Role: Head of Information Security Location: Hybrid - Milton Keynes Reports to: Digitalisation & IT Director Type: Permanent, Full Time Salary: Competitive, plus an excellent benefits package The Head of Information Security will provide strategic leadership for the organisation’s Information and Cyber security programme, ensuring alignment with the company’s business objectives and risk appetite. This individual will focus on commercial operations and financial services business units (UK, EU/NE), accountable for ensuring local market compliance whilst adhering to the broader/parent company’s information security policies. Accountable to the executive board, the Head of Information Security will also work closely with local security officers in each market to drive the implementation of robust, market-specific security policies, fostering a culture of security awareness and resilience.
In this role you will:
Own Strategic Leadership, Policy Development & Enablement of Cultural Shift.
• Define and implement the strategic direction for information and cyber security across UK and European commercial and financial services business units.
• Operate within a matrix organisational structure to ensure adherence to parent company policies, while developing and managing local policies tailored to market-specific risks.
• Build a ‘compliance-first’ culture across the organisation.
• Collaborate with the central Group Information Security function to align local security practices with global standards.
• Use knowledge of security best practices to translate standards and policies into tangible deliverables for implementation in the UK and EU markets.
Deliver Operational Oversight and Governance.
• Establish and maintain a comprehensive cybersecurity framework to protect sensitive customer and business data.
• Develop risk management strategies and oversee risk assessments to identify vulnerabilities and mitigate threats.
• Monitor regulatory requirements and ensure the organisation's compliance with relevant standards (e.g., GDPR, ISO 27001).
• Work with IT operation and network infrastructure team to advise and guide them on security architecture requirements, gaps and opportunities.
• Ensure compliance with UK and EU data protection laws, industry regulations, and other relevant security requirements, working in collaboration with legal and compliance teams.
Oversee Risk, Compliance & Incident Management.
• Proactively identify all information security compliance requirements and risks (e.g. in line with group policy, UK/EU regulation), establish baselined and proactively act to remediate gaps to ensure UK/EU markets are on the front foot when it comes to compliance/audit.
• Lead the response to cybersecurity incidents in the UK and EU markets.
Promote Collaboration and Stakeholder Engagement.
• Provide regular updates to the executive board on security risks, compliance, and key initiatives.
• Work closely with legal teams to interpret and apply relevant cybersecurity laws and regulations, providing guidance on legal implications related to security practices.
• Establish and chair a regional security governance committee.
• Mentor and support local security officers in their roles, offering hands-on guidance to address operational challenges.
• Deliver training programs to enhance the security capabilities of local teams and ensure effective incident response readiness.
About you:
• Bachelor's or Master's degree (or formal qualifications) in Information Security, Cybersecurity, or a related field (preferred)
• Proven experience as a senior information security leader, ideally in a matrix organisation with multi-national operations.
• Deep understanding of commercial and financial services industries, with experience managing security in these domains.
• Expertise in developing and implementing information security policies, frameworks, and risk management strategies.
• Strong knowledge of regulatory and compliance requirements (e.g., GDPR, PCI DSS, ISO standards).
• Exceptional leadership and communication skills, with the ability to influence stakeholders at all levels.
• Experience in mentoring and supporting distributed security teams across multiple geographies.
• Relevant certifications (e.g., CISSP, CISM, CISA) are strongly preferred.
If you’re interested in this role we’d love to hear from you.
Closing date: 04/04/2025
Next steps:
1. If you like the sound of this position, please apply today.
2. A member of the Scania Recruitment team will contact you to discuss your application.
3. If you are successful at that stage, you will be invited to have a conversation with the hiring manager.
We understand that every candidate is unique, and we strive to accommodate your needs. If you require any adjustments during the application process, please reach out to our Recruitment Team, we’ll be happy to discuss these with you