Global Cyber Security and Compliance Director in London

Kent is looking for a Global IT Security and Compliance Director who will be responsible for developing, implementing, and monitoring a strategic, comprehensive enterprise cybersecurity and IT risk management program. The role will provide the vision and leadership necessary to manage the risk to Kent and ensure business alignment, effective governance, systems integrity, and confidentiality.

As a key leader of Kent’s CDIO office reporting directly to the Chief Digital and Information Officer, the Global IT Security and Compliance Director focuses on governance, risk and compliance aspects of security within the business. The role holder shall further develop and maintain information security policies and processes, ensure appropriate technical cyber defence is in place, and manage employee security awareness training. This role serves as a critical resource for employees and leaders regarding information security policy implementation, interpretation, and compliance. The role assesses and prioritises information security and cybersecurity risk across the organization, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics monthly and maturity models.

The role is responsible for reducing information security and cybersecurity risk to Kent by helping to prioritise and drive remediation efforts throughout the organization through the following:

• Acting as a strategic partner to digital, engineering, and delivery leaders to enable secure innovation while managing enterprise, technology, and operational risk.
• Establishing Cyber Strategy and roadmap.
• Establishing and maintaining governance and compliance standards.
• Conducting risk assessments to identify vulnerabilities internally and within vendor or third-party supplier products.
• Creating, maintaining, communicating, and enforcing information security policies.
• Advising CDIO and senior executive leadership on risk management, including risk mitigation, risk reduction, risk transfer, the risk exception process and residual risk analysis.
• Working with technical teams to ensure adequate cyber protection.
• Measuring and driving maturity improvements, adoption and creating security roadmaps.
• Chairing Kent’s security council.
• Representing as a futuristic leader on secure adoption of new application and AI technologies.

The role supports the CDIO and advisory external consultancy on the execution of the Information & Cyber Security Strategy.

Skills and Responsibilities:

Responsibilities:

• Develops and owns overall security strategy.
• Owns and manages process for Incident Detection, Containment, Analysis and Response.
• Evaluates new cybersecurity threats and IT trends and develops effective security controls.
• Oversees development of security awareness programs.
• Evaluates potential security breaches, coordinates response, and recommends corrective actions.
• Define and report on information security metrics.
• Review technology architectures and ensure alignment with security best practices.
• Provide governance and oversight for the secure and responsible adoption of AI technologies, including data privacy and protection, model risk, ethical considerations, and compliance with emerging regulatory expectations.
• Oversee security governance for engineering platforms, automation tools, and system integrations, ensuring appropriate controls, access management, and resilience aligned to Kent’s digital delivery model.
• Provide governance and oversight of secure application development practices, ensuring security is embedded across the full software development lifecycle and modern DevOps delivery models.
• Maintains current knowledge of industry and regulatory trends and developments for the enterprise technology.
• Develops and oversees effective disaster recovery and BCP policies and standards to align with company business continuity management program goals.
• Coordinates development of implementation plans and procedures to ensure business critical services are recovered in the event of disasters or other incidents, and provides direction, support and in-house consulting in these areas.
• Develops, implements and maintains a monthly security risk reporting framework for management teams and governance committees.
• Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that Kent meets both the requirements and intent of its regulatory and compliance obligations.
• Prepares for and facilitates external audit examinations. Works closely with external auditors and ensures requests are completed timely.
• Creates and manages an information security program.

Information Security Risk Assessment:

• Identifies, analyses, evaluates, and documents information security risks and controls based on established risk criteria.
• Conducts security risk assessments of planned and installed information systems to identify vulnerabilities and risks.
• Recommends controls to mitigate security risks identified via risk assessment process.
• Communicates risk findings and recommendations that are clear and actionable by business stakeholders.

Security Policy Management and Workforce Training and Awareness:

• Supports workforce security activities including culture, awareness, and training.
• Facilitates collection of evidence to support investigations of possible security or policy violations.
• Analyses information security incidents in collaboration with other stakeholders.
• Coordinates remediation and awareness training.
• Researches, recommends, and contributes to information security policies, standards, and procedures.
• Assists with the lifecycle management of information security policies and supporting documents.
• Works with other organisational participants to implement information security policies.

Third-party Supplier and Vendor Risk Management:

• Performs third-party supplier risk assessments to ensure supply chain risk is managed throughout the supplier’s lifecycle.
• Assesses and reports on risk and benefits for the business as well as mandates for supplier compliance.
• Articulates results of the final assessments to business stakeholders, project sponsors, program managers, and other internal parties.
• Assists with review of information security sections within supplier and client contracts, identifies gaps, and recommends security and data privacy content to close gaps.

Additional responsibilities may include ad-hoc tasks as needed or directed by the supervisor or management. These tasks will be within the reasonable scope of the employee’s skills and capabilities and will consider workload and professional development.

Your knowledge/skills, education, and experience:

Knowledge / Qualification / Training / Certification:

• Bachelor’s degree from an accredited institution, with degree preferred in Computer Science, Information Technology Systems Security or related field. Master’s degree preferred.

Communication:

• Excellent command of the English language in both oral and written communication and skills.

Behaviour / Core Competencies:

• Minimum of ten (10) years within the last twelve (12) years of experience in the field related to the title of the position.
• Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) Certification.
• Knowledge of Information Technology Infrastructure Library (ITIL) (certification preferred) with respect to security administration and information technology governance in a multiplatform environment.
• Experience in establishing cybersecurity and risk metrics for reporting.
• Strong Emotional Intelligence with demonstrated sustained leadership in a large organization involving multiple stakeholders.
• Demonstrated management skills, e.g. policy development and implementation, personnel administration, staff training and development; demonstrated ability to work with diverse people; effective oral and written communication skills.
• Knowledge of Energy sector security requirements and regulations.

HSSEQ:

The Employee shall observe the Health, Safety, Sustainability, Environment and Quality rules of the Company; its clients and the governing authorities of the host country.

Details about the role:

• Location: UK based - must be a current resident
• Relocation required: No
• Travel required: Yes
• Contract type: Permanent
• Experience level: 10+ years

As an Equal Opportunities Employer, we value applications from all backgrounds, cultures, and abilities. We’re a disability-friendly employer and can make adjustments to support you to perform at your best during the recruitment process.