Role Intro:

Our Exec team here at MRJ are delighted to bring to market a brand new Head of Information & Cyber Security role on behalf of a leading B2B2C services company.

This expanding group continues to defy their market with sustained growth and has recently embarked on a buy and build strategy following a major investment round that completed 2 years ago.

ROLE:

Working closely with the CTO and the Group board, the Head of Information & Cyber Security will be responsible for defining, driving, and maturing the company's security strategy. You’ll set the vision for a robust risk and cyber security framework, build a high-performing team, and lead the organisation on their journey toward a Zero Trust architecture and recognised security certifications.

This is a hands-on leadership role for someone who can combine strategic thinking with the ability to execute, influence stakeholders, and bring their relatively new security team to full maturity.

Key Responsibilities

Strategy & Governance

Own and evolve the risk management framework, building on work initiated by the GRC team.
Develop and deliver the organisation’s cyber security strategy and roadmap for the next 12–24 months, aligned to business goals.
Lead our journey to Zero Trust architecture, including proof of value (POV) and implementation plans.
Drive the organisation towards Cyber Essentials Plus and ISO 27001 certification.

Operations & Engineering

Oversee the outsourced Security Operations Centre (SOC) and MSSP, ensuring processes and incident response capabilities are matured and optimised.
Guide and mentor the internal Cyber Engineering function (currently implementing Microsoft Defender), ensuring effective tooling and best practice.
Own incident management—build incident response plans and act as the organisation’s incident commander when required.
Oversee implementation of email security (Egress) and security awareness training.

Leadership & Change

Build capability and maturity across a new and developing team, providing strong leadership, coaching, and a culture of continuous improvement.
Partner with senior stakeholders to influence change and promote security awareness across the business.
Support M&A activity, providing security due diligence and integration oversight.

Required expertise, skills and experience:

An experienced information & cyber security leader, you will be comfortable rolling your sleeves up and leading a team, with the expertise and experience driving & delivering the security agenda across multiple locations.

It’s also expected that you’ll possess and offer the following skills:

Proven track record of implementing and maturing risk management frameworks.
Strong background in cyber security operations, including SOC oversight and incident response.
Experience delivering Zero Trust strategies and/or large-scale security architecture change programmes.
Hands-on leadership of teams at an early stage of their maturity; skilled at coaching and developing people.
Experience with regulatory certifications such as ISO 27001 and Cyber Essentials Plus.
Strong stakeholder management skills and the ability to drive security culture across the organisation.

Desirable

Experience supporting M&A security due diligence and post-acquisition integration.
Familiarity with Microsoft security stack (Microsoft Defender) and modern email security tools (e.g. Egress).

PLEASE NOTE:

Salary: £100k base (max)

Location: This role is remote first, with 1 day per month spent in the company's HQ in Berkshire.

Interview process: 2 stages

If you're interested in leading information security for a leading player in their market, get in touch today.