At a Glance
- Tasks: Lead cyber security and IT governance for a global brand, shaping technology direction.
- Company: Join Twinings Ovaltine, a leader in digital innovation and transformation.
- Benefits: Enjoy flexible working, generous holiday, and a range of wellness perks.
- Other info: Be part of a culture that values innovation and collaboration.
- Why this job: Make a real impact on security and governance in a dynamic environment.
- Qualifications: Proven leadership in cyber security and IT governance required.
The predicted salary is between 60000 - 75000 £ per year.
Application Deadline: 19 July 2026
Department: BizTX
Employment Type: Permanent - Full Time
Location: Andover
Great People Work Here. BizTX: Co-Creating WOW Through Digital Innovation
It’s an exciting time to be part of BizTX at Twinings Ovaltine. At the heart of this iconic brand, we’re on a mission to drive exponential growth and productivity through cutting-edge technology to transform the business globally. We’re not here to simply provide IT services. We’re technology leaders and strategic partners, co-creating innovative solutions that help the business run, grow, and transform. Everything we do is guided by our commitment to ‘WOW’ our consumers, customers and colleagues. WOW experiences, WOW solutions, and WOW impact. Our people think differently. We have an exponential mindset that helps us push boundaries and shape what’s next. The future at Twinings Ovaltine is full of possibility and we’d love you to be a part of it.
As a key member of the BizTX Senior Leadership Team, lead cyber security and IT governance, risk and compliance (GRC) for TwiningsOvO. Own the business’s security posture and IT control environment and act as TwiningsOvO’s senior security point of contact into the ABF Group CISO function. This is a build-and-embed leadership role. The goal is to make security and control proportionate, owned and integrated into how the business runs and how the transformation agenda is delivered - an enabler, not a blocker. This is a divisional security leadership role. The ABF Group CISO owns Group security strategy, standards, architecture, threat intelligence, monitoring and major incident command. This role does not duplicate that.
The Director adopts and operationalises Group security standards within TwiningsOvO, and owns local cyber risk and the IT control environment. The Director is TwiningsOvO’s senior point of contact into ABF Group Cyber Security and Group Internal Audit. The role is sized for a complex but single-division business delivered through standards, partnering and influence rather than a large standing team.
Leadership Team Membership
As a member of the BizTX Leadership Team, the Director contributes beyond cyber security — helping shape technology direction, risk management and business transformation priorities, and the overall resilience and success of BizTX.
In scope
- TwiningsOvO cyber risk posture and the cyber risk register.
- IT GRC: control framework, IT general controls (ITGCs), policy adoption and exceptions, control testing and continuous compliance.
- Audit readiness and remediation across IT and security.
- Security-by-design across BizTX delivery (S/4HANA RISE, AMS, AI, integrations, cloud and data).
- Identity, access and segregation-of-duties governance for critical platforms.
- Third-party, SaaS and AMS security and privacy risk assessment.
- Local coordination of security incidents and escalation to the Group.
- Security awareness and culture within the business.
Out of scope (owned by ABF Group CISO / others)
- Group security strategy, standards authorship and architecture direction.
- Group SOC, SIEM, threat intelligence and 24/7 monitoring.
- Group-wide / major incident command.
- Enterprise security tooling selection at the Group level.
Key Responsibilities
Strategic & divisional leadership
- Lead cyber security and IT GRC for TwiningsOvO and set the local roadmap, priorities and investment case within ABF Group standards.
- Make security and control proportionate to a single-division business — through standards, partnering and influence, not a large standing team.
Cyber security & risk
- Own TwiningsOvO’s cyber risk posture; maintain a single, prioritised cyber risk register with named owners and tracked remediation.
- Give the GM and Leadership Team clear visibility of risk exposure and control effectiveness.
- Coordinate local response to security incidents, with rapid escalation to and alignment with the ABF Group security function.
- Drive vulnerability, patch and exposure management in line with Group expectations.
Governance, risk & compliance (IT GRC)
- Own the IT control environment, including ITGCs across SAP S/4HANA and other core applications.
- Operate IT GRC in BAU: governance forums, policy adoption and exceptions, control testing and continuous compliance against ABF and regulatory expectations.
- Lead audit readiness and remediation; act as single point of contact for Internal Audit and external auditors on IT and security, and close findings on time.
- Govern identity, access and segregation-of-duties controls for critical systems.
Security by design
- Embed proportionate security and control requirements into BizTX delivery standards and the project lifecycle.
- Provide security assurance across the transformation portfolio from initiation through to go-live.
- Advise programme and product teams so controls are designed in, not retrofitted — without slowing delivery.
- Set and govern security and privacy requirements for third parties, SaaS and AMS partners, and assess vendor risk before contracting.
ABF Group partnership
- Act as TwiningsOvO’s senior security point of contact into the ABF Group CISO function and Group Internal Audit.
- Adopt and operationalise Group security strategy, standards and architecture within TwiningsOvO — translate, don’t duplicate.
- Represent TwiningsOvO’s security and control interests in Group programmes and forums and advance divisional risk into the centre.
Capability, culture & stakeholders
- Build a practical, security-aware culture through targeted, role-relevant education and leadership engagement.
- Establish lightweight ways of working, clear accountabilities and a partnering model.
- Act as a trusted advisor to the GM and Leadership Team, translating technical risk into simple, commercial, decision-ready terms.
Skills, Knowledge and Expertise
Essential
- Significant leadership experience in cyber security and IT governance, risk and compliance.
- Proven track record embedding or maturing security and control capability in a complex organisation.
- Strong grasp of IT control environments, ITGCs, audit and risk frameworks, applied pragmatically rather than dogmatically.
- Credible with senior leadership; challenges honestly and translates technical risk into commercial, decision-ready terms.
- Comfortable owning local accountability while operating within Group governance — diplomatic with the centre, decisive locally.
Desirable
- Experience as a Head of Cyber Security, BISO, divisional / business security lead, or in a senior IT GRC leadership role.
- SAP / ERP, cloud (RISE), AI governance and major transformation experience.
- Familiarity with ISO 27001, NIST CSF and CIS Controls.
Benefits
- Yearly bonus based on personal contribution and financial performance.
- Flexible working options.
- 25 days holiday plus 8 bank holidays and the option to buy and sell holidays.
- Onsite Gym and Wellbeing Centre.
- Perkbox – employee discount scheme with discounts online, in high street stores, cinema, holidays, restaurants and many more.
- Pension scheme with your contributions matched for up to 10% of your salary.
- Cycle to work scheme.
- SimplyHealth Cash plan.
- Onsite Staff shop and online staff discounts.
- Bupa Private Medical Insurance.
- Competitive Car Allowance.
- Electric Car Scheme.
- Access to LinkedIn Learning.
- Access to ABF Networking, connect, collaborate, and grow across the ABF Group.
Director of Cyber Security & Governance in Andover employer: Twinings
At BizTX, part of the iconic Twinings Ovaltine brand, we pride ourselves on fostering a dynamic work culture that champions innovation and collaboration. As a Director of Cyber Security & Governance, you'll not only lead critical initiatives but also benefit from a supportive environment that prioritises employee growth through flexible working options, comprehensive wellness programmes, and access to professional development resources. Join us in Andover, where your contributions will directly impact our mission to co-create exceptional digital experiences and drive transformative change.
StudySmarter Expert Advice🤫
We think this is how you could land Director of Cyber Security & Governance in Andover
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Twinings, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through Twinings
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Twinings. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Director of Cyber Security & Governance in Andover
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Twinings insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Twinings that you’re committed to staying ahead in the game.
How to prepare for a job interview at Twinings
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at Twinings to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Twinings.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.