Head of Global IT Security
Reference: 704091
Location: Burnley
Type: Permanent
Sector: Renewables and Infrastructure
Description
Simpson Booth on behalf of our client, an expert in fabrication and construction are recruiting for this exciting new role. This is an exciting time to join our client as they undergo a period of exceptional growth on a global basis.
The Role
The Head of IT Security is responsible for protecting the organisation’s data, systems and infrastructure against evolving security threats. This is a standalone role without a dedicated security team, operating primarily through the infrastructure and IT operations teams. The role focuses on defining governance, establishing controls, managing risk and embedding security into key IT and business processes.
This is a global position, therefore, occasional travel to global sites will be required although the role will be based in Burnley (Hybrid).
Key Responsibilities
Define and maintain the security governance framework, and lead the development and delivery of a multi-year cybersecurity strategy, including core policies, controls, and risk-based prioritisation.
Lead collaboration with infrastructure and business teams to ensure security baselines across cloud platforms (Azure, M365) are in place.
Maintain the Cyber Incident Response Plan and coordinate security events, audits and post-incident reviews.
Ensure vendor, project and application security is addressed through due diligence and policy alignment.
Promote a culture of secure behaviour and support awareness, training and continuous improvement.
Drive organisation-wide security awareness through structured training, campaigns, and practical guidance tailored to different user groups.
Key Requirements
Qualifications:
Essential:
Formal post-secondary education (degree, diploma, or equivalent) in any discipline, or equivalent practical experience
Relevant security certifications (e.g. ISO 27001, Cyber Essentials Plus, Security+)
Familiarity with frameworks such as NIST, GDPR, Cyber Essentials Plus, CIS Controls
Desirable:
ISO27001 awareness or training
Microsoft Azure certifications (e.g. AZ-104, AZ-305)
CompTIA Security+ or equivalent
Relevant vendor certifications (e.g. Cisco)
Work Experience:
Essential:
Extensive experience in IT or information security roles, with increasing responsibility
Experience developing and delivering long-term information or cyber security strategies
Proven track record in infrastructure-heavy environments, with exposure to networks, endpoints and cloud platforms.
Experience working in lean or mid-maturity organisations, where security delivery depends on influence and collaboration
Hands-on experience with Microsoft-centric environments (Azure, M365, Intune, Defender, etc.)
Experience coordinating security incidents, risk assessments, or response activities
Demonstrated ability to embed or guide security through projects, vendors and operational processes
Ability to design and deliver security awareness training and promote a strong security culture across all levels of the organisation
Participation in compliance initiatives and audits related to Cyber Essentials Plus, ISO 27001, NIST or GDPR
Desirable:
Experience supporting or overseeing external MDR/VSOC providers
Exposure to vendor due diligence, SaaS onboarding and third-party risk management
Familiarity with industrial services, engineering, or project-based technical environments
Involvement in security policy rollout, training initiatives, or user-facing awareness efforts
Skills & Knowledge:
Essential:
Strong working knowledge of Microsoft-based technologies (Azure, M365), IAM principles and endpoint security
Ability to define, implement and monitor technical and procedural security controls
Clear understanding of risk management, incident response and compliance frameworks
Confident communicator with ability to influence across business and technical teams
Able to operate independently, prioritise across multiple demands and lead security initiatives in a mid-maturity IT environment
Desirable:
Awareness of emerging threats, vulnerability trends and industry threat intelligence practices
Understanding of vendor security evaluation methods and procurement-related security considerations
Familiarity with automation or scripting in a security context (e.g. PowerShell, Defender API usage)
Experience engaging with executive stakeholders on security posture, risks and investment needs
Due to current workloads, we regret to inform that in the instance you have not heard from us within 2 weeks of your application, you are to consider your application unsuccessful at this time.