Cyber & Information Security Leader (Strategy & Risk)

At Yeo Valley, we are about more than just making great food - we are here to Nurture & Nourish People & Planet by Making Great Food the Right Way. Forever. As a co-owned business, we invest in our people, encourage growth, and believe in doing things properly.

To lead Yeo Valley's Cyber and Information Security function - ensuring our systems, data, and people remain secure while enabling the business to operate efficiently and confidently. You'll own and deliver the organisation's cyber and information security strategy, manage the protection and monitoring of our technology estate, and embed a strong culture of security awareness across all teams. Working closely with IT, data, and operational leaders, you'll ensure our defences are robust, risks are managed proactively, and Yeo Valley remains compliant with all relevant standards and regulations.

Your responsibilities:

• Design, own and lead the Cyber and Information Security strategy, aligning it to Yeo Valley's wider business and IT objectives.
• Design, implement, and manage security controls, processes, and technologies that protect the confidentiality, integrity, and availability of information assets.
• Own the Information Security Management System (ISMS), ensuring compliance with relevant frameworks as deemed appropriate.
• Oversee incident response and threat management, leading investigations and coordinating with IT and external partners to contain, resolve, and learn from security incidents.
• Maintain proactive awareness of the external threat landscape, staying informed on emerging risks, vulnerabilities, and trends. Translate this intelligence into actionable improvements to strengthen Yeo Valley's defences.
• Monitor and report on security posture, using metrics and dashboards to inform the business and executive team of risk levels, improvements, and vulnerabilities.
• Define and own the vulnerability management process, ensuring regular assessments, patching, and remediation of security weaknesses across the estate.
• Lead supplier assurance and third-party risk management, ensuring external partners meet Yeo Valley's security requirements.
• Work closely with IT infrastructure and delivery teams to ensure new systems, applications, and solutions are secure by design.
• Create and embed a culture of security awareness, running training, communications, and engagement programmes to upskill colleagues.
• Support business continuity and disaster recovery planning, ensuring security requirements are embedded in wider IT resilience activities.
• Coach and enable the Cyber Security Engineer to contribute to develop the business continuity plan for cyber incidents.

Sounds interesting, what do I need?

Essential:

• Proven experience in leading or managing information and cyber security operations.
• Strong knowledge of information security standards, frameworks, and regulations (e.g. ISO27001, NIST, Cyber Essentials Plus, GDPR).
• Experience developing and implementing security strategies, policies, and controls across hybrid IT environments.
• Demonstrated ability to manage incidents, risks, and vulnerabilities effectively.
• Excellent communication and influencing skills, capable of engaging both technical and non-technical stakeholders.
• Experience managing security suppliers, SOC providers, or MSSPs.

Desirable:

• Experience in manufacturing, FMCG, or supply chain environments.
• Hands-on knowledge of modern cloud and on-premises security tooling (Microsoft 365 Defender, Sentinel, Azure, Fortinet, etc.).
• Security certifications (e.g. CISSP, CISM, CompTIA Security+, ISO27001 Lead Implementer).
• Understanding of disaster recovery, business continuity, and risk management.

Why should I join the family?

We are independent, British and proud to be making the highest quality yogurts, desserts and ice cream under the Yeo Valley brand and for many of the UK's major retailers. Operating from four dairies and two logistics centres in Somerset and Devon, we employ over 1900 staff and produce more than 25% of the UK's packaged yogurt.

We offer a whole host of benefits including:

• Competitive holiday allowance
• Non-contributory pension scheme
• Life cover
• Healthcare cash back plan
• Cycle to work scheme
• Subsidised Yeo Valley products and services
• Preferential rates with our partners
• Learning and development opportunities; we are committed to ensuring all of our employees have the chance to grow

Our closing dates are a guide for when the application window should close, although we may close the advert sooner if we can. So, we recommend you get your application in straight away - and don’t miss the opportunity to join us!

Unfortunately, we are not able to provide employment sponsorship to candidates at this moment in time. Please note that Yeo Valley do not accept speculative agency applications; we will only accept applications from preferred suppliers that have been submitted to us via our recruitment portal at the point of instruction.