Head of Information Security
On site
London, United Kingdom
Full Time
18-03-2025
Job Specifications
Job Role: Head of Information Security
Location: London
Hours: 35 hours per week Monday to Friday
We are looking for a highly experienced and strategic Head of Information Security to lead and shape the organisation’s security posture across IT Security, Cyber Security, and Information Security functions. You have a deep understanding of technical and governance-based security practices, with the ability to balance operational resilience, risk management, and business enablement.
In this role which reports to our Chief Information Officer, you will drive the overall security strategy, ensuring that security controls, policies, and technologies effectively protect the organisation’s assets, infrastructure, and data. You will work closely with senior leadership, providing expert guidance on threat mitigation and security best practices. If you thrive in a dynamic environment and have a passion for building and evolving enterprise security programs, we want to hear from you
Main Responsibilities
Define, implement, and oversee technical security controls across the organisation’s Microsoft and Azure-based infrastructure, ensuring robust protection against cyber threats.
Lead vulnerability management and remediation efforts, ensuring timely identification and mitigation of risks across cloud and on-premises environments.
Enhance and manage security monitoring, detection, and response capabilities using Microsoft security tools such as Microsoft Defender, Sentinel, and Entra ID security features.
Drive the security architecture and engineering strategy, ensuring secure design principles are embedded across cloud and hybrid infrastructure.
Oversee identity and access management (IAM), enforcing least privilege principles and securing authentication processes across Microsoft platforms.
Coordinate and lead incident response activities, working with internal teams and third-party providers to contain and remediate security breaches.
Ensure endpoint security for end-user devices, virtual desktops, and cloud-based services, leveraging Microsoft Defender for Endpoint and other relevant tools.
Support M&A security assessments and integrations, ensuring due diligence and risk mitigation for acquired environments.
Maintain an understanding of evolving cyber threats and proactively adapt security measures to stay ahead of emerging risks.
Provide oversight of governance and compliance requirements, ensuring security policies and regulatory obligations (e.g., ISO 27001, NIST, CIS benchmarks) are met.
About You
At least five years’ experience in cyber security leadership roles, with a strong focus on technical security operations and architecture.
Proven track record of securing Microsoft and Azure-based environments, including cloud, hybrid, and on-premises infrastructure.
Hands-on experience in managing and responding to security incidents, threat hunting, and vulnerability remediation.
Strong background in implementing and overseeing security monitoring and detection capabilities using SIEM, EDR, and XDR solutions.
Experience leading security initiatives in complex enterprise environments, including M&A integrations and security due diligence.
Familiarity with security frameworks and compliance standards such as ISO 27001, NIST, CIS benchmarks, and Microsoft Security Best Practices.
Strong stakeholder engagement experience, with the ability to communicate technical security risks and strategies to senior leadership and technical teams.
Technical Skills
Relevant certifications such as CISSP, CISM, Security Blue Team, Microsoft Certified: Azure Security Engineer Associate AZ-500, Microsoft Certified: Security Operations Analyst Associate SC-200, and Microsoft Certified: Cybersecurity Architect Expert SC-100 are highly desirable.
Expertise in Microsoft security solutions, including Microsoft Defender (Endpoint, Identity, Cloud), Microsoft Sentinel (SIEM), Entra ID Security Features, and Microsoft Purview.
Strong knowledge of Azure security controls, including Azure Firewall, Key Vault, Conditional Access, and Azure Network Security.
Deep understanding of identity and access management (IAM), MFA, and privileged access security in Microsoft environments.
Hands-on experience with vulnerability management tools, security patching, and hardening of cloud and on-premises systems.
Proficiency in security automation, scripting, and Infrastructure-as-Code (IaC) using PowerShell, Azure Policy, Azure Automation Accounts, and Logic App workflows.
Experience with network security principles, including zero-trust architecture, segmentation, firewalls, and secure remote access solutions.
Strong understanding of cyber threat intelligence, MITRE ATT&CK framework, and advanced threat detection methodologies.
The Benefits
Our customers deserve the best and the same applies to our people. We’ll support you with all of the technology, training and support that you need to do your job well. We offer competitive salaries and a range of benefit packages. In addition to the core benefits, we also offer a range of exclusive discounts on extra benefits to help you and your family make the most of your money, safeguard your future and look after your health.
Diversity
We’re committed to promoting diversity at Emeria and recruit on merit. We will consider applications from job share applicants.
Ready to Apply?
Click the below apply button to start your application for this role. We will ask you to upload your CV and answer a few questions.
If you meet the criteria for the role we’ll be in touch to arrange a short telephone interview and our shortlist of candidates will be invited to attend interviews with the hiring manager and up to three other key stakeholders.
About the Company
Emeria is the world’s leading provider of real estate services and technologies, providing services to both individuals and businesses. We assist our residential and commercial customers at every stage of their property journey with competitive and comprehensive service offerings: acquisition, lease and renting, block management and sales. The Group operates mainly in Europe in 8 countries and has a strategy of multi branding. Our residential real estate services business is the leader in France, operating under the Foncia ... Know more
Related Jobs
- Company Name
- Vertus Partners
- Job Title
- Cyber Security Architect - Banking - London
- Job Description
- My client, a leading multinational bank is looking for a Security Architect who can help in strengthening their security posture and ensuring that their application lifecycle meets the highest standards of protection. You’ll be responsible for leading and designing comprehensive security solutions including creating end-to-end blueprints for security infrastructure to help protect their systems from any potential cyber threats. Requirements Proven experience as a Cyber Security Architect, with a focus on designing, implementing, and securing large-scale systems. Strong experience in Network Security, Application Security, Cloud Security and implementing security toolsets to improve overall system security. Knowledge and hands-on experience with application lifecycle processes and security measures at each stage. A proactive mindset to identify gaps in security and a strong track record of delivering successful security solutions. Ability to work with stakeholders across all levels discussing complex solutions. Certifications such as CISSP or CISM would be a plus. Please note this role will require you to be in their London office 5 days per week.
- Company Name
- monday.com
- Job Title
- Application Security Researcher - London
- Job Description
- Description monday.com is looking for an application security researcher to research our platform for vulnerabilities, manage our bug bounty program, and work with R&D to enhance the security of our platform. The Application Security Team is based in our headquarters, Tel Aviv, Israel - you’ll be the first to join the team from London. monday.com works hybrid with 3 days in the London office. About The Role Perform black, gray, and white box penetration testing on monday.com’s platform - both frontend and backend. Manage the bug bounty program, including hacker engagement and communication with the hacker community. End-to-end work on reported vulnerabilities as part of the bug bounty program. Provide guidance on security best practices to developers. Embed/improve security threat modeling and secure coding in the development lifecycle. Develop security abuse cases for testing as part of the software development lifecycle. Perform and oversee security testing and manage remediation of identified vulnerabilities. Monitor and proactively report on current threats and vulnerabilities to application security. Initiate and automate processes for detecting and monitoring the platform security. Requirements Scripting capabilities and automation mindset. At least 2 years of experience in web penetration-testing. In-depth knowledge of application security vulnerabilities, testing techniques, and the OWASP framework. Experience working with the hacker/pen-testing community. Team player able to and build relationships across the organization, also remotely. Understanding of secure web application development. Comprehensive knowledge of IT and information security subject matter. Exposure to methods of promoting security awareness. Strong communication (verbal/written) and influencing skills, with an ability to manage internal and external relationships. Anticipates problems and identifies long-term implications of decisions and actions. Ability to work and learn alone. Able to prioritize workload and drive work to set deadlines.
- Company Name
- British Heart Foundation
- Job Title
- Information Security Manager
- Job Description
- Location: Dual - London office & home Salary Details: £59,000 - £62,000 p/a + benefits Hours Per Week: 35 Closing Date: 31 Mar 2025 Vacancy type: Permanent Are you an Information Security expert looking to work for one of the UK's largest charities? British Heart Foundation (BHF) is undergoing a digital transformation and seeking an Information Security Manager to oversee Governance, Risk, and Compliance (GRC) within the security team and ensure regulatory and policy compliance. Joining a dynamic and growing information security team at an exciting point in the charities history you’ll collaborate with teams across British Heart Foundation (BHF) to protect BHF’s objectives and integrity. Responsibilities include risk identification, assessment, mitigation, and maintaining a robust governance framework. Managing the Information Security GRC team, you'll enhance security, compliance, and risk posture in line with industry standards while maintaining ethical practices. Working arrangements This is a blended role, where your work will be dual located between your home and our London office. At BHF we believe in the power of being together, so our colleagues on blended contracts can expect to spend some time in their office, at least one day each week, on average. The use of our office spaces is driven in part by your role and the activities you need to do. This may vary from time to time, so you will need to work in a flexible way to unlock your best work for our cause. About you This opportunity would suit an experienced GRC professional who excels in a collaborative environment and has hands-on risk management and reporting experience. With previous experience managing and leading an InfoSec GRC team, you’ll have strong knowledge and experience of working with the following: • Payment Card Industry Data Security Standard (PCI-DSS) for a Tier 1 merchant • General Data Protection Regulation (GDPR) • NIST Cybersecurity Framework (CSF) v2.0 • Critical Security Controls Libraries such as CIS Controls • Cyber Essential Plus (CEP) With proven experience in managing and delivering complex GRC activities within a fast-paced and dynamic security domain, you’ll have previous experience of working within a risk management framework as well as Cloud Security governance. To be successful in this role you’ll also have the following skills and experience: • Effective at building relationships across a large complex organisation and influencing stakeholders. • Excellent communication and presentation skills, able to translate complex security-related matters into terms that are easily understood by colleagues. • Planning skills to develop a governance risk and compliance roadmap to be executed by the GRC team. • Excellent analytical and problem-solving skills. • Able to manage multiple tasks and meet deadlines in a fast-paced environment. About us At BHF, we are focused on the urgent need to fund more research into heart and circulatory diseases like heart diseases, stroke, vascular dementia and the conditions that cause them, to find answers fit for 21st century challenges. We are independent, have more than fifty years of breakthroughs under our belts and we won’t stop until we beat heartbreak forever. We value and respect every individual’s unique contribution, celebrate diversity, and make inclusion part of what we do every day. Our Equality, Diversity and Inclusion (EDI) Strategy, Igniting Change, along with our internal EDI group, Kaleidoscope, and a growing number of employee network groups (our Affinity Groups), help us create an environment where all our colleagues and volunteers can succeed. How to apply It’s quick and easy to apply for a role at BHF. Just click through to our careers site to apply. All you’ll need is an up-to-date CV and a supporting statement, outlining your interest in the role and how you meet the role’s criteria. As part of our commitment to be an inclusive employer and ensure fairness and consistency in selecting the best candidate for this role, the BHF will use anonymous CV software as part of the application journey. Should you need any adjustments to the recruitment process, at either application or interview, please contact us.
- Company Name
- Nottingham University Hospitals NHS Trust
- Job Title
- Data Protection & Security Manager
- Job Description
- Are you looking to make a difference and use your leadership and coaching skills? Then we want to hear from you as we have an excellent opportunity for you. We need experts in Data Protection and Security to help the Trust deliver an excellent Data Protection Office service. You probably know the NHS is one of the largest employers in the UK and EU and it needs you. In return this role can offer you a fantastic opportunity for you to learn, grow and develop whilst being supported by experienced leaders within this field. We’ve recently undertaken a full workforce change across the Data Protection Office service and are seeking strong, visible and competent leaders who can use their knowledge, skills and abilities to coach a team of staff to learn, develop and grow to achieve shared service wide objectives. In addition to the brief list below you must familiarise yourself with the full job description and person specification attached to this advert prior to applying. The post holder will be an experienced leader and specialist in relation to data protection, security, confidentiality, line management, service delivery and records managements. Responsible for the day to day management of the Data Protection Office / service. Lead and promote data protection and security awareness and provide advice and guidance to the Trust, Employee’s and Management in relation to the organisation achieving compliance with Data Protection Legislation. Provide Information Governance support in relation to commercial, informatics, and research projects. Provide first line support for all data protection and security enquiries. Including commercial, data analytics and research to the Trust. Such as contracts and procurement process and due diligence, ISA, DPA, DPIAs and DTAC. Work with managers, Heads of Service and Directors of operations to identify any new working practices required and to support the change programme to implement these utilising a Privacy by Design process. Ensure Continuous Professional Development (CPD) of self and supervisee’s. Provide expert advice to the Trust in relation to relevant Information Security / Cyber Security frameworks such as ISO27001 compliance but not limited too. Keeping themselves up to date with relevant frameworks. The post requires a mix of on-site and home working to suit the needs of our service. Typically, one or two days a week depending on the service needs. The service has an agile working approach and planned meeting schedules so the entire service can plan accordingly their home and work life balance accordingly. With over 20,000 staff, we are one of the biggest employers in the city with a central role in supporting the health and wellbeing of our local population. We play a leading role in research, education and innovation. Come and join our wonderful team at NUH. We are big believers in diversity and welcome new ideas to help develop our team in order to deliver world class healthcare to the vast patient populations we serve. With endless personal development opportunities available, at NUH we will endeavour to turn your job into a career! We particularly welcome applications from people who identify as Black, Asian and Minority Ethnic, or Disabled, as we are striving to be better represented at NUH. For further details / informal visits contact: Name: Marc Wilson Job title: Head of Information Security & Data Protection Email address: marc.wilson@nhs.net Please email to arrange discussion.