Senior Director of Cyber Security

Description

The Senior Leader of Cyber Engineering and Identity & Access Management (IAM) will provide enterprise-wide leadership to secure critical assets, enable digital transformation, and ensure compliance with regulatory expectations. As a designated Senior Management Function (SMF) under the Financial Conduct Authority’s Senior Managers & Certification Regime (SM&CR), this role carries personal accountability for the effectiveness of cyber resilience, identity security, and data protection programs. The leader will serve as a trusted advisor to the Chief Information Security Officer, Chief Information Officer, and the Board, shaping the organization’s defense strategy while enabling secure growth.

We are seeking a highly experienced and strategic senior leader to oversee our Cyber Engineering, Identity & Access Management (IAM), and Data Loss Prevention (DLP) functions. This role will be responsible for driving the design, delivery, and governance of enterprise-wide security engineering solutions, while ensuring secure, scalable, and resilient identity and data protection services. The ideal candidate will combine deep technical expertise with strong leadership skills to shape the future of cybersecurity, identity, and data protection within the organization. This position is designated as a Senior Management Function (SMF) under the Financial Conduct Authority regime, carrying personal accountability for compliance, operational resilience, and security effectiveness.

As an FCA Senior Management Function holder, this leader is accountable for ensuring that cyber, IAM, and DLP controls are effective, proportionate, and resilient. They will be responsible for maintaining governance frameworks that align with FCA and PRA expectations, demonstrating reasonable steps in overseeing third-party and outsourced providers, and ensuring transparent, timely reporting to both regulators and the Board. By advancing these critical capabilities, the role provides regulatory assurance, builds resilience against evolving cyber threats, and safeguards the trust of customers, regulators, and shareholders.

This is a Senior Management Function role under the Financial Conduct Authority’s (FCA’s) Senior Manager and Certification Regime and once successful, the firm will submit a Senior Manager Function application on behalf of the candidate to the FCA for approval. Candidates are required to be assessed under the Fitness and Proprietary standards. This assessment will be carried out through self-disclosures, permitted criminal record checks, reference checks, credit checks and other background checks. If hired for this role, you will also be required to complete an annual declaration regarding your Fitness and Propriety. This role will additionally be subject to the FCA’s Conduct Rules and the Senior Manager Conduct Rules.

• Define and execute the global strategy for Cyber Engineering, IAM, and DLP in alignment with the enterprise security and technology roadmap.
• Serve as a trusted advisor to the CISO, CIO, and executive leadership on emerging threats, secure architecture, identity, and data protection.
• Establish metrics and reporting to demonstrate effectiveness, risk reduction, and compliance with regulatory requirements (e.g., National Institute of Standards Cyber Security Framework (NIST CSF), Digital Operations Resilience Act (DORA), New Tork State Department of Financial Services (NYDFS), Sarbanes-Oxyley (SOX), and the Financia Conduct Authority(FCA)).

• Lead engineering teams responsible for core security platforms, including endpoint protection, cloud security, network defense, vulnerability management, and DevSecOps integrations.
• Build and mature a comprehensive vulnerability management program, including continuous scanning, risk-based prioritization, remediation tracking, and Board-level reporting.
• Drive innovation by embedding security into cloud, hybrid, and modern application architectures (“Secure by Design” principles).
• Ensure the adoption of automation, orchestration, and advanced analytics to improve detection, response, and resiliency.

• Own enterprise-wide IAM strategy, including workforce and customer identity, privileged access management (PAM), identity governance and administration (IGA), and multi-factor authentication (MFA).
• Lead initiatives to modernize and integrate IAM platforms to support cloud adoption, Zero Trust, and frictionless user experiences.
• Partner with business and technology leaders to enable secure digital transformation through robust identity services.

• Advance a comprehensive Data Loss Prevention program to safeguard sensitive information across endpoints, cloud, email, and collaboration platforms.
• Establish enterprise-wide policies and controls to prevent unauthorized data exfiltration, insider threats, and regulatory breaches.
• Implement monitoring, classification, and enforcement mechanisms that balance data protection with business enablement.
• Partner with business, compliance, and data governance teams to align DLP strategy with General Data Protection Regulation, Financial Conduct Authority, Prudential Regulation Authority, Sarbanes-Oxley, and other global data protection requirements.
• Provide executive and Board-level reporting on data protection risks, incidents, and mitigation efforts.

• Ensure IAM, DLP, and security engineering practices meet regulatory, audit, and policy requirements.
• Define and maintain standards for identity lifecycle, access controls, data handling, and information protection.
• Oversee risk assessments and remediation programs tied to IAM, DLP, and security engineering platforms.

As an FCA-designated Senior Management Function (SMF) role, the position carries individual accountability under the Senior Managers & Certification Regime (SM&CR). Specific responsibilities include:

• Personal accountability for ensuring cyber, IAM, and DLP controls are effective, proportionate, and aligned with FCA expectations for operational resilience and financial sector stability.
• Maintaining robust governance, oversight, and risk management frameworks for engineering, identity, and data protection, ensuring risks are identified, escalated, and remediated in line with FCA and PRA requirements.
• Demonstrating reasonable steps have been taken to oversee outsourced arrangements, third-party providers, and cloud services related to IAM, DLP, and cyber platforms.
• Ensuring Board and regulators receive timely, accurate, and complete information on cyber, identity, and data protection risks, vulnerabilities, and remediation activities.
• Acting as the point of accountability for operational resilience in cyber engineering, IAM, and DLP, supporting FCA requirements around impact tolerance, scenario testing, and response planning.

Qualifications

• Extensive progressive experience in cybersecurity, coupled with leadership roles across IAM, cyber engineering, and/or data protection.
• Proven track record of leading global security programs at scale in complex, regulated environments (financial services strongly preferred).
• Expertise in IAM technologies (SailPoint, Okta, Azure AD, CyberArk, Ping Identity), DLP platforms (Symantec, Microsoft Purview, Forcepoint, Digital Guardian), and security engineering tools (EDR, CSPM, SIEM, SOAR, vulnerability management).
• Strong knowledge of Zero Trust, data protection regulations (GDPR, FCA, PRA), cloud-native security, and DevSecOps practices.
• Exceptional leadership, communication, and stakeholder engagement skills, with the ability to influence at Board and executive levels.
• Relevant certifications (CISSP, CISM, CCSP, CIPP/E, SABSA, or equivalent) preferred.
• Bachelor or equivalent qualification would be advantageous.

At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we operate in and to build a culture of inclusivity that makes colleagues feel welcome, valued and empowered to bring their whole selves to work every day. We are an equal opportunity employer committed to fostering an inclusive work environment throughout our organisation. We embrace all types of diversity.

We’re committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please email candidate.helpdesk@willistowerswatson.com.