The Head of Cyber Security plays a pivotal role in ensuring the overall security of the TalkTalk. You will support the business by defining a clear security strategy, defining key security objectives aligned to the TalkTalk Business goals. Working cross-functionally you will establish and maintain the security governance framework, ensuring all key stakeholders across the Executive Leadership Team have visibility of the business security posture and security roadmap. You will leverage key partner / supplier relationships to define performance measures required by the business across all security services, covering areas such as security risk management, operations and penetration testing. With responsibility for the implementation of the cyber security roadmap, you will ensure security services are cost-optimised and offer value to the business. You will support the business to maintain compliance with relevant legislative requirements such as Telecommunications Security Act, Investigatory Powers Act; along with broader compliance programmes such as ISO27001.
You will be responsible for:
- Develop a clear security strategy for TalkTalk and have a multi-year plan in place to deliver the strategy.
- Lead security governance committees including ones at Exco and Board level to ensure that cyber security is appropriately governed and managed.
- Manage the overall budget for security and ensuring security services are cost-optimised and deliver value to the business.
- Ensure that TalkTalk achieves compliance to various security regulatory standards such as PCI, ISO:27001, Cyber Essentials, and the Telecoms Security Act.
- Prepare security updates and reports for Sr. Management, ELT, and the Board.
- Deliver regular security risk reporting to various security governance committees, including the Security Committee.
- Deliver Security Standards that support our Security Policies and Business needs.
- Ensure trusted 3rd party security suppliers are performing within SLA and be a point of escalation.
- Managing the relationship with the regulator, suppliers and industry partners in relation to cyber security.
- Be great to also have the following experience:
- Senior leadership experience in information security and risk management.
- Experience managing suppliers & establishing performance management criteria.
- Experience with ISO27001, PCI, and other security compliance standards and working with auditors.
- Proven expertise in security governance and risk management methodologies including leveraging best practice security frameworks such as the CIS Top 20 or NIST Cyber Security Framework.
- Experience in leading security risk management meetings, delegating responsibilities, and influencing people to take action to assist in the resolution of security risks.
- Solid understanding and applicable knowledge of technical security concepts across different security domains.
- Strong understanding of UK legislation such as IP Act 2017, Telecoms Security Act and Communications Act.
- Excellent Senior Stakeholder management skills.
- Bachelor's Degree in Computer Science or relevant experience.
- CISSP and/or CISM certified preferred.
As a recognised Top 50 Inclusive Employer in the UK, we know that diversity means success and innovation. We want our workplace to reflect the communities and customer we serve. Being inclusive is part of our DNA; we are all 100% human, and we create a culture where you can truly be yourself.
We’re also not your usual 9-5. We are a dynamic workplace and we want to talk to you about how you like to work.