This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
Bibby Financial Services are growing, and we’re looking for a Head of Information Security & IT Risk to join our team. The Head of Information Security and IT Risk is responsible for leading the development and execution of the organisation’s information security and IT risk strategy. This includes ensuring the protection of systems, data, and operations against cyber threats and technology-related risks. The role oversees a team of specialists and works across IT, compliance, and business functions to embed robust security and risk practices. It ensures effective governance, continuous improvement, and alignment with regulatory requirements and enterprise risk frameworks.
Job Responsibility
Lead and develop the Information Security & IT Risk team
Identify, assess, and manage IT-related risks including security, operational, development, delivery, supplier, compliance, and strategic risks
Perform and support risk assessments for new systems, projects, and third-party vendors
Ensure compliance with relevant standards, regulations, and frameworks
Oversee the deployment and operation of security tools and technologies (e.g., firewalls, SIEM, endpoint protection, zero-trust technologies)
Manage penetration testing and other assurance activities, including remediation of findings
Lead incident response planning and investigation of security breaches, ensuring timely resolution and reporting
Act as the primary point of contact for all information security and IT risk matters
Provide regular reporting to senior and executive management on security posture and risk status
Promote a culture of security awareness and compliance across the organisation
Design and deliver security awareness training programmes for staff
Requirements
Proven experience in information security and IT risk management, preferably within financial services or other regulated industries
Strong leadership background, with experience managing and developing high-performing teams in complex environments
Deep understanding of cyber security principles, IT risk frameworks, and operational resilience practices
Demonstrated ability to design and implement security strategies, policies, and controls aligned with business and regulatory requirements
Hands-on experience with security technologies such as firewalls, SIEM, endpoint protection, and vulnerability management tools
Skilled in conducting risk assessments, managing IT risk registers, and overseeing assurance activities including penetration testing and incident response
Familiarity with relevant standards and frameworks (e.g. ISO 27001, NIST, COBIT, GDPR, DORA)
Strong stakeholder engagement skills, with the ability to influence and communicate effectively at C-level
Experience supporting internal and external audits, regulatory reviews, and cross-functional collaboration
Track record of promoting security awareness and embedding best practices across an organisation
What we offer
25 days’ holiday plus bank holidays, increasing with service, with buy/sell options
Performance Bonus
Hybrid working
Private healthcare for you and your family
Company pension scheme
Flexible benefits (gym membership, tech, health assessments and more)