Global Cyber Security and Compliance Director in London

About Kent

We are a future‑focused company in the energy sector committed to responsible energy solutions. Our core beliefs include playing big, embracing emotional agility, driving performance, and infinite thinking. We celebrate diversity, inclusion, belonging, and offer flexible working arrangements and supportive employee networks.

About the job

Global IT Security and Compliance Director – responsible for developing, implementing, and monitoring a strategic, comprehensive enterprise cybersecurity and IT risk management program. The role provides vision and leadership to manage risk to Kent and ensures business alignment, effective governance, system integrity, and confidentiality. Reports directly to the Chief Digital and Information Officer and focuses on governance, risk, and compliance across the organization.

Responsibilities

• Act as a strategic partner to digital, engineering, and delivery leaders to enable secure innovation while managing enterprise, technology, and operational risk.
• Establish cyber strategy and roadmap.
• Maintain governance and compliance standards.
• Conduct risk assessments to identify vulnerabilities internally and in third‑party vendor or supplier products.
• Create, maintain, communicate, and enforce information security policies.
• Advise executive leadership on risk management – mitigation, reduction, transfer, exceptions, residual risk analysis.
• Work with technical teams to ensure adequate cyber protection.
• Measure and drive maturity improvements, adoption, and create security roadmaps.
• Chair Kent’s security council.
• Represent as a forward‑thinking leader on secure adoption of new application and AI technologies.
• Support the CDIO and external advisory consultancy on executing the Information & Cyber Security strategy.
• Develop and own overall security strategy.
• Own and manage the process for Incident Detection, Containment, Analysis, and Response.
• Evaluate new cybersecurity threats, IT trends, and develop effective controls.
• Oversee security awareness program development.
• Evaluate potential security breaches, coordinate response, and recommend corrective actions.
• Define and report on information security metrics.
• Review technology architectures and ensure alignment with security best practices.
• Provide governance for the secure and responsible adoption of AI technologies, ensuring data privacy, model risk, ethics, and regulatory compliance.
• Oversee security governance for engineering platforms, automation tools, and integrations, ensuring appropriate controls, access management, and resilience.
• Ensure secure application development practices are embedded across the software development lifecycle and modern DevOps delivery models.
• Maintain current knowledge of industry and regulatory trends and developments.
• Develop and oversee disaster recovery and BCP policies and standards.
• Develop, implement and maintain a monthly security risk reporting framework.
• Design technical, administrative, and physical controls to ensure compliance with regulatory obligations.
• Prepare for and facilitate external audit examinations.
• Create and manage an information security program.
• Identify, analyze, evaluate, and document information security risks and controls.
• Conduct security risk assessments of planned and installed systems; recommend controls to mitigate risks.
• Communicate risk findings and actionable recommendations.
• Support workforce security activities – culture, awareness, and training.
• Collect evidence to support investigations of security or policy violations.
• Analyze security incidents in collaboration with stakeholders.
• Coordinate remediation and awareness training.
• Research, recommend, and contribute to information security policies, standards, and procedures.
• Support lifecycle management of information security policies and documents.
• Collaborate to implement policies across the organization.
• Perform third‑party supplier risk assessments and manage supply chain risk throughout the lifecycle.
• Assess and report on risks and benefits for the business and supplier compliance mandates.
• Articulate assessment results to business stakeholders, sponsors, and internal parties.
• Review information security sections within supplier and client contracts, identify gaps, and recommend security and data privacy content to close gaps.
• Additional ad‑hoc tasks as required by the supervisor or management within reasonable scope.

Skills, qualifications and experience

• Bachelor’s degree in Computer Science, Information Technology, Systems Security or related field; Master’s preferred.
• Minimum 10 years of experience in a related role within the past 12 years.
• Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP).
• Knowledge of ITIL, including security administration and information technology governance in a multi‑platform environment.
• Experience establishing cybersecurity and risk metrics for reporting.
• Strong emotional intelligence and proven leadership in a large, multi‑stakeholder organization.
• Demonstrated management skills in policy development, implementation, personnel administration, staff training, and development.
• Knowledge of energy‑sector security requirements and regulations.
• Emergency, health, safety, sustainability, environment, and quality (HSSEQ) knowledge and compliance with company rules.

Benefits & working conditions

• Location: UK based – must be a current resident.
• Relocation required: No.
• Travel required: Yes.
• Contract type: Permanent.
• Experience level: 10+ years.

As an Equal Opportunities Employer, we value applications from all backgrounds, cultures, and abilities. We are a disability‑friendly employer and can make adjustments to support you during the recruitment process.