Chief Information Security Officer

We are a global insurance business, a powerhouse undergoing rapid technology-enabled transformation across all of our markets. As our Chief Information Security Officer (CISO), you will be at the forefront of safeguarding a multi-billion-pound enterprise-leading cyber strategy, shaping board-level risk appetite, and protecting the trust of millions of customers worldwide.

As one of the world's leading global warranty providers we offer customers' peace of mind for their domestic appliances. We are expanding our horizons and entering new markets at pace and we need your expertise to help make it happen securely and robustly.

As an international company we work with most of the world's most respected and well-known brands for domestic appliances and consumer goods. Our current CISO is retiring, creating a unique opportunity to join us. We don't advertise very often for roles at this level, so this really is a position not to be missed.

As a high growth ambitious business, this role is not for the cautious. It's for the bold and the visionary, a resilient leader who sees security an enabler of innovation, growth and reputational strength.

About the role

The Chief Information Security Officer (CISO) is responsible for overseeing the shaping, development, implementation, and governance of the company's information security agenda. Working closely with executive leadership, our Technology, Engineering and Product teams, and other stakeholders, you will lead efforts to protect the organisation's sensitive information, systems, and infrastructure from cyber threats and breaches. This role requires a strategic security and people leader with extensive experience in information security management, risk assessment, and compliance within a rich, regulated corporate environment. The role is delegate chair for the IT Security and Cyber Security Steering Committee, a delegated body reporting into the Group Risk Committee (GRC) and then the Audit and Risk Committee (ARC).

Your Mission:

• Set Vision and Strategy: Define and own the Group-wide cyber security strategy aligned with business ambition, ESG goals, and evolving threat landscapes.
• Lead from the Front: Inspire, build, and mentor a high-performing global cyber team-across defensive security, threat intelligence, and cyber engineering.
• Board-Level Influence: Serve as the cyber conscience of the organisation-engaging with the Board, Audit & Risk Committees, and regulators with authority and clarity.
• Drive Transformation: Lead security by design across cloud, data, AI, IoT, and operational technology landscapes-embedding security in every initiative.
• Stay Ahead of Threats: Oversee threat detection, incident response, and resilience programs with precision and global coordination.
• Shape Culture: Champion a cyber-aware culture across 100,000+ employees, embedding secure behaviours in the DNA of our business.

What You Bring

• A proven track record as a CISO or senior security leader in a rich, regulated, multinational environment.
• Deep expertise in cyber strategy, risk management, leading enterprise-wide transformation at Inspirational leadership with a bias for action, pragmatism, and delivery.
• scale.
• Gravitas and credibility with boards, senior management, regulators, auditors, and external stakeholders.
• Hands-on understanding of security architecture, cloud, identity and threat intelligence.
• Resilience under pressure - the ability to make calm, fast decisions in high-stakes situations.

Specifically, the role covers:

Leadership:

• Industry leading vision and communication to the business on security topics
• Hiring, career planning, training and performance reviews for the team
• Employee coaching, mentoring, development and team building
• Improve processes and handle resource contentions if any.
• Stakeholder Engagement:
  • Excellent interpersonal skills to act as a single point of contact for senior stakeholders in relation to technology services
  • Excellent communication skills with non-technical stakeholders to ensure that they understand the available technology services, and to promote financial awareness to deliver value-for-money
  • Strong analytical and influencing skills to assess demand for services and ensure that the necessary investments are made to deliver required services
  • Able to negotiate at senior level on technical and commercial issues, to ensure that customers, suppliers and other stakeholders understand and agree what will meet their needs, and that appropriate service level agreements are defined.

Policy Management:

• Able to provide leadership and management to the business on which policies we should have and the guidance they should offer to the business.
• Able to ensure that IT Security policies and procedures and working practices are fit for purpose and current and that they are actually being applied properly.

Supplier Management:

• Able to influence IT security policy and procedures covering the selection of suppliers, tendering and procurement, promoting good practice in third party management
• Well-developed commercial skills to identify and manage external partners, working with professionals in other departments (e.g. procurement, legal)
• Expert at the management and maintenance of the relationship with suppliers of planned and operational services.

Financial Management:

• Financial management expertise to monitor and manage IT security expenditure (including software licences, maintenance and other recurring expenditure), ensuring that financial targets are met and examining any areas where spend may exceed agreed budgets or varies significantly from previous forecasts
• Able to assist with the definition and operation of effective financial control and decision making, especially in the areas of cost models and the allocation and apportionment of those costs.

Responsibilities

Strategic Planning: Develop and implement a comprehensive information security strategy aligned with business objectives, regulatory requirements, and industry best practices.

Risk Management: Identify, assess, and prioritize information security risks to the organization, and develop strategies to mitigate these risks effectively.

Security Assurance: Oversee the day-to-day assurance of information security activity, including incident response, threat detection, vulnerability management, and security monitoring. Day-to-day Security Operations are managed by Technology Operations so this role acts as a second line of defence.

Compliance: Ensure compliance with relevant laws, regulations, and standards (e.g., GDPR, ISO 27001) by implementing and maintaining appropriate controls and procedures relevant to each of the territories that D&G operates.

Security Architecture: Define and maintain the company's security architecture, including network security, infrastructure security, and cloud security, to protect against evolving threats and ensure this aligns to best practices.

Security Education & Awareness: Promote a culture of security awareness and best practices throughout the organisation by providing training, education, and communication programs.

Vendor Assurance: Review critical third-party vendors and service providers to ensure the security of outsourced systems and services and the data they contain.

Incident Reviews: Lead the review of security incidents and breaches, coordinating with internal teams and external stakeholders to ensure any learnings are effectively applied.

Budget Management: Develop and manage the information security budget, ensuring that resources are allocated efficiently to support security initiatives and priorities.

Reporting: Provide regular reports and updates to executive leadership and the board of directors on the status of the information security program, key metrics, and emerging threats. Ensure the Security Operations Dashboard is maintained and kept up to date, both in terms of content and the KRIs that are relevant to the business.

We offer lots of great benefits!

• Competitive salary and annual discretionary bonus
• Hybrid working - presence with purpose; you work from an office when it makes sense
• 25 days annual leave plus bank/public holidays, as well as an annual option to buy up to 5 additional days of annual leave
• Training opportunities as well as clearly defined career progression
• Health cash plan - employer funded cover to enable you to claim money back on essential healthcare costs, including dental, optical, physiotherapy and many more. Cover also includes unlimited access to a 24/7 virtual GP service
• Attractive company pension scheme
• Life assurance - employer funded cover of 4x basic salary
• Dedicated online benefit portal offering access to saving and lending facilities, financial wellbeing and support services
• Salary Finance - access to savings and borrowing through payroll
• Car Leasing - access to a carbon neutral salary sacrifice car leasing scheme, with an all-inclusive monthly cost covering all charge, taxes, insurance, repairs and maintenance on a range of brand new vehicles
• Travel Loans - interest free loans to help spread the cost of annual travel tickets
• Cycle to Work - tax efficient bike and cycling equipment worth up to £1,000
• Health & Wellbeing - discounted gym membership, online virtual workout sessions, online culinary classes
• OnHand - Giving you the opportunity to be an Eco & Social volunteer via a handy app. Volunteer individually or in groups to get involved in Youth Mentoring, Food Poverty, Homelessness & Elderly help
• Employee Assistance Programme - specialist advice and support on issues such as finance, relationships, illness and family issues
• Free Domestic & General protection plan - one free plan each year with access to discounted rates of up to 50% on additional plans, including referrals for family and friends
• Employee discounts - access to discounted Sky TV and broadband packages, together with a range of discounts for 100s of online and high street retailers

Domestic & General are an equal opportunities employer which means we treat people fairly. We welcome applications from all suitably skilled persons regardless of their gender, age, race, disability, ethnic background, religion/belief, sexual orientation, gender reassignment or marital/family status.

Please note that we have a thorough referencing process, which as you would expect includes criminal record checks.

At Domestic & General, we are proud of our 100-year legacy and excited about our future growth plans. We are expanding our horizons, entering new markets and territories internationally and we need your expertise to help us on the journey.