Location : Birmingham, Leeds, London
Hybrid Working
We are looking for a senior IT security leader to define, implement and assure our information and cyber security posture across the firm. This is a new leadership role with broad responsibility for security strategy, standards, controls and services, operating at a level aligned to CISO capability.
You will lead a proactive, risk-based approach to security, ensuring it is embedded into technology design, delivery and operations. Working closely with Governance & Risk, Architecture & Data, Platforms and Operations, you will help protect the firm against evolving threats while enabling secure innovation and service delivery.
You will take ownership of the firm’s IT security approach, including:
- Defining and implementing security strategy, standards and controls aligned to ISO27001, Cyber Essentials Plus and the firm’s wider data, AI and innovation strategies.
- Overseeing security operations, monitoring, detection and response across areas such as SOC, SIEM, XDR, vulnerability management and incident response.
- Embedding security by design into projects, change and solution architecture, including identity, endpoint, cloud, network, email and secure remote access controls.
- Working with Governance & Risk to maintain and improve the ISMS, support audits and ensure regulatory and client expectations are met.
- Providing clear reporting on security posture, risks, incidents and improvement plans to technical and non-technical stakeholders.
- Promoting a strong security culture through awareness, training and practical guidance on secure behaviours.
We are looking for someone who combines senior security expertise with pragmatic leadership and strong stakeholder engagement. You will bring:
- Senior IT security leadership experience, ideally with exposure to CISO-level responsibilities.
- Strong knowledge of security operations, identity and access management, cloud and network security, endpoint protection, email security and modern models such as Zero Trust / ZTNA.
- Experience working with ISO27001, Cyber Essentials Plus and recognised security frameworks such as CIS Controls or NIST.
- The ability to translate risk and compliance requirements into practical controls, services and improvement plans.
- Experience managing teams, vendors and managed security services, ideally in a SaaS-focused professional services environment.
- Clear communication skills, with the confidence to explain complex security topics to senior stakeholders, technical teams and external parties.
- A pragmatic, outcome-focused and forward-looking approach, with the resilience to work effectively under pressure.
This is an opportunity to shape a new senior security leadership role at a firm where technology, data and innovation are central to how we support our clients and our people. You will have the scope to influence strategy, strengthen resilience and help build secure, modern services across the firm.
At Capsticks we value diversity and we are committed to creating an inclusive and supportive working environment where everyone is able to be themselves and reach their full potential. Capsticks is committed to providing equal opportunities for all and therefore we welcome the unique contributions that you can bring in terms of your education, background, culture, ethnicity, race, nationality, sex, sexual orientation, gender identity, age, disability, neurodiversity, religion and beliefs.
We will make reasonable adjustments to our application and interview process to ensure that you have the best chance of success. We understand that there's not a "one size fits all" approach to adjustments so our team will work with you individually to understand more about your requirements. If you have any questions please contact our Recruitment team on: ([email protected])