Group Deputy CISO - Operations

The Group Deputy CISO – Operations plays a critical leadership role in safeguarding Compass Group’s global digital environment. Reporting to the Group CISO, this role is responsible for directing cyber security operations and engineering to protect IT infrastructure, cloud environments, and data assets across the enterprise.

This position provides strategic oversight of the Security Operations Centre (SOC) and threat detection capabilities, leads the incident response and vulnerability management programmes, and drives the optimisation of security technologies and automation. This position also plays a key role in shaping internal security policies, standards and control frameworks.

Success in this role requires expertise in cyber security operations, strong leadership of high‑performing teams, and the ability to collaborate effectively with senior stakeholders, technology teams, and external partners.

• Security Operations: Provide leadership for security operations, ensuring effective management of Security Operations Centre (SOC) and Managed Detection & Response (MDR) services. Oversee threat detection, monitoring, and incident response capabilities, ensuring operational excellence and continuous improvement.
• Incident Response: Develop the incident response strategy, ensuring robust processes for timely detection, triage, containment, and recovery from security incidents. Oversee collaboration with internal teams and external partners, and provide executive‑level visibility on incident impact and response effectiveness.
• Exposure Management: Lead the enterprise vulnerability management and threat exposure programme, ensuring proactive identification, assessment, and remediation of risks through vulnerability scanning, patch management, penetration testing, and threat monitoring.
• Automation and Operational Efficiency: Drive the adoption of automation and orchestration within security operations to enhance efficiency, reduce response times, and improve scalability. Champion the use of automation for alert triage, enrichment, reporting and incident response workflows.
• Metrics and Reporting: Establish and oversee a comprehensive set of security operations metrics and reporting. Provide actionable insights and regular reporting to senior leadership on threat trends, incident response performance, tooling effectiveness, and service provider performance.
• Security Policy, Standards and Controls: Input to the development and continual improvement of security policies, standards, and control frameworks.
• Leadership and Capability Development: Provide leadership and mentorship to the Cyber Security Team. Foster a high‑performing, collaborative culture focused on innovation and continuous professional development.
• Cross‑Functional Engagement – Collaborate with Group and market cyber security, IT, business units and external partners to enhance security awareness and compliance. Serve as a key adviser to senior management on cyber security operations and engineering.

This role supports Compass Group PLC applications and users globally, with a focus on solutions and services deployed across multiple markets. The role reports into the Group CISO. It has 3 direct reports, management of contractor resources and service providers.

• Bachelor’s or master’s degree in information security, computer science, or a related field is desirable.
• Professional security management certification, such as CISSP, CISM, or equivalent, is desirable.
• Strong background in managing Security Operations Centre (SOC) and leading incident response efforts.
• Experience in managing relationships with third‑party security vendors and providers, ensuring value delivery and operational efficiency.
• Familiarity with security tools such as SIEM, SOAR, EDR, and vulnerability scanning.
• Strong analytical and problem‑solving skills, with attention to detail.
• Ability to communicate technical issues clearly to both technical and non‑technical audiences.
• Knowledge of security frameworks and standards (e.g. ISF, NIST, ISO 27001).
• Strong understanding of regulator requirements and compliance issues affecting cyber security.
• Excellent communication, leadership, and decision‑making skills.
• Proficiency in English language.