Own and lead Smiths Detectionâs enterprise cybersecurity posture through separation and into steady-state operations.
Establish an effective security operating model (internal + vendors), reduce cyber risk, and ensure security is embedded into technology delivery and day-to-day operations.
This is a hybrid role, Hemel Hempstead, Hertfordshire as the office location.
Duties:
- Cyber strategy & operating model: define and execute the Detection cybersecurity strategy aligned to business priorities and the separation roadmap; establish âDay 1 secureâ and âDay 100 independentâ outcomes.
- Security operations & incident response: lead Detectionâs incident management, response readiness, and crisis communications; ensure effective monitoring and detection via SOC/MDR partners; maintain playbooks and conduct exercises.
- Threat & vulnerability management: run vulnerability management across endpoints, servers, network and cloud; coordinate remediation with IT and product/engineering stakeholders; track risk exceptions.
- Identity & access security (with IT Ops/IAM): ensure strong IAM controls (MFA/SSO, privileged access, joiner/mover/leaver governance) and access reviews.
- Security architecture & engineering partnership: define security patterns/standards; partner with Enterprise Architecture and Solution Architects to approve designs; ensure security is built into programmes.
- Third-party and supplier security: oversee security requirements for vendors, including separation suppliers and managed services; assure contractual controls and evidence.
- Security metrics & reporting: build meaningful KPI/KRI reporting (risk posture, patch/vuln SLAs, incident trends, control health) for CIO, leadership, and (where required) customers/auditors.
- Security awareness & culture: drive practical security behaviours and training, tailored to Detectionâs environment