Chief Information Security Officer

Domestic & General is a company with an ambitious future. We are expanding our horizons and entering new markets and we need your expertise to help make it happen. We are an international company who works with some of the worlds most respected and well-known brands of domestic appliances and electronic consumer goods. These opportunities don’t come around often, so this really is a position not to be missed.

About the role

The Chief Information Security Officer (CISO), is responsible for overseeing the development, implementation, and management of the company’s information security agenda. Working closely with executive leadership, Technology and Product teams, and other stakeholders, you will lead efforts to protect the organisation’s sensitive information, systems, and infrastructure from cyber threats and breaches. This role requires a strategic leader with extensive experience in information security management, risk assessment, and compliance within a complex corporate environment.

The role is delegate chair for the IT Security and Cyber Security Steering Committee a delegated body reporting into the Group Risk Committee (GRC) and then the Audit and Risk Committee (ARC).

The scope of the role includes:

Leadership:

• Provide leadership, management and vision to entire Security team and the business on security topics.
• Manage hiring, career plans, training as well as performance reviews for the team
• Provide employee coaching, mentoring, development and team building
• Help improve processes and handle resource contentions if any.
• Stakeholder Management:
• Excellent interpersonal skills to act as a single point of contact for senior stakeholders in relation to technology services
• Excellent communication skills with non-technical stakeholders to ensure that they understand the available technology services, and to promote financial awareness to deliver value-for-money
• Strong analytical and influencing skills to assess demand for services and ensure that the necessary investments are made to deliver required services
• Able to negotiate at senior level on technical and commercial issues, to ensure that customers, suppliers and other stakeholders understand and agree what will meet their needs, and that appropriate service level agreements are defined.

Policy Management:

• Able to provide leadership and management to the business on which policies we should have and the guidance they should offer to the business.
• Able to ensure that IT Security policies and procedures and working practices are fit for purpose and current and that they are actually being applied properly.

Supplier Management:

• Able to influence IT security policy and procedures covering the selection of suppliers, tendering and procurement, promoting good practice in third party management
• Well-developed commercial skills to identify and manage external partners, working with professionals in other departments (e.g. procurement, legal)
• Expert at the management and maintenance of the relationship with suppliers of planned and operational services.

Financial Management:

• Financial management expertise to monitor and manage IT security expenditure (including software licences, maintenance and other recurring expenditure), ensuring that financial targets are met and examining any areas where spend may exceed agreed budgets or varies significantly from previous forecasts
• Able to assist with the definition and operation of effective financial control and decision making, especially in the areas of cost models and the allocation and apportionment of those costs.

Responsibilities 

Strategic Planning: Develop and implement a comprehensive information security strategy aligned with business objectives, regulatory requirements, and industry best practices.

Risk Management: Identify, assess, and prioritize information security risks to the organization, and develop strategies to mitigate these risks effectively.

Security Assurance: Oversee the day-to-day assurance of information security activity, including incident response, threat detection, vulnerability management, and security monitoring. Day-to-day Security Operations are managed by Technology Operations so this role acts as a second line of defence.

Compliance: Ensure compliance with relevant laws, regulations, and standards (e.g., GDPR, ISO 27001) by implementing and maintaining appropriate controls and procedures relevant to each of the territories that D&G operates.

Security Architecture: Define and maintain the company’s security architecture, including network security, infrastructure security, and cloud security, to protect against evolving threats and ensure this aligns to best practices.

Security Education & Awareness: Promote a culture of security awareness and best practices throughout the organisation by providing training, education, and communication programs.

Vendor Assurance: Review critical third-party vendors and service providers to ensure the security of outsourced systems and services and the data they contain.

Incident Reviews: Lead the review of security incidents and breaches, coordinating with internal teams and external stakeholders to ensure any learnings are effectively applied.

Budget Management: Develop and manage the information security budget, ensuring that resources are allocated efficiently to support security initiatives and priorities.

Reporting: Provide regular reports and updates to executive leadership and the board of directors on the status of the information security program, key metrics, and emerging threats. Ensure the Security Operations Dashboard is maintained and kept up to date, both in terms of content and the KRIs that are relevant to the business.

We offer lots of great benefits! Some of which include:

• Competitive salary and annual discretionary bonus
• 25 days annual leave plus bank/public holidays, as well as an annual option to buy up to 5 additional days of annual leave
• Training opportunities as well as clearly defined career progression
• Health cash plan – employer funded cover to enable you to claim money back on essential healthcare costs, including dental, optical, physiotherapy and many more. Cover also includes unlimited access to a 24/7 virtual GP service
• Attractive company pension scheme
• Life assurance – employer funded cover of 4x basic salary
• Dedicated online benefit portal offering access to saving and lending facilities, financial wellbeing and support services
• Salary Finance – access to savings and borrowing through payroll
• Car Leasing – access to a carbon neutral salary sacrifice car leasing scheme, with an all-inclusive monthly cost covering all charge, taxes, insurance, repairs and maintenance on a range of brand new vehicles
• Travel Loans – interest free loans to help spread the cost of annual travel tickets
• Cycle to Work – tax efficient bike and cycling equipment worth up to £1,000
• Health & Wellbeing – discounted gym membership, online virtual workout sessions, online culinary classes
• OnHand – Giving you the opportunity to be an Eco & Social volunteer via a handy app. Volunteer individually or in groups to get involved in Youth Mentoring, Food Poverty, Homelessness & Elderly help
• Employee Assistance Programme – specialist advice and support on issues such as finance, relationships, illness and family issues
• Free Domestic & General protection plan – one free plan each year with access to discounted rates of up to 50% on additional plans, including referrals for family and friends
• Employee discounts – access to discounted Sky TV and broadband packages, together with a range of discounts for 100s of online and high street retailers

Domestic & General are an equal opportunities employer which means we treat people fairly. We welcome applications from all suitably skilled persons regardless of their gender, age, race, disability, ethnic background, religion/belief, sexual orientation, gender reassignment or marital/family status.

Please note that we have a thorough referencing process, which includes criminal record checks.

At Domestic & General, we are proud of our 100-year legacy and excited about our future growth plans. We are expanding our horizons, entering new markets and territories internationally and we need your expertise to help us on the journey.