Enterprise Security Lead

About the Role:

Reporting directly to the CISO, the Enterprise Security Lead will play a critical role in shaping and operating the organisation’s global cyber security capability across a rapidly growing international business.

This is a hands-on leadership role suited for a technically strong and commercially aware security professional who can operate across security operations, incident response, security assurance, architecture, risk management, and stakeholder engagement.

You will work closely with global technology teams, business stakeholders, and specialist third-party security providers to ensure security controls across people, process, and technology are operating effectively. The role will also support secure business transformation initiatives, acquisitions, cloud adoption, and enterprise technology programmes through strong security governance and “Secure by Design” principles.

This role is ideal for someone who enjoys operating across both strategic and operational security domains in a fast-paced global environment.

Key Responsibilities:

Security Incident Leadership

• Lead and coordinate global cyber security incident response activities, including investigation, containment, remediation, and post-incident reviews
• Drive root cause analysis and ensure lessons learned are embedded into operational processes and controls
• Act as an escalation point during high-priority security events and major incidents

Security Assurance & Risk Management

• Conduct security assurance activities including vulnerability assessments, security reviews, and control validation exercises
• Maintain and evolve enterprise security controls aligned to organisational risk appetite
• Perform risk assessments and maintain cyber risk registers, ensuring remediation activities are tracked and managed effectively
• Support internal and external audit activities, including remediation coordination

Security Architecture & Secure Change

• Provide security consultancy and oversight for enterprise projects, cloud initiatives, and technology transformation programmes
• Ensure security requirements and risk mitigations are embedded into solution design and implementation
• Review and challenge proposed architectures from a security and risk perspective

Cloud & Enterprise Security

• Support and oversee security controls across enterprise cloud platforms and SaaS technologies including:
• Microsoft Azure
• Microsoft 365
• Dynamics 365
• Collaborate with infrastructure, engineering, and architecture teams to improve enterprise security posture

MSSP & Third-Party Oversight

• Manage relationships with Managed Security Service Providers (MSSPs) and external security partners
• Monitor service quality, SLA adherence, operational effectiveness, and incident handling performance
• Conduct third-party security assurance reviews and vendor risk assessments

Governance, Reporting & Awareness

• Develop and maintain security policies, standards, and operational procedures
• Produce regular reporting for leadership covering security posture, incidents, risks, vulnerabilities, and remediation progress
• Deliver security awareness initiatives and training programmes across the organisation
• Support executive and board-level discussions relating to cyber risk and security strategy

What You Will Need

Experience & Qualifications:

• Minimum 6 years of experience in cyber security, with strong exposure across:
• Security assurance
• Incident management
• Security risk management
• Security architecture or secure change governance
• Experience operating within enterprise or global environments
• Bachelor’s degree in Computer Science, Information Security, or related discipline
• Industry certifications such as CISSP, CISM, CRISC, CCSP, or equivalent are highly desirable

Technical & Professional Skills:

• Strong understanding of enterprise security controls, governance frameworks, and risk management practices
• Strong technical knowledge across:
• Cloud Security (Azure, M365, D365)
• Security Architecture
• Identity & Access Management
• Vulnerability Management
• Endpoint & Security Monitoring technologies
• Experience leading or coordinating cyber security incident response activities
• Ability to assess and communicate technical security risks to both technical and non-technical stakeholders
• Strong analytical, organisational, and problem-solving capabilities
• Excellent written and verbal communication skills

Desirable Experience:

• Experience supporting organisations through acquisitions, integration, or transformation programmes
• Experience managing third-party security vendors and MSSP environments
• Previous engagement with executive leadership and board-level stakeholders
• Exposure to regulated or highly distributed enterprise environments

Additional Requirements:

• Willingness to participate in on-call security incident support as required
• Flexibility to support global operations across multiple time zones
• Occasional international travel may be required