Associate Director - Cyber Security (Europe & UK)

Purpose of your role

The purpose of this role is to have a seasoned CyberSecurity professional oversee and drive the cybersecurity, privacy, and regulatory strategies for our organization across the UK and EU region. This individual will hold end-to-end responsibility for security governance, privacy compliance, and risk management, ensuring alignment with both local and international regulations (including GDPR and UK data protection laws). The ideal candidate will have strong expertise in cybersecurity frameworks (e.g., ISO 27001) and healthcare regulatory requirements (e.g., HIPAA), along with demonstrated experience managing security programs, audits, and cross-functional teams.

You will be accountable for

Strategic Leadership & Governance:

• Develop, implement, and maintain a comprehensive cybersecurity strategy for the UK and EU region, aligned with global organizational objectives.
• Serve as the primary point of contact for all security and privacy matters, providing regular updates to executive leadership and board-level stakeholders.
• Establish and oversee robust governance frameworks, policies, and procedures to ensure the confidentiality, integrity, and availability of corporate information assets.

Regulatory Compliance & Privacy:

• Oversee compliance with relevant EU and UK privacy regulations (GDPR, UK Data Protection Act, etc.) in partnership with legal and regulatory teams.
• Drive compliance with ISO 27001 and HIPAA standards, ensuring ongoing certification readiness and alignment with best practices.
• Lead privacy management efforts, including data classification, data governance, consent management, and breach notification processes.

Risk Management & Incident Response:

• Develop and maintain risk management programs, identifying, assessing, and remediating cybersecurity and privacy risks.
• Oversee the development and execution of incident response plans, including timely reporting and mitigation strategies.
• Conduct regular risk assessments, vulnerability scans, and penetration tests to ensure continuous improvement of the security posture.

Audit & Certification Management:

• Serve as the primary owner of all customer security and compliance audits, addressing inquiries and ensuring timely and effective closure of findings.
• Coordinate with internal and external auditors to demonstrate compliance with established standards (ISO 27001, HIPAA).
• Maintain comprehensive documentation and evidence of compliance activities and security controls.

Team Leadership & Development:

• Build, mentor, and lead a high-performing security, privacy, and risk management team.
• Establish training and awareness programs to ensure all employees understand security policies, privacy obligations, and data protection best practices.
• Foster a culture of security and privacy by design, working cross-functionally with product, engineering, and operations teams.

Stakeholder Collaboration:

• Work closely with cross-functional teams (Legal, Regulatory, IT, HR, etc.) to align business objectives with security imperatives.
• Act as a trusted advisor to internal stakeholders, providing guidance on security requirements, best practices, and potential impacts on business operations.
• Engage with external partners, vendors, and industry peers to stay current on emerging threats, compliance updates, and innovative security solutions.

Business Security & Privacy Alignment:

• Ensure that business units across the UK and EU region adhere to the organization’s Business Security and Privacy Officer (BSPO) framework.
• Collaborate with business leaders to integrate security and privacy considerations into strategic initiatives, product roadmaps, and operational processes.
• Continuously monitor and evaluate the effectiveness of BSPO-aligned programs, recommending improvements to maintain a robust security and privacy posture.

You Are

• Strategic Thinker: Able to translate complex security challenges into actionable strategies aligned with business goals.
• Results-Driven: Committed to achieving objectives, delivering measurable outcomes, and continuously improving processes.
• Collaborative Leader: Works effectively with cross-functional teams and external partners, building trust and cooperation.
• Ethical & Integrity-Focused: Upholds the highest standards of professionalism, confidentiality, and ethics.

You have

• At least 10+ years of progressive experience in information security and privacy, with a significant portion leadership roles.
• Demonstrated track record of building and managing comprehensive security and privacy programs at enterprise scale.
• Proven experience implementing and maintaining ISO 27001, HIPAA, and other relevant regulatory frameworks (e.g., PCI-DSS, NIST).
• Strong knowledge of cybersecurity technologies (firewalls, IDS/IPS, SIEM, encryption, endpoint protection) and best practices.
• In-depth understanding of privacy regulations including GDPR and UK Data Protection Act, with experience in designing and implementing privacy frameworks.
• Knowledge in DORA and Ofcom Regulation
• Familiarity with cloud security concepts (IaaS, SaaS, PaaS) and best practices for securing hybrid environments.
• Excellent analytical, problem-solving, and decision-making skills to drive effective risk management.
• Bachelor’s degree in Computer Science, Information Security, or a related field (Master’s degree preferred).
• Professional certifications such as CISSP, CISM, CISA, or CRISC are highly desirable.

Leadership & Soft Skills:

• Exceptional communication and presentation skills, with the ability to influence stakeholders at all levels, including C-suite and board members.
• Demonstrated ability to mentor and grow teams, fostering a positive and collaborative work environment.
• Strong organizational skills, able to prioritize and manage multiple projects and deadlines in a fast-paced environment