Job Description

This is a hands on cyber senior mandate to build the cyber and information security function from the ground up. You will define the organisation's cyber, information security, and data protection posture across corporate environments, operating across multiple jurisdictions and regulatory regimes. This role is not about maintaining a mature estate but is about creating the foundations, closing audit findings, and embedding sustainable security governance.

• Define and execute a org wide cyber and information security strategy aligned to business goals and regulatory requirements
• Establish and operate an ISMS aligned to ISO 27001, NIST, and CIS frameworks
• Close all audit findings and implement foundational security governance
• Design and embed data protection policies, including cross border data transfer governance
• Ensure compliance with UAE PDPL, UK GDPR, and other applicable local regulations
• Build a cyber risk management framework covering corporate IT, OT contexts, and third parties
• Establish IR crisis management playbooks, escalation routes, and executive reporting
• Define and implement SOC and threat intelligence capabilities (internal, outsourced, or hybrid)
• Implement third-party and supply chain security assurance, including periodic reviews
• Act as the senior cyber advisor to the executive leadership, operating with authority and credibility

Opportunity to define cyber and information security from the foundation.Long term mandate focused on building capability, not firefighting optics

• 15+ years in cyber / information security, with 5+ years at senior leadership level
• Demonstrated experience entering low maturity or fragmented environments and building security foundations from first principles
• Track record of establishing governance, policies, operating models, and controls in greenfield or turnaround contexts
• Background in highly regulated, compliance led organisations with mature operating standards
• Experience operating across international, multi country environments and regulatory regimes
• Exposure to asset heavy or operational sectors (infrastructure, rail, oil & gas, manufacturing, aerospace)
• Clear understanding of OT environments and operational risk context
• Experience across OT/IoT security, cloud security, SOC operations, and enterprise cyber risk management
• Relevant IT degree and/or recognised security certifications

An established large organisation.

• Senior level mandate to build the cyber and information security function from first principles
• Opportunity to work closely with the CIO and senior leadership in shaping foundational IT capability

Skills Required