Director, UK Security Risk & Governance (SIRO)

Job Description:

Director UK Security Risk & Governance (SIRO)

Location: United Kingdom (Hybrid / Flexible)
Security Clearance: Must be eligible for high-level UK security clearance

Overview

At DXC Technology we deliver mission-critical IT services to some of the UKs most secure and complex organisations across government Defence and regulated industries.

We are looking for an exceptional Senior Information Risk Owner (SIRO) to lead information security risk across our UK business ($1bn annual revenue). Reporting to the Group Operations Lead this is a pivotal leadership role responsible for safeguarding DXCs information assets ensuring compliance with UK regulatory frameworks and enabling secure growth across highly classified environments.

This role will also act as a Security Control Officer requiring a UK national with the ability to operate at the highest levels of trust with government Defence and international stakeholders.

Key Responsibilities

Information Risk Leadership

• Own and oversee information security risk across DXC UK aligned to global security strategy.
• Lead risk assessment and mitigation across government Defence and commercial portfolios.
• Provide independent challenge and strategic guidance on decisions impacting information risk.

Regulatory & Stakeholder Engagement

• Act as a senior point of contact for customer SIROs UK regulators and government agencies.
• Represent DXCs security posture externally building trust and maintaining compliance.
• Support business development activities providing assurance on security and regulatory obligations.

Defence Security & Classified Environments

• Overseeing Defence security frameworks accreditations and cleared systems
• Managing risk reporting incidents and residual exposure
• Liaising with national authorities and defence bodies
• Sponsoring insider threat FOCI risk and security awareness initiatives

Governance & Compliance

• Lead the UK Security Risk & Governance function including:
• Information security policy and assurance
• Compliance and audit readiness
• Vetting and personnel security programmes
• Security awareness initiatives
• Ensure compliance with GDPR UK data legislation and emerging AI regulations.

Cyber Incident Leadership

• Act as the UK lead for major cyber incidents (e.g. ransomware data breaches supply chain attacks).
• Coordinate responses with regulators law enforcement and internal leadership.

Third-Party & Supply Chain Risk

• Oversee third-party and supply chain security risks ensuring UK-specific exposures are identified and mitigated.

Collaboration & Culture

• Partner with CISO Resilience Protective Security and Insider Threat teams.
• Promote a strong security-first culture across the UK business.

Skills & Experience

Essential

• Extensive senior leadership experience in information security risk within complex regulated environments
• Proven experience supporting UK government defence or NATO customers at high classification levels
• Strong understanding of UK EU and US regulatory frameworks including cyber and data legislation
• Demonstrated ability to influence and engage executive stakeholders and regulators
• Track record of leading multi-disciplinary security teams (cyber personnel security governance)

Highly Desirable

• Qualified UK solicitor (15 years PQE) with cyber or data specialisation
• Experience as a UK Director within a US-listed organisation
• Deep expertise in security-cleared environments and personnel risk management

Key Attributes

• Decisive & Responsive Able to act quickly and effectively in high-pressure situations
• Strategic Thinker Anticipates emerging threats and aligns security with business priorities
• Collaborative Leader Builds strong cross-functional partnerships
• People-Focused Develops high-performing teams and supports succession planning
• Outcome-Driven Balances attention to detail with delivery of impactful results

Why Join DXC

• Lead information security for a critical national-scale portfolio
• Engage at the highest levels with government defence and global stakeholders
• Shape the future of secure digital transformation in the UK
• Be part of a collaborative purpose-driven organisation that values innovation trust and people

Apply Now

If youre ready to take on a strategic leadership role at the forefront of UK information security wed love to hear from you.

At DXC Technology we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing productivity individual work styles and life circumstances. Were committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services such as false websites or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process nor ask a job seeker to purchase IT or other equipment on our information on employment scams is availablehere.