Head of Information Security

About The Position

Requirements

• Bachelor’s degree in a relevant subject or similar experience and professional certification required. Master’s degree or level 7 equivalent preferred.
• 10+ years of progressive experience in information security, cyber risk, or technology governance.
• 5+ years in information security leadership, roles in critical-infrastructure or DC environments Is considered a plus.
• Strong knowledge and delivery of ISO 27001, NIST CSF, SOC2 and CIS Controls and other example frameworks and Zero Trust architectural principles.
• Experience securing OT/ICS systems and maturing SOC/IR programs.
• Relevant Industry certifications such as those from ISACA and ISC2.
• Strategic security leadership, risk-based decision-making.
• Strong documentation, audit readiness and compliance discipline.
• Communication and influence across senior and operational teams.

Responsibilities

• Define and annually refresh the information security strategy, roadmap and operating model; integrate with compliance, enterprise risk and resilience frameworks.
• Own and maintain the Information Security Management System (ISMS), ensuring alignment with ISO 27001/2, regulatory requirements and relevant DC industry standards.
• Set enterprise security KPIs and metrics for executive and board-level reporting.
• Establish policy frameworks in areas covering for example data protection, identity and access management, acceptable use, OT/ICS security, vendor security, secure development, and incident reporting.
• Oversee security architecture for IT, cloud, network, data-center infrastructure and OT systems.
• Define technical baselines including hardening standards, segmentation and encryption requirements.
• Partner with Development, Design and Operations to define secure designs for cooling systems, generators, SCADA/ICS/BMS/EPMS etc.
• Lead vulnerability management, penetration testing and red-team programs.
• Own enterprise IAM and PAM strategy including MFA, RBAC and privileged controls.
• Design and implement an organisational approach for zero trust.
• Implement strong controls for contractor and supplier remote access and device hardening.
• Lead the SOC strategy and threat-monitoring capability.
• Maintain incident response plans, playbooks and conduct exercises.
• Build threat intelligence capabilities aligned to critical-infrastructure threats.
• Coordinate with Physical Security on integrated access controls and incident response.
• Take a combined approach to enterprise risk management activities.
• Own supplier security assurance for high-risk categories.
• Support hyperscale, neocloud and enterprise customer audits, RFPs and security reviews.
• Maintain compliance with for example, NIS2, DORA and critical-infrastructure regulation.
• Coordinate internal/external audits of the ISMS and remediation cycles.
• Own security tooling including SIEM, EDR/XDR, IAM/PAM, OT monitoring.
• Maintain enterprise security architecture, artefacts and standards.
• Own development and delivery training including onboarding, refresh and annual activities.
• Support travel security efforts.
• Build and run resilience planning including IT DRP, critical asset Identification and backup policies.
• Build and lead a high-performing InfoSec team.
• Secure budget for toolsets, SOC operations and improvements.
• Drive security culture through training and role-based learning.