Enterprise Security Lead
Confidential Careers
Job Description
About the Role:Reporting directly to the CISO, the Enterprise Security Lead will play a critical role in shaping and operating the organisation's global cyber security capability across a rapidly growing international business.
This is a hands-on leadership role suited for a technically strong and commercially aware security professional who can operate across security operations, incident response, security assurance, architecture, risk management, and stakeholder engagement.
You will work closely with global technology teams, business stakeholders, and specialist third-party security providers to ensure security controls across people, process, and technology are operating effectively. The role will also support secure business transformation initiatives, acquisitions, cloud adoption, and enterprise technology programmes through strong security governance and "Secure by Design" principles.
This role is ideal for someone who enjoys operating across both strategic and operational security domains in a fast-paced global environment.
Key Responsibilities:Security Incident LeadershipLead and coordinate global cyber security incident response activities, including investigation, containment, remediation, and post-incident reviewsDrive root cause analysis and ensure lessons learned are embedded into operational processes and controlsAct as an escalation point during high-priority security events and major incidents
Security Assurance & Risk ManagementConduct security assurance activities including vulnerability assessments, security reviews, and control validation exercisesMaintain and evolve enterprise security controls aligned to organisational risk appetitePerform risk assessments and maintain cyber risk registers, ensuring remediation activities are tracked and managed effectivelySupport internal and external audit activities, including remediation coordination
Security Architecture & Secure ChangeProvide security consultancy and oversight for enterprise projects, cloud initiatives, and technology transformation programmesEnsure security requirements and risk mitigations are embedded into solution design and implementationReview and challenge proposed architectures from a security and risk perspective
Cloud & Enterprise SecuritySupport and oversee security controls across enterprise cloud platforms and SaaS technologies including:Microsoft AzureMicrosoft 365Dynamics 365Collaborate with infrastructure, engineering, and architecture teams to improve enterprise security posture
MSSP & Third-Party OversightManage relationships with Managed Security Service Providers (MSSPs) and external security partnersMonitor service quality, SLA adherence, operational effectiveness, and incident handling performanceConduct third-party security assurance reviews and vendor risk assessments
Governance, Reporting & AwarenessDevelop and maintain security policies, standards, and operational proceduresProduce regular reporting for leadership covering security posture, incidents, risks, vulnerabilities, and remediation progressDeliver security awareness initiatives and training programmes across the organisationSupport executive and board-level discussions relating to cyber risk and security strategy
What You Will NeedExperience & Qualifications:Minimum 6 years of experience in cyber security, with strong exposure across:Security assuranceIncident managementSecurity risk managementSecurity architecture or secure change governanceExperience operating within enterprise or global environmentsBachelor's degree in Computer Science, Information Security, or related disciplineIndustry certifications such as CISSP, CISM, CRISC, CCSP, or equivalent are highly desirable
Technical & Professional Skills:Strong understanding of enterprise security controls, governance frameworks, and risk management practicesStrong technical knowledge across:Cloud Security (Azure, M365, D365)Security ArchitectureIdentity & Access ManagementVulnerability ManagementEndpoint & Security Monitoring technologiesExperience leading or coordinating cyber security incident response activitiesAbility to assess and communicate technical security risks to both technical and non-technical stakeholdersStrong analytical, organisational, and problem-solving capabilitiesExcellent written and verbal communication skills
Desirable Experience:Experience supporting organisations through acquisitions, integration, or transformation programmesExperience managing third-party security vendors and MSSP environmentsPrevious engagement with executive leadership and board-level stakeholdersExposure to regulated or highly distributed enterprise environments
Additional Requirements:Willingness to participate in on-call security incident support as requiredFlexibility to support global operations across multiple time zonesOccasional international travel may be required