Enterprise Security Lead

About the Role:\nReporting directly to the CISO, the Enterprise Security Lead will play a critical role in shaping and operating the organisation’s global cyber security capability across a rapidly growing international business.\n\nThis is a hands-on leadership role suited for a technically strong and commercially aware security professional who can operate across security operations, incident response, security assurance, architecture, risk management, and stakeholder engagement.\n\nYou will work closely with global technology teams, business stakeholders, and specialist third-party security providers to ensure security controls across people, process, and technology are operating effectively. The role will also support secure business transformation initiatives, acquisitions, cloud adoption, and enterprise technology programmes through strong security governance and “Secure by Design” principles.\n\nThis role is ideal for someone who enjoys operating across both strategic and operational security domains in a fast-paced global environment.\n\nKey Responsibilities:\nSecurity Incident Leadership\nLead and coordinate global cyber security incident response activities, including investigation, containment, remediation, and post-incident reviews\nDrive root cause analysis and ensure lessons learned are embedded into operational processes and controls\nAct as an escalation point during high-priority security events and major incidents\n\nSecurity Assurance & Risk Management\nConduct security assurance activities including vulnerability assessments, security reviews, and control validation exercises\nMaintain and evolve enterprise security controls aligned to organisational risk appetite\nPerform risk assessments and maintain cyber risk registers, ensuring remediation activities are tracked and managed effectively\nSupport internal and external audit activities, including remediation coordination\n\nSecurity Architecture & Secure Change\nProvide security consultancy and oversight for enterprise projects, cloud initiatives, and technology transformation programmes\nEnsure security requirements and risk mitigations are embedded into solution design and implementation\nReview and challenge proposed architectures from a security and risk perspective\n\nCloud & Enterprise Security\nSupport and oversee security controls across enterprise cloud platforms and SaaS technologies including:\nMicrosoft Azure\nMicrosoft 365\nDynamics 365\nCollaborate with infrastructure, engineering, and architecture teams to improve enterprise security posture\n\nMSSP & Third-Party Oversight\nManage relationships with Managed Security Service Providers (MSSPs) and external security partners\nMonitor service quality, SLA adherence, operational effectiveness, and incident handling performance\nConduct third-party security assurance reviews and vendor risk assessments\n\nGovernance, Reporting & Awareness\nDevelop and maintain security policies, standards, and operational procedures\nProduce regular reporting for leadership covering security posture, incidents, risks, vulnerabilities, and remediation progress\nDeliver security awareness initiatives and training programmes across the organisation\nSupport executive and board-level discussions relating to cyber risk and security strategy\n\nWhat You Will Need\nExperience & Qualifications:\nMinimum 6 years of experience in cyber security, with strong exposure across:\nSecurity assurance\nIncident management\nSecurity risk management\nSecurity architecture or secure change governance\nExperience operating within enterprise or global environments\nBachelor’s degree in Computer Science, Information Security, or related discipline\nIndustry certifications such as CISSP, CISM, CRISC, CCSP, or equivalent are highly desirable\n\nTechnical & Professional Skills:\nStrong understanding of enterprise security controls, governance frameworks, and risk management practices\nStrong technical knowledge across:\nCloud Security (Azure, M365, D365)\nSecurity Architecture\nIdentity & Access Management\nVulnerability Management\nEndpoint & Security Monitoring technologies\nExperience leading or coordinating cyber security incident response activities\nAbility to assess and communicate technical security risks to both technical and non-technical stakeholders\nStrong analytical, organisational, and problem-solving capabilities\nExcellent written and verbal communication skills\n\nDesirable Experience:\nExperience supporting organisations through acquisitions, integration, or transformation programmes\nExperience managing third-party security vendors and MSSP environments\nPrevious engagement with executive leadership and board-level stakeholders\nExposure to regulated or highly distributed enterprise environments\n\nAdditional Requirements:\nWillingness to participate in on-call security incident support as required\nFlexibility to support global operations across multiple time zones\nOccasional international travel may be required