A fantastic opportunity has arisen for a Head of Cyber Security to join the Pavers & Jones Bootmaker Head Office Team at Northminster Business Park, York on a 12-month Fixed Term Contract. As Head of Cyber Security, you will lead the Pavers cybersecurity strategy, ensuring robust protection against cyber threats, compliance with regulations, and the continuous enhancement of security posture. This role is pivotal in overseeing risk management, incident response, security governance, and technology implementation to safeguard the business. You will lead and create Cyber strategy, collaborating with key partners across the IT and Data teams, and all stakeholders from all other business functions to achieve this. You will challenge the current ways of working, championing the required culture changes that are needed within the business and look for ways to improve on Pavers’ goals and objectives. Steering and leading the team towards Cyber Essential Plus /ISO 27001, you will drive results by providing the business with a road map to operational resilience. Key responsibilities · Lead, mentor, and develop the cybersecurity team, ensuring that each member has the necessary skills, resources, and support to effectively protect the business from evolving threats, while also fostering a collaborative and proactive security culture across all departments. · Develop and execute the organisation’s cybersecurity strategy, ensuring that policies, procedures, and frameworks are not only aligned with the company’s overarching business objectives but also adhere to industry best practices and regulatory requirements, such as GDPR, ISO 27001, and Cyber Essentials standards. · Evaluate, implement, and manage cybersecurity technologies that enhance our overall security position by strengthening protection mechanisms, improving real-time monitoring capabilities, and leveraging threat intelligence to proactively identify and mitigate potential security risks. · Develop and maintain an effective incident response plan, ensuring that the business is well-prepared to detect, respond to, and recover from cyber threats in a timely and efficient manner, while also conducting regular testing and refining processes to enhance resilience. · Conduct a comprehensive IT infrastructure review and capability analysis, identifying potential vulnerabilities, gaps, and areas for improvement to ensure that security measures remain robust and aligned with modern technological advancements. · Secure and implement cloud-based security measures with a primary focus on Azure, ensuring that all configurations follow best practices for access control, encryption, and threat detection, while also leveraging experience in multi-cloud environments to support a flexible and resilient security architecture. · Document and embed data classification, retention, and lifecycle management policies, ensuring that sensitive data is appropriately categorised, securely stored, and retained in accordance with compliance requirements, while also implementing strategies to manage data throughout its entire lifecycle securely. · Manage relationships with third-party security vendors, ensuring that all external security solutions align with our security objectives, while also evaluating new security products to assess their effectiveness, scalability, and ability to integrate seamlessly into existing security frameworks. · Define, communicate, and train employees on their responsibilities and ownership for information security, ensuring that security awareness is embedded at all levels of the business, and providing targeted training programmes that empower staff to recognise and respond appropriately to security risks. · Implement secure system configurations across the organisation, including the deployment of Single Sign-On (SSO) for streamlined authentication, Multi-Factor Authentication (MFA) to enhance access control, and endpoint protection measures to safeguard devices against malware, phishing, and other cyber threats. · Establish and maintain a centralised risk register, tracking security risks across the organisation and developing structured risk treatment and mitigation plans that prioritise critical threats while ensuring ongoing risk assessments and continuous improvement of security controls. · Embed a security response plan within the organisation, ensuring that all key stakeholders are trained and engaged in regular security incident drills, penetration testing exercises, and tabletop simulations to enhance preparedness and response effectiveness in the event of a cyberattack. · Advise senior leadership and key stakeholders on cybersecurity risks, trends, and best practices, providing clear and actionable insights that enable informed decision-making, while also ensuring that cybersecurity considerations are integrated into broader business strategies to enhance overall resilience. About you · Great people leader - exemplary people leadership, skilled at building and guiding high-performing teams of experts, fostering an inclusive culture through personal example. Proven ability to build, grow and inspire diverse cross-functional teams. · Extensive experience in a senior cybersecurity leadership role, demonstrating the ability to develop, implement, and oversee security strategies that align with business objectives. This includes leading teams, managing budgets, and driving security initiatives across a complex organisational structure. · Strong understanding of industry-recognised cybersecurity frameworks, standards, and regulations, such as NIST, ISO 27001, CIS, and GDPR. Experience ensuring compliance, managing risk assessments, and embedding security best practices across an organisation. · Hands-on experience in identifying, mitigating, and responding to cybersecurity incidents, including threat detection, vulnerability management, and forensic investigations. A strong background in implementing and managing security technologies to safeguard retail environments, including POS security, supply chain protection, and fraud prevention. · Skilled in ethical hacking techniques and penetration testing to proactively assess and strengthen security postures. Experience conducting security assessments, identifying vulnerabilities, and implementing remediation strategies to prevent cyber threats. · Ability to engage, influence, and communicate complex security issues effectively to both technical and non-technical stakeholders, including senior leadership. Capable of fostering a security-conscious culture across the organisation through training, awareness, and policy development. · A strategic thinker with excellent analytical skills and a proactive approach to cybersecurity challenges. Adept at identifying risks, assessing their potential impact, and implementing robust solutions that enhance security while supporting business continuity and growth. Benefits/Package for our Head of Cyber Security Salary: Competitive, depending on experience · Death in Service · Private Health Insurance · Generous Staff Discount · Free on-site parking · Holiday Entitlement (Increases with service) · Company Contribution Pension · Gym Discounts · Access to RetailTRUST (Wellbeing Support) · Discretionary Bonus About Us At Pavers we are passionate about providing comfort and happiness to our customers, and we make sure to employ people who are as passionate as we are. We always look for happy, confident, upbeat people, and we provide great jobs in a supportive family environment for them. We know that without our colleagues there is no business, and so the better we look after you, the better service you will provide our customers. Pavers is a growing, highly profitable, independent family-run business with a strong balance sheet, employing over 1,900 people across our estate of circa 200 Stores, Head Office & Distribution Centre, and we remain acquisitive. We were recognised as the Second-Best Retailer to work for, and a 3 Employer with ‘World Class’ levels of workplace engagement by Best Companies in November 2024. At Pavers we truly believe the talents, passion, and dedication of our employees are the reasons for our success. In 2021 we became the first major retailer to achieve Carbon Neutral status and have proudly maintained this standard ever since. Championing sustainability is at the heart of everything that we do, and we’re committed to changing the future of retail for the better acting in an environmentally and socially responsible manner. Giving back is in our nature as a Business and in 2018 we established the Pavers Foundation, in the memory of our late founder, Catherine Paver. Since then, the Foundation has awarded grants for causes close to our colleagues’ hearts for; community, education, and areas of health, totalling more than £2m, growing year on year. If this sounds like the kind of business you’d like to know more about, we’d love to hear from you - please apply today for the role of Head of Cyber Security.