Head of Cyber Security and IT Risk

Min Experience- 10 yearsYour team
- Working as a part of the Risk, Legal & Compliance team with overall responsibility to drive all strategic and operational cyber security and IT risk functions.
- Working alongside the Head of Technology, senior business and risk executives and project management team within the reporting structure of the Chief Risk Officer.

You will be supported by 2 staff members operating in the following roles: Senior Cyber Security Consultant and Cyber Security Analyst.

Your Role

Cyber Security Governance
- Maintain a lean and effective cyber and technology risk governance structure, ensuring that risk management is deeply embedded into strategic business projects and operational decision-making.
- Ensure the business maintains an effective and agile cyber security policy framework that is aligned with LGT Group directives.
- Develop and manage the cyber security budget for all operational and strategic spend, ensuring resource allocation prioritises areas of high-risk and strategic importance.
- Establish and maintain a detailed cyber assurance program (including targeted reviews, supplier assurance, red teaming, penetration testing, disaster recovery testing, etc.) to identify and prioritise key gaps for remediation.
- Produce and present high-quality cyber risk reports to executive committees and board of directors (locally and at Group level), educating senior executives and the board on material risks, regulatory compliance, and strategic risk mitigation initiatives.
- Maintain a strong Line-2 assurance framework challenging the design and operations of the technology function, specifically ensuring the business adheres to GS007 control framework.
- Actively participate in monthly and quarterly vendor executive governance meetings — ensuring key suppliers meet contractually agreed KPIs and constantly adjust controls to mitigate emerging risks.
- Track audit findings and recommendations to ensure appropriate critical and high-rated issues are promptly addressed. Proactively engage internal and external auditors to identify synergies and avoid redundant reviews.

Stakeholder Management
- Develop and nurture relationships with key internal stakeholders, specifically executives, technology, risk management, legal, audit and HR management teams to create a shared sense of purpose and positive working culture.
- Liaise with external stakeholders, such as law enforcement, external auditors, advisory bodies, institutional clients, and business partners, as necessary, to ensure that the business maintains a resilient posture and promptly adjusts controls in line with emerging threats.

Strategy Execution
- Develop and deliver a high-impact cyber resilience strategy that is measurable, scalable, and advances strategic business goals.
- Ensure the business maintains a robust enterprise security architecture framework, ensuring that new systems are secure by design, fault-tolerant and architected in-line with industry reference standards.
- Actively collaborate with the Group CISO and their leadership team to identify opportunities to integrate local capabilities with the Group, ensuring consistency and strategic alignment.
- Negotiate vendor contracts to ensure the business invests in cost-effective and highly scalable solutions.
- Maintain a lean and effective cyber security team through ongoing mentorship, training, and maintaining a fine balance between outsourced and insourced capabilities.
- Stay abreast with key cyber security threats and regulatory changes and work with relevant stakeholders to adapt the cyber security strategy accordingly.

Incident Response
- Lead incident response, ensuring prompt containment, assessment, and remediation of key incidents. Conduct root cause analysis and implement corrective actions to prevent recurrence.
- Lead executive/board cyber crisis response simulations and drive the remediation of key issues identified.

Security Operations
- Work with outsourced providers and internal teams to ensure the business maintains a highly tuned and effective 24/7 security operations centre that prioritises threats on the business’s most valuable digital assets.
- Ensure the technology team and outsourced vendors maintain effective cyber security operational hygiene, including access management, backups, vulnerability management, patching and systems hardening.

Your skills & experience
- 10+ years of IT work experience, with at least 6+ years in leadership position overseeing cyber security teams or key projects and influencing decision makers.
- Proven leadership skills and the ability to work effectively with stakeholders, financial management, leading teams and executing complex change.
- Exceptional communications skills, with the ability to communicate with staff at various levels, both technical and clear business terms, regarding complex strategic projects.

Your role competencies
- Strong communication skills
- Resourceful, self-starter/driven
- R