×
Register Here to Apply for Jobs or Post Jobs. X

Head of Attack Surface Management

Job in Newcastle upon Tyne, Newcastle, Tyne and Wear, SY7, England, UK
Listing for: Mondelez España Galletas Production SLU
Full Time position
Listed on 2026-07-16
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below
Location: Newcastle upon Tyne

Job Description

Are You Ready to Make It Happen at Mondelēz International?

Join our Mission to Lead the Future of Snacking. Make It Uniquely Yours.

You work with the information security team as a competent and experienced information security and compliance leader.

How you will contribute

You will assess information security risks in line with internal policies and external best practices and determine requirements how to secure Mondelēz International information and IT assets. In addition, you will develop security standards and policies; advise technical teams when developing relevant procedures or on operational security questions; review and consult them on compliant and effective use of common tools. You will also keep business stakeholders apprised on the overall security and compliance roadmap, provide training on information security to appropriate teams, and develop security strategies, architectures and roadmaps across process and technologies.

What

you will bring

A desire to drive your future and accelerate your career. You will bring experience and knowledge in:

  • Information security, compliance and risk management
  • Understanding security solutions and their applicability to Mondelēz International
  • Developing security strategies, awareness campaigns, policies/standards, and governance
  • Communicating effectively with technical specialists, leaders and peers
  • Commercially astute
  • Leadership and people management skills
About the Role

As a Fortune 100 global consumer packaged goods company operating across dozens of markets, our attack surface spans complex multi-cloud environments, global manufacturing and supply chain infrastructure, thousands of applications, and an increasingly interconnected OT/IoT ecosystem. The Head of Attack Surface Management is a critical senior leadership role responsible for unifying our exposure management capabilities into a single, accountable function that delivers continuous visibility, risk-based prioritization, and measurable reduction of our enterprise attack surface.

This leader will own the strategy, execution, and maturation of four integrated disciplines—Cloud Security Posture Management, Vulnerability Management, Offensive Security, and Application Security—ensuring they operate as a cohesive program. The successful candidate will combine deep technical expertise with executive presence, translating complex exposure data into business risk language that drives action at the highest levels of the organization.

This role is an exceptional opportunity to shape and lead a critical security function at one of the world's largest consumer packaged goods companies, protecting a brand portfolio trusted by billions of consumers globally.

Key Responsibilities Strategic Leadership & Program Ownership
  • Own the end-to-end attack surface management strategy, roadmap, and operating model, aligning priorities to enterprise risk appetite and business objectives across a global CPG environment.
  • Establish unified standards for exposure scoring, risk-based prioritization, and SLA enforcement across all four disciplines.
  • Own the exposure management platform and tooling strategy, including build-vs-buy decisions, vendor consolidation, and integration architecture to deliver a single pane of glass for enterprise risk posture.
  • Build and present executive-level reporting on attack surface risk, remediation velocity, and residual exposure to the CISO, executive leadership, and Board-level audiences.
Cloud Security Posture Management (CSPM)
  • Drive cloud security posture management across multi-cloud environments (AWS, Azure, GCP), including misconfiguration detection, IAM entitlement risk analysis, and policy enforcement at scale.
  • Partner with cloud engineering and Dev Ops teams to embed preventive guardrails, IaC policies, and automated remediation, operating within the organization's Product and Platform model.
  • Ensure continuous compliance monitoring against regulatory frameworks across all cloud workloads, including containers, serverless, and managed services.
Vulnerability Management
  • Lead enterprise vulnerability management covering infrastructure, endpoints, network devices, and OT/IoT…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary