Senior Cyber Security Governance Manager

Senior Cyber Security Governance Manager required to lead and evolve enterprise-wide cyber governance within a large global organisation in Glasgow.

This is a senior role with responsibility for strengthening governance, risk oversight and control frameworks across a complex, international environment. The position sits within InfoSec (not IT), giving it true independence and strategic visibility across the business.

You'll play a key role in ensuring cyber security governance supports business growth, innovation and regulatory obligations particularly as the organisation continues to mature its security capability and explore emerging technologies such as AI.

Over the past three years, the organisation has significantly enhanced its cyber security maturity - strengthening frameworks, investing in tooling, and embedding better risk practices across the enterprise. That journey continues, with strong executive sponsorship and ongoing investment in governance and resilience.

Security is viewed as a strategic enabler, not just a compliance requirement. The InfoSec function operates globally, partnering with senior stakeholders across regions and business units to ensure consistent standards and effective risk management.

As the business explores greater use of AI and advanced technologies, there is a growing focus on ensuring appropriate governance, controls and risk frameworks are in place from the outset.

You will take ownership of cyber governance frameworks and oversight processes, ensuring they remain aligned to varying international standards and evolving regulatory expectations.

Leading and developing a skilled team, you'll set direction, establish priorities, and ensure consistent delivery of risk oversight, policy development, reporting and control assurance activities.

You'll work closely with regional stakeholders, Risk & Compliance, procurement and senior leadership to embed governance into business processes and strategic initiatives.

A key aspect of the role will be ensuring the organisation is well positioned to manage emerging risks, particularly those associated with AI adoption, helping define appropriate controls, risk assessment approaches and oversight mechanisms.

This role combines strategic thinking with practical execution. You'll influence at executive level while also driving measurable improvements in risk visibility, reporting and control effectiveness.

• Leading the ongoing evolution of the cyber governance framework to ensure it remains aligned with international standards and business priorities.
• Driving enterprise cyber risk oversight, ensuring risks are identified, assessed and clearly communicated to senior stakeholders globally.
• Embedding governance across global teams, creating consistency while accommodating regional regulatory requirements.
• Strengthening reporting and metrics, providing meaningful insight into security posture and maturity.
• Overseeing third party and supplier security risk, ensuring external partners meet required standards.
• Supporting secure innovation, particularly around AI initiatives, helping shape governance and control structures for emerging technologies.
• Championing continuous improvement, building on the significant progress made in recent years to further enhance security maturity.

• Proven experience in cyber security governance or enterprise security risk leadership within a complex environment.
• Strong knowledge of recognised frameworks such as ISO 2700 and NIST CSF.
• Ability to engage and influence senior global stakeholders, translating technical risk into business relevant insight.
• Experience assessing emerging risks, ideally including exposure to AI, data governance or advanced technologies.
• Professional certifications such as CISSP, CISM, CRISC or similar are desirable.
• A strategic mindset combined with practical delivery capability, comfortable operating at both executive and operational levels.

A competitive salary and benefits package is on offer, alongside hybrid working (typically 2 days per week in a modern city centre office.

This is an opportunity to join a global Information Security function at a pivotal stage in its maturity journey - influencing governance at scale, shaping how emerging risks and technologies are controlled, and playing a visible role in the organisation's continued evolution.

If this sounds of interest, please apply or reach out to Murray Simpson.