Head of Information & Cyber Security

Role Intro:

Our Exec team here at MRJ are delighted to bring to market a brand new Head of Information & Cyber Security role on behalf of a leading B2B2C services company.

This expanding group continues to defy their market with sustained growth and has recently embarked on a buy and build strategy following a major investment round that completed 2 years ago.

ROLE:

Working closely with the CTO and the Group board, the Head of Information & Cyber Security will be responsible for defining, driving, and maturing the company's security strategy. You’ll set the vision for a robust risk and cyber security framework, build a high-performing team, and lead the organisation on their journey toward a Zero Trust architecture and recognised security certifications.

This is a hands-on leadership role for someone who can combine strategic thinking with the ability to execute, influence stakeholders, and bring their relatively new security team to full maturity.

Key Responsibilities

Strategy & Governance

• Own and evolve the risk management framework, building on work initiated by the GRC team.
• Develop and deliver the organisation’s cyber security strategy and roadmap for the next 12–24 months, aligned to business goals.
• Lead our journey to Zero Trust architecture, including proof of value (POV) and implementation plans.
• Drive the organisation towards Cyber Essentials Plus and ISO 27001 certification.

Operations & Engineering

• Oversee the outsourced Security Operations Centre (SOC) and MSSP, ensuring processes and incident response capabilities are matured and optimised.
• Guide and mentor the internal Cyber Engineering function (currently implementing Microsoft Defender), ensuring effective tooling and best practice.
• Own incident management—build incident response plans and act as the organisation’s incident commander when required.
• Oversee implementation of email security (Egress) and security awareness training.

Leadership & Change

• Build capability and maturity across a new and developing team, providing strong leadership, coaching, and a culture of continuous improvement.
• Partner with senior stakeholders to influence change and promote security awareness across the business.
• Support M&A activity, providing security due diligence and integration oversight.

Required expertise, skills and experience:

An experienced information & cyber security leader, you will be comfortable rolling your sleeves up and leading a team, with the expertise and experience driving & delivering the security agenda across multiple locations.

It’s also expected that you’ll possess and offer the following skills:

• Proven track record of implementing and maturing risk management frameworks.
• Strong background in cyber security operations, including SOC oversight and incident response.
• Experience delivering Zero Trust strategies and/or large-scale security architecture change programmes.
• Hands-on leadership of teams at an early stage of their maturity; skilled at coaching and developing people.
• Experience with regulatory certifications such as ISO 27001 and Cyber Essentials Plus.
• Strong stakeholder management skills and the ability to drive security culture across the organisation.

Desirable

• Experience supporting M&A security due diligence and post-acquisition integration.
• Familiarity with Microsoft security stack (Microsoft Defender) and modern email security tools (e.g. Egress).

PLEASE NOTE:

Salary: £100k base (max)

Location: This role is remote first, with 1 day per month spent in the company's HQ in Berkshire.

Interview process: 2 stages

If you're interested in leading information security for a leading player in their market, get in touch today.