Head of Information Security

Job Description

Director of Information Security Oxfordshire UK (on site) - circa 130k plus bonus

Our investment advisory client is seeking an experienced Director of Information Security to lead the cybersecurity program of a prestigious globally recognised portfolio company ensuring the protection of sensitive intellectual property critical resources and global operations. This role combines technical expertise with strategic business engagement ensuring that security is seamlessly integrated across all commercial activities. This role will oversee the organizations

security strategy security operations vulnerability management incident response risk identification and mitigation planning / implementation identity management network security privacy and compliance. The Director will work closely and report to the Group CISO.

Responsibilities

Strategic Leadership & Business Partnership

• Act as a trusted advisor to leadership across operations engineering and corporate functions.
• Translate cybersecurity risks into business terms enabling executives to make informed decisions.
• Partner with various areas within the business to embed security into projects & daily operations.
• Define and drive the overall security roadmap ensuring it evolves with the business.
• Lead security benchmarking and strategic planning
• Continuous assessment of risk across the organization paired with the ability to implement risk treatment plans that do not hamper innovation.

Technical & Operational Oversight

• Oversee network security architecture monitoring and the segmentation of a complex network.
• Manage Privileged Access Management (PAM) platforms enforcing robust identity and access controls.
• Drive cloud security initiatives across Azure and AWS including monitoring workload protection and identity governance.
• Oversee vulnerability management for hybrid cloud environments integrating tools such as Wiz Axonius and ServiceNow.
• Oversee advanced DLP and insider risk management to protect critical IP.
• Partner with IT and Operations to ensure resilience in the event of cyber incidents or infrastructure outages.
• Coordinate penetration testing red team exercises and remediation activities.
• Partner with IT and DevOps teams to embed secure-by-design principles into systems applications and IaC.
• Oversight of the Incident Response plan as well as hosting of regular table top simulations for the executive leadership team.
• Reporting of key security metrics to both the CISO and executive leadership team.

Governance Risk & Compliance

• Maintain a risk register and provide actionable reporting to business leaders and the CISO.
• Ensure compliance with regulations GDPR ISO 27001 NIS2 as well as Enterprise security standards.
• Define and track security KPIs/KRIs that measure technical posture and business impact.
• Support internal and external audits ensuring continuous readiness.

Required experience:

• 7 years in cybersecurityleadership with proven ability to bridge technical depth and business engagement.
• Strong hands-on experience with:
• Hybrid Microsoft stack (Windows Active Directory Azure O365).
• Linux administration and security.
• PAM solutions (CyberArk BeyondTrust or equivalent).
• SOC/SIEM operations and incident response.
• EDR/XDR and endpoint hardening
• Vulnerability management tooling
• Track record of engaging directly with senior business leaders to communicate risk and influence decisions.

Nice to Haves:

• Exposure to Cato Networks Microsoft Azure AWS Wiz Axonius ServiceNow.
• Familiarity with DevSecOps container security and infrastructure as code.
• Experience in manufacturing aerospace defense or other high-IP high-performance industries.
• Relevant certifications such as CISSP CISM CCSP or CRISC.

Interested Apply today! Vertex Search is acting as a recruitment agency on this engagement.