Back to search results

Head of Cyber Security

Isle of Man
Permanent
Our client is seeking an experienced, hands-on and visionary Head of Cyber Security to drive the strategic development, implementation, and continuous improvement of their security programs.
 
This role requires a proactive leader who can safeguard the organisation against evolving cyber threats while fostering a strong culture of security and compliance across all departments. The successful candidate will play a pivotal role in securing digital assets, ensuring regulatory compliance, and driving enterprise-wide security initiatives.
 
This role offers the potential to evolve into a Chief Information Security Officer (CISO) position based on your experience and performance.  
 
Key Responsibilities  
  • Develop and execute the company's cyber security strategy, ensuring alignment with business goals, regulatory requirements, and industry best practices.
  • Establish, maintain, and enforce cybersecurity governance frameworks, policies, and procedures to protect the organisation's assets and ensure compliance with global security standards.
  • Lead risk management efforts, including risk assessments, business impact analyses, and mitigation planning.
  • Provide strategic security guidance to the C-suite, ensuring security priorities align with business objectives.
  • Lead annual audit programmes from external entities validating the organisations credentials. Experience in PCI DSS V4 +, SWIFT CSCF & ISO 27001:x is preferred
  • Oversee the investigation, analysis, and documentation of security incidents and breaches, ensuring swift and effective resolution.
  • Ensure well-defined incident response protocols are in place.
  • Develop and test business continuity and disaster recovery plans to minimise business disruption in the event of a cyberattack.
  • Drive threat intelligence programs, proactively identifying and mitigating emerging risks.
  • Manage external teams of security penetration testers working on monthly cycles so test and improve security implementations
  • Design, implement, and manage robust security measures across networks, endpoints, cloud platforms, and IT infrastructure to safeguard systems and data.
  • Oversee the deployment and management of firewalls, intrusion detection systems (IDS), endpoint security solutions, and zero-trust architectures.
  • Collaborate with IT and DevOps teams to embed security into cloud environments (AWS, Azure, Google Cloud) and application development lifecycles.
  • Implantation and management of SOC and EDR functions.
  • Conduct regular vulnerability assessments, penetration testing, and red-team exercises, working closely with external partners to continuously test and improve security defences.
  • Develop a comprehensive risk register, prioritising risks based on business impact and likelihood of exploitation.
  • Implement continuous monitoring and advanced threat detection tools to proactively identify security threats and vulnerabilities.
  • Develop and deliver security training programs for employees, promoting a company-wide culture of cyber awareness.
  • Conduct phishing simulations, cybersecurity drills, and awareness campaigns to improve security posture across the organisation.
  • Engage with business units to ensure secure development practices and adherence to security policies.
  • Act as the primary security advisor for internal teams, ensuring seamless collaboration with IT, engineering, compliance, legal, and operations.
  • Assess and manage third-party security risks, ensuring vendors and partners comply with security requirements.
  • Provide clear, actionable security reports and recommendations to senior leadership, translating technical risks into business terms.
 
Key Skills & Experience
  • Proven track record of leadership in cybersecurity, with at least 5+ years of experience in senior security roles.
  • Experience leading cybersecurity programs, teams, and enterprise-wide security initiatives.
  • Ability to influence C-suite executives on cybersecurity priorities and risk management.
  • Deep understanding of security architectures, network security, cloud security, and endpoint protection.
  • Hands-on expertise in firewalls, IDS/IPS, SIEM solutions, IAM (Identity and Access Management), and zero-trust frameworks.
  • Strong knowledge of secure software development practices (DevSecOps) and modern application security methodologies.
  • Experience with forensic analysis, malware analysis, and threat hunting.
  • Strong familiarity with financial, e-commerce, and payment security regulations, including PCI DSS and ISO 27001.
  • Experience working within highly regulated industries, ensuring compliance with GDPR, NIST, and SOC 2.
  • In-depth understanding of cyber threat intelligence, MITRE ATT&CK framework, and cyber kill chain methodologies.
  • Exceptional ability to communicate technical security concepts to non-technical stakeholders.
Your specialist: Anne Murray
Quote job ref: 15717

Hi, I'm your specialist Anne and I can't wait to hear from you about this job. You can simply submit your CV or call me on 678144 with any questions.