivery teams responsible for implementing secure technology capabilities, resilience improvements and regulatory control enhancements across the Heathrow cyber estate. This position operates at the intersection of Cyber Security, Enterprise IT, Operational Technology (OT), and Business Leadership, ensuring that cyber initiatives are aligned with enterprise risk appetite, regulatory obligations, and operational resilience priorities.

Responsibilities

• Translate the enterprise Cyber Security Strategy into an executable, prioritised and governed delivery roadmap.
• Lead and mature cyber programme and project delivery disciplines across the Cyber function.
• Ensure compliance with UK regulatory frameworks applicable to aviation and Critical National Infrastructure.
• Strengthen Heathrow’s cyber resilience posture in the context of evolving threat landscapes.
• Ensure cyber investment delivers measurable risk reduction and operational value aligned to business objectives.
• Lead a team of Cyber Project Managers responsible for delivering a portfolio of security transformation initiatives.
• Oversee large-scale change programmes spanning IT, OT and airport operational environments.
• Ensure delivery methodologies are appropriate for a regulated CNI context (e.g., hybrid agile/waterfall, structured assurance checkpoints).
• Manage interdependencies across technology, operational and regulatory workstreams.
• Ensure delivery outcomes are measurable in terms of risk reduction, control maturity and compliance uplift.
• Ensure cyber programmes support compliance with relevant regulatory regimes: UK aviation security frameworks, CNI requirements, Data protection legislation, National Cyber Security Centre guidance and ISO/IEC 27001.
• Act as a senior liaison with regulators and external assurance bodies where required.
• Build trusted relationships with Cyber Security leadership, CIO and senior IT leadership, Operational airport leadership, External partners and suppliers, Regulatory authorities.
• Provide strategic advisory input to business initiatives to ensure security is embedded by design.
• Develop and mature the Cyber Delivery function, embedding best-practice programme and portfolio management disciplines.
• Provide functional oversight to technical teams delivering cyber capabilities.
• Establish a performance culture focused on accountability, transparency and continuous improvement.
• Mentor and develop Cyber Project Managers and delivery leads.
• Own cyber delivery budget tracking, forecasting and benefits realisation management.
• Oversee supplier performance and contract delivery in conjunction with Commercial and Procurement teams.

Qualifications and Experience

Essential Experience

• Minimum 5 years’ experience in a senior cyber, technology or security delivery leadership role.
• Demonstrable experience leading large-scale transformation programmes in complex, highly regulated environments.
• Experience operating within Critical National Infrastructure sectors (e.g., aviation, transport, utilities, defence).
• Proven track record of delivering cyber security capabilities at enterprise scale.
• Experience engaging directly with executive stakeholders and regulators.
• Exposure to aviation sector environments and understanding of airport operational systems.

Essential Skills

• Strong portfolio and programme governance expertise (e.g., MSP, PRINCE2, SAFe or equivalent frameworks).
• Deep understanding of cyber risk management, threat landscapes and control frameworks.
• Ability to align cyber investment to quantified risk reduction and business outcomes.
• Executive-level communication and reporting capability.
• Advanced stakeholder management and influencing skills.
• Financial acumen including budget management and benefits realisation.
• Strong leadership capability across matrix and federated structures.

Desirable Skills

• Experience integrating IT and Operational Technology (OT) security programmes.
• Knowledge of aviation-specific regulatory environments.
• Familiarity with NIS Regulations and UK CNI oversight structures.
• Experience in crisis management or cyber incident recovery programmes.
• Exposure to cloud security transformation and identity modernisation initiatives.

Education and Professional Certifications

• Bachelor’s degree in Cyber Security, Information Security, Computer Science, Engineering or related discipline (or equivalent professional experience).
• Relevant certifications such as CISSP, CISM, CRISC, MSP / PRINCE2 Practitioner, PgMP or equivalent senior programme qualification (desirable).

Personal Attributes

• Strategic thinker with strong execution discipline.
• Credible and authoritative leader within technical and business environments.
• High integrity and resilience under pressure.
• Collaborative, transparent and outcome-driven.
• Comfortable operating in a highly visible, mission-critical national infrastructure setting.