Head of IT Security - Wembley

Location: Wembley - 5 days on-site

Salary: £(phone number removed) per annum

My client is looking to recruit a Head of IT Security to lead and shape their enterprise-wide security function. This is a senior leadership role offering the opportunity to define security strategy, strengthen governance, and protect critical systems, data, and operations.

As Head of Security, you will own the strategic and operational delivery of all information and cyber security activities. You'll develop and implement robust security policies, oversee incident response, and ensure compliance with GDPR, PCI DSS, ISO 27001, and Cyber Essentials Plus. You will be the single point of accountability for all security matters, reporting directly to the executive team and influencing critical business decisions.

• Develop, maintain, and deliver a 3-5 year Security Strategy and Roadmap covering technology, people, and processes.
• Embed security by design across projects, platforms, data flows, and product development.
• Lead enterprise-wide information, cyber, and data security governance.
• Define and implement security frameworks, policies, and operating models.
• Ensure compliance with GDPR, PCI DSS, Cyber Essentials Plus, and ISO/IEC 27001:2022 aligned practices.
• Lead Data Protection Impact Assessments (DPIAs), data mapping, classification, and retention programs.
• Oversee incident response, vulnerability management, patch compliance, and secure configuration baselines using SCCM, Ivanti, Intune, GPO, and Azure Defender.
• Drive SOC integration, threat intelligence, and monitoring to continuously improve detection and response capabilities.
• Manage hybrid environments, including Azure, AWS, Nutanix, and on-premise infrastructure.
• Support SD-WAN, cloud Firewalls, CASB, Zero Trust, and SASE architectures.
• Own enterprise security risk assessments, track key risk indicators (KRIs), and report on cyber maturity to executive leadership.
• Drive security culture through training, phishing simulations, and awareness programs.
• Partner with IT, Legal, HR, and business units to embed security in operations and service delivery.
• Provide security input for vendor assessments, third-party risk, and M&A due diligence.

• Proven senior leadership experience in information, cyber, or data security.
• CISSP, CISM, or CISA certified (or equivalent).
• Track record of delivering security programs aligned to ISO 27001, NIST, PCI DSS, and Cyber Essentials Plus.
• Hands‑on experience with cloud platforms (Azure, AWS), on-premise networks, and hybrid architectures.
• Strong experience in Zero Trust security models.
• Experienced in security tooling selection and implementation.
• Deep understanding of data protection legislation, risk management frameworks, and compliance requirements.
• Exceptional leadership, stakeholder engagement, and influencing skills.