Chief Information Security Officer Director in Leatherhead

KBR is seeking a Chief Information Security Officer Director to provide enterprise leadership for corporate cybersecurity and information protection. This role will define and execute KBR’s global corporate information security strategy, safeguarding corporate systems, data, intellectual property, and digital platforms while enabling secure business growth and transformation. This Chief Information Security Officer Director will focus on corporate IT and shared services environments, including cloud platforms, SaaS applications, enterprise systems, and workforce technologies. The role operates as a trusted advisor to executive leadership, partnering across functions to manage cyber risk and strengthen enterprise resilience. Ability and willingness to travel internationally as required (approximately 10–20%).

Responsibilities

• Define, lead, and execute KBR’s information security strategy, operating model, and multiyear roadmap aligned with enterprise objectives.
• Serve as the enterprise authority on cyber risk, threat posture, and resilience, advising executive leadership on risk-based decision making.
• Establish and maintain corporate information security policies, standards, and governance aligned to frameworks such as NIST CSF, ISO 27001, SOX ITGCs, GDPR, Australia and UK data protection requirements.
• Oversee enterprise-wide risk management and compliance:
• Conduct regular risk and information security assessments to identify security vulnerabilities and threats, both internal and external.
• Develop and implement risk mitigation strategies and security controls to reduce and manage identified risks.
• Monitor compliance with applicable laws, regulations, and contractual obligations related to information security.
• Lead incident response and breach management, including executive communications, regulatory coordination, and post-incident remediation.
• Partner with IT and Digital teams to embed secure by design practices into cloud adoption, enterprise applications (ERP, HRIS, CRM), data platforms, and automation initiatives.
• Oversee third party and supplier cyber risk management for vendors and technology partners.
• Support enterprise initiatives including M&A, divestitures, and system integrations from a cybersecurity and risk perspective.
• Build, lead, and develop a high performing global information security organization.
• Drive enterprise-wide security awareness, training, and accountability to strengthen KBR’s cyber culture.
• Collaborate across regions and functions in alignment with KBR’s team of teams operating model.

Qualifications

• Bachelor’s degree in computer science, information security, engineering, or a related field.
• Progressive professional experience in information security, IT risk, or technology leadership.
• Proven ability leading enterprise or cybersecurity programs in a global organization.
• Expertise securing IT environments, including cloud, SaaS, identity, and enterprise applications.
• Executive level communication skills with the ability to translate technical risk into business impact.
• Professional certifications preferably CISSP, CISM, or CRISC.

Preferred Qualifications

• Master’s degree or MBA.
• Proficiency supporting public company environments, including SOX and internal audit collaboration.
• Competency leading information protection initiatives and building security culture in an international organization.
• Cloud security expertise (AWS, Azure, or similar platforms).
• Demonstrated capacity in supporting large scale digital transformation or enterprise modernization initiatives.
• Proven success operating within a matrixed, multinational organization.
• Effective leadership presence with the ability to influence.