Chief Security Officer (CSO)

About The Position

Requirements

• Extensive senior leadership experience in enterprise security, cyber security or protective security within complex, regulated or defence‑adjacent environments.
• Proven experience operating as an accountable executive owner of security risk, rather than solely as a technical or operational specialist.
• Strong understanding of federated operating models, with the ability to influence and hold leaders to account without direct line management.
• Experience engaging with auditors, regulators, government or defence customers.
• Strategic thinker with the ability to translate risk into clear executive‑level insight.
• High credibility with senior stakeholders; able to act as a trusted advisor to the Executive team and Board.
• Strong judgement, integrity and discretion when handling sensitive and classified matters.
• Able to balance pragmatism with rigour in a fast‑moving, operationally complex environment.
• Thoughtful, thorough and conscientious.
• Acts in the best interests of the team and the business.
• Takes ownership and accountability for outcomes.
• Integrity, credibility and maturity in confidential situations.
• Clear, confident communicator with strong interpersonal skills.
• Driven, proactive and comfortable operating with ambiguity.

Nice To Haves

• Experience in defence, critical infrastructure, maritime or highly regulated industries.
• Familiarity with ISO 27001 and related security and risk frameworks.
• Experience working with cyber insurance, incident response and crisis management at executive level.

Responsibilities

• Act as the single accountable owner of security risk across Ocean Infinity, covering cyber, information, physical and personnel security.
• Establish and maintain a clear Group security strategy and operating model aligned to business growth, defence and government requirements.
• Provide visible, auditable management ownership of security, addressing regulatory and certification expectations (e.g. ISO 27001).
• Define and own Group security policies, standards and minimum controls across all entities.
• Ensure consistent risk assessment, reporting and assurance across the Group.
• Oversee audit readiness and remediation, and act as executive sponsor for security‑related audits and certifications.
• Lead a federated security model, with Entity Security Controllers accountable for local delivery (including physical and human security at site level) and the Cyber function retaining delivery responsibility within Technology.
• Provide direction, challenge and escalation through formal dotted‑line accountability, without centralising day‑to‑day operations.
• Own the enterprise cyber risk posture, ensuring cyber capabilities, controls and response are appropriate to business and threat context.
• Set expectations for cyber resilience, incident response and recovery, working in partnership with Technology leadership.
• Own Group‑level policy, standards and assurance for physical and personnel security.
• Ensure site‑level and contract‑specific requirements are clearly owned and delivered by entity Security Controllers, particularly in defence‑regulated environments.
• Act as the senior security representative for government, defence and regulated customers, insurers, auditors and regulators.
• Support bids and contracts by providing credible assurance of Ocean Infinity’s security posture and leadership ownership.
• Provide clear, evidence‑based security risk advice to the Executive team and Board.
• Escalate material risks and non‑compliance, ensuring informed and timely decisions.