Head of Information Security

This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.

Department:
Compliance & Security

Reports To:

Head of Compliance and Security

Location:

Hybrid, UK (London)

As Head of Information Security, you will define the enterprise information security vision and protect the confidentiality, integrity, availability and authenticity of data across all data center campuses, corporate environments and critical OT/IT systems. You will build and lead the global IT security and Cybersecurity programs spanning security operations, system and infrastructure architecture, governance, applications, vendor risk, physical-to-cyber integration and regulatory compliance.

• Define and annually refresh the information security strategy, roadmap and operating model; integrate with compliance, enterprise risk and resilience frameworks.
• Own and maintain the Information Security Management System (ISMS), ensuring alignment with ISO 27001/2, regulatory requirements and relevant DC industry standards.
• Set enterprise security KPIs and metrics for executive and board-level reporting.
• Establish policy frameworks in areas covering for example data protection, identity and access management, acceptable use, OT/ICS security, vendor security, secure development, and incident reporting.

• Oversee security architecture for IT, cloud, network, data‑center infrastructure and OT systems.
• Define technical baselines including hardening standards, segmentation and encryption requirements.
• Partner with Development, Design and Operations to define secure designs for cooling systems, generators, SCADA/ICS/BMS/EPMS etc.
• Lead vulnerability management, penetration testing and red‑team programs.

• Own enterprise IAM and PAM strategy including MFA, RBAC and privileged controls.
• Design and implement an organisational approach for zero trust.
• Implement strong controls for contractor and supplier remote access and device hardening.

• Lead the SOC strategy and threat‑monitoring capability.
• Maintain incident response plans, playbooks and conduct exercises.
• Build threat intelligence capabilities aligned to critical‑infrastructure threats.

• Coordinate with Physical Security on integrated access controls and incident response.
• Take a combined approach to enterprise risk management activities.

• Own supplier security assurance for high‑risk categories.
• Support hyperscale, neocloud and enterprise customer audits, RFPs and security reviews.

• Maintain compliance with for example, NIS2, DORA and critical‑infrastructure regulation.
• Coordinate internal/external audits of the ISMS and remediation cycles.

• Own security tooling including SIEM, EDR/XDR, IAM/PAM, OT monitoring.
• Maintain enterprise security architecture, artefacts and standards.

• Own development and delivery training including onboarding, refresh and annual activities.
• Support travel security efforts.
• Build and run resilience planning including IT DRP, critical asset Identification and backup policies.

• Build and lead a high‑performing Info Sec team.
• Secure budget for toolsets, SOC operations and improvements.
• Drive security culture through training and role‑based learning.

• Bachelor's degree in a relevant subject or similar experience and professional certification required. Master's degree or level 7 equivalent preferred.
• 10+ years of progressive experience in information security, cyber risk, or technology governance.
• 5+ years in information security leadership, roles in critical‑infrastructure or DC environments Is considered a plus.
• Strong knowledge and delivery of ISO 27001, NIST CSF, SOC2 and CIS Controls and other example frameworks and Zero Trust architectural principles.
• Experience securing OT/ICS systems and maturing SOC/IR programs.
• Relevant Industry certifications such as those from ISACA and ISC
  2.

• Strategic security leadership, risk‑based decision‑making.
• Strong documentation, audit readiness and compliance discipline.
• Communication and influence across senior and operational teams.

- Hybrid with 3 days a week in the office, 25% travel to sites and suppliers.