Senior Director of Cyber Security

The Senior Leader of Cyber Engineering and Identity & Access Management (IAM) will provide enterprise-wide leadership to secure critical assets enable digital transformation and ensure compliance with regulatory expectations. As a designated Senior Management Function (SMF) under the Financial Conduct Authoritys Senior Managers & Certification Regime (SM&CR) this role carries personal accountability for the effectiveness of cyber resilience identity security and data protection programs. The leader will serve as a trusted advisor to the Chief Information Security Officer Chief Information Officer and the Board shaping the organizations defense strategy while enabling secure growth.

We are seeking a highly experienced and strategic senior leader to oversee our Cyber Engineering Identity & Access Management (IAM) and Data Loss Prevention (DLP) functions. This role will be responsible for driving the design delivery and governance of enterprise-wide security engineering solutions while ensuring secure scalable and resilient identity and data protection services. The ideal candidate will combine deep technical expertise with strong leadership skills to shape the future of cybersecurity identity and data protection within the organization. This position is designated as a Senior Management Function (SMF) under the Financial Conduct Authority regime carrying personal accountability for compliance operational resilience and security effectiveness.

As an FCA Senior Management Function holder this leader is accountable for ensuring that cyber IAM and DLP controls are effective proportionate and resilient. They will be responsible for maintaining governance frameworks that align with FCA and PRA expectations demonstrating reasonable steps in overseeing third-party and outsourced providers and ensuring transparent timely reporting to both regulators and the Board. By advancing these critical capabilities the role provides regulatory assurance builds resilience against evolving cyber threats and safeguards the trust of customers regulators and shareholders.

This is a Senior Management Function role under the Financial Conduct Authoritys (FCAs) Senior Manager and Certification Regime and once successful the firm will submit a Senior Manager Function application on behalf of the candidate to the FCA for approval. Candidates are required to be assessed under the Fitness and Proprietary standards. This assessment will be carried out through self-disclosures permitted criminal record checks reference checks credit checks and other background checks. If hired for this role you will also be required to complete an annual declaration regarding your Fitness and Propriety. This role will additionally be subject to the FCAs Conduct Rules and the Senior Manager Conduct Rules.

The Role:

Strategic Leadership

• Define and execute the global strategy for Cyber Engineering IAM and DLP in alignment with the enterprise security and technology roadmap.
• Serve as a trusted advisor to the CISO CIO and executive leadership on emerging threats secure architecture identity and data protection.
• Establish metrics and reporting to demonstrate effectiveness risk reduction and compliance with regulatory requirements (e.g. National Institute of Standards Cyber Security Framework (NIST CSF) Digital Operations Resilience Act (DORA) New Tork State Department of Financial Services (NYDFS) Sarbanes-Oxyley (SOX) and the Financia Conduct Authority(FCA).

Cyber Engineering Oversight

• Lead engineering teams responsible for core security platforms including endpoint protection cloud security network defense vulnerability management and DevSecOps integrations.
• Build and mature a comprehensive vulnerability management program including continuous scanning risk-based prioritization remediation tracking and Board-level reporting.
• Drive innovation by embedding security into cloud hybrid and modern application architectures (Secure by Design principles).
• Ensure the adoption of automation orchestration and advanced analytics to improve detection response and resiliency.

Identity & Access Management

• Own enterprise-wide IAM strategy including workforce and customer identity privileged access management (PAM) identity governance and administration (IGA) and multi-factor authentication (MFA).
• Lead initiatives to modernize and integrate IAM platforms to support cloud adoption Zero Trust and frictionless user experiences.
• Partner with business and technology leaders to enable secure digital transformation through robust identity services.

Data Loss Prevention (DLP)

• Advance a comprehensive Data Loss Prevention program to safeguard sensitive information across endpoints cloud email and collaboration platforms.
• Establish enterprise-wide policies and controls to prevent unauthorized data exfiltration insider threats and regulatory breaches.
• Implement monitoring classification and enforcement mechanisms that balance data protection with business enablement.
• Partner with business compliance and data governance teams to align DLP strategy with General Data Protection Regulation Financial Conduct Authority Prudential Regulation Authority Sarbanes-Oxley and other global data protection requirements.
• Provide executive and Board-level reporting on data protection risks incidents and mitigation efforts.

Governance Risk & Compliance

• Ensure IAM DLP and security engineering practices meet regulatory audit and policy requirements.
• Define and maintain standards for identity lifecycle access controls data handling and information protection.
• Oversee risk assessments and remediation programs tied to IAM DLP and security engineering platforms.

Senior Management Function (FCA Responsibilities)

As an FCA-designated Senior Management Function (SMF) role the position carries individual accountability under the Senior Managers & Certification Regime (SM&CR). Specific responsibilities include:

• Personal accountability for ensuring cyber IAM and DLP controls are effective proportionate and aligned with FCA expectations for operational resilience and financial sector stability.
• Maintaining robust governance oversight and risk management frameworks for engineering identity and data protection ensuring risks are identified escalated and remediated in line with FCA and PRA requirements.
• Demonstrating reasonable steps have been taken to oversee outsourced arrangements third-party providers and cloud services related to IAM DLP and cyber platforms.
• Ensuring Board and regulators receive timely accurate and complete information on cyber identity and data protection risks vulnerabilities and remediation activities.
• Acting as the point of accountability for operational resilience in cyber engineering IAM and DLP supporting FCA requirements around impact tolerance scenario testing and response planning.

The Requirements

• Extensive progressive experience in cybersecurity coupled with leadership roles across IAM cyber engineering and/or data protection.
• Proven track record of leading global security programs at scale in complex regulated environments (financial services strongly preferred).
• Expertise in IAM technologies (SailPoint Okta Azure AD CyberArk Ping Identity) DLP platforms (Symantec Microsoft Purview Forcepoint Digital Guardian) and security engineering tools (EDR CSPM SIEM SOAR vulnerability management).
• Strong knowledge of Zero Trust data protection regulations (GDPR FCA PRA) cloud-native security and DevSecOps practices.
• Exceptional leadership communication and stakeholder engagement skills with the ability to influence at Board and executive levels.
• Relevant certifications (CISSP CISM CCSP CIPP/E SABSA or equivalent) preferred.
• Bachelor or equivalent qualification would be advantageous.

At WTW we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.

Were committed to equal employment opportunity and provide application interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers from the application process through to joining WTW please email