Director of Cyber Security in London

The Director of Cyber Security is a newly created role and is Landsec's most senior authority on cyber security.

Role Overview

This role holds end‑to‑end accountability for cyber security across the Group, providing strategic leadership, executive‑level guidance, and enterprise‑wide oversight. It shapes Landsec's long‑term cyber security strategy, uplifts organisational maturity, and ensures cyber risk is understood and well managed across all of our business areas.

You will engage directly with the Executive Committee, Board and Audit Committee, acting as their senior advisor on cyber risk, resilience and investment. You will lead an efficient team, supported by specialist partners, and will be responsible for optimising investment to achieve meaningful improvements in security outcomes.

Responsibilities

• Act as Landsec's most senior cyber security leader, providing authoritative direction and influencing decisions at executive and board level.
• Enhance, lead, and develop a high‑performing cyber security team, supported by strategic third‑party partners.
• Establish an effective operating model for cyber security, ensuring clear responsibilities and alignment with the wider business.
• Champion a group‑wide culture of cyber accountability, ensuring all functions understand and discharge their responsibilities across the three lines of defence.
• Manage the cyber security budget and ensure investment is prioritised in line with business risk and strategic goals.
• Develop and implement a long‑term, risk‑aligned cyber security strategy that supports Landsec's commercial priorities.
• Prioritise initiatives based on enterprise risk exposure, business value and threat landscape changes.
• Ensure security is embedded into digital transformation, major projects and technology decisions.
• Maintain an enterprise cyber governance structure that provides transparency and clear risk ownership.
• Provide regular, high‑quality reporting and insights to executive and board bodies.
• Ensure alignment to recognised frameworks such as NIST CSF and maintain effective risk and control mechanisms.
• Lead the organisation in understanding cyber risk, making informed decisions on mitigation or acceptance.
• Partner with operational, commercial and technology teams to enable secure business growth.
• Ensure third‑party partners, suppliers and ecosystem participants meet Landsec's security expectations.
• Work with enterprise architecture and IT to ensure security is designed into solutions from inception, cyber findings are remediated, and controls are effective.
• Oversee incident response, threat monitoring, vulnerability management and recovery capabilities.
• Lead the Group response to cyber incidents, ensuring coordinated, timely and effective action.
• Ensure alignment between cyber resilience, business continuity and disaster recovery plans.
• Maintain visibility of emerging threats and advise on actions required to maintain resilience.

Essential Criteria

• Experience leading cyber security for an organisation, with full responsibility for protecting critical assets, making risk decisions and advising executive‑level leaders.
• Significant experience presenting to and influencing executive committees, boards and audit committees.
• Demonstrable ability to set strategy, manage complex cyber risks and run a security capability at scale.
• Strong leadership skills with the ability to manage a lean internal team and orchestrate external partners.
• Demonstrable success operating within a three lines of defence model or a regulated/assurance‑led environment.
• Proven track record of delivering modern cyber security assurance initiatives such as red‑team exercises, adversary simulation, purple‑team programmes, and threat‑led testing, translating outcomes to measurable improvement in security posture.
• Broad and current understanding of security technologies, threat landscapes and governance frameworks.
• Exceptional communication skills, with the ability to translate technical risk into business‑aligned insights.
• Proven ability to operate effectively in dynamic, commercially focused environments.
• Master of influencing entities and decisions in situations where no formal reporting structures exist, yet achieving the desirable outcome is vital.

Desired, but not required

• Professional certifications such as CISSP, CISM, CISA, CRISC or equivalent.
• Experience in regulated or highly scrutinised sectors.
• Experience driving security maturity uplifts with constrained or optimised budgets.
• Experience managing security partners and suppliers.

Benefits

• Performance‑based annual bonus plan
• 25 days annual leave (plus)