Cookie Notice Chief Information Security Officer Title: Chief Information Security Officer Company: Ipsen Pharma (SAS) About Ipsen: Ipsen is a mid-sized global biopharmaceutical company with a focus on transformative medicines in three therapeutic areas: Oncology, Rare Disease and Neuroscience. Supported by nearly 100 years of development experience, with global hubs in the U.S., France and the U.K, we tackle areas of high unmet medical need through research and innovation. Our passionate teams in more than 40 countries are focused on what matters and endeavor every day to bring medicines to patients in 88 countries. We build a workplace that champions human-centric leadership and fosters a culture of collaboration, excellence and impact. At Ipsen, every individual is empowered to be their true selves, grow and thrive alongside the company's success. Join us on our journey towards sustainable growth, creating real impact on patients and society!For more information, visit us at and follow our latest news on and . Job Description: The Chief Information Security Officer (CISO) is a strategic executive responsible for protecting the company's physical, digital, and intellectual assets. In a pharmaceutical context, this includes safeguarding sensitive R&D data, clinical trial information, patient privacy, and proprietary technologies. The CISO leads the development and execution of a comprehensive security strategy encompassing cybersecurity, regulatory compliance, physical security, and internal investigations. This role includes building and managing a multidisciplinary security and investigations team, ensuring alignment with business goals and regulatory requirements. WHAT - Main Responsibilities & Technical Competencies Strategic Leadership Develop and execute a forward-looking security strategy aligned with corporate objectives and industry trends. Advise executive leadership and the board on risk posture, threat landscape, and investment priorities. Lead cross-functional initiatives to embed security into digital transformation, innovation, and operational excellence. Establish KPIs and performance metrics to measure and improve security effectiveness. Cybersecurity & IT Security Oversee the design and implementation of cybersecurity architecture and controls. Ensure protection of IT infrastructure, cloud environments, and sensitive data. Lead incident response, threat intelligence, and vulnerability management programs. Maintain compliance with global standards (e.g., ISO 27001, NIST, GDPR, HIPAA). Governance, Risk & Compliance Develop and enforce enterprise-wide security policies and procedures. In alignment with the business ethics team, ensure compliance with pharmaceutical regulations (e.g., FDA, EMA, GxP). Conduct risk assessments, internal audits, and third-party security evaluations. Report regularly to senior leadership on risk mitigation and compliance status. Investigations & Incident Management Establish and lead an internal investigations function to address security breaches, misconduct, and regulatory violations. Build and manage a team of investigators and analysts with expertise in digital forensics, compliance, and legal coordination. Collaborate with HR, Legal, and external agencies on sensitive investigations and disciplinary actions. Ensure thorough documentation, reporting, and resolution of incidents in line with legal and regulatory standards. Fraud Management Develop and implement a fraud prevention and detection framework across the organization. Lead investigations into suspected fraud, misconduct, and financial irregularities. Collaborate with Finance, Legal, and Compliance to ensure timely resolution and reporting of fraud cases. Maintain a whistleblower program and ensure confidentiality and integrity in handling reports. Monitor fraud trends and proactively adjust controls and training programs. Team Management & Development Build and lead a multidisciplinary security team (cybersecurity, physical security, investigations, risk management). Define roles, responsibilities, and career development paths for team members. Foster a culture of accountability, agility, and continuous learning. Manage vendor relationships and external consultants as needed. Physical & Operational Security Oversee facility security, access control, and surveillance systems. Coordinate with facilities and operations on emergency preparedness and response. Develop and test business continuity and disaster recovery plans. Stakeholder Engagement Partner with various functions & business leaders including Legal, Regulatory Affairs, R&D, and Medical Affairs to align security with business needs. Lead security awareness and training programs across the organization. Represent the company in external forums, industry groups, and regulatory engagements. HOW - Knowledge & Experience Skills: Technical depth in cybersecurity and investigations Leadership and team development Fraud detection and prevention expertise Regulatory and compliance acumen Communication and stakeholder management Crisis and incident responseKnowledge & Experience: 15+ years of experience in security leadership, preferably in pharma or life sciences. Proven track record in strategic planning, investigations, fraud management, and team leadership. Certifications such as CISSP, CISM, CISA, CRISC, or CFE (Certified Fraud Examiner) are highly desirable. Strong understanding of regulatory environments and risk management frameworks.Education / Certifications : Bachelor's or Master's degree in Information Security, Computer Science, or related field.Language(s) : Fluency in English. Knowledge of European language is a plus for global roles.Nous nous engageons à créer un lieu de travail où chacun se sent écouté, valorisé et soutenu, où nous incarnons " The Real Us ". La valeur que nous accordons aux différentes perspectives et expériences motive notre engagement en faveur de l'inclusion et de l'égalité des chances. Lorsque nous intégrons des modes de pensée diversifiés, nous prenons des décisions plus réfléchies et découvrons des solutions plus innovantes. Ensemble, nous nous efforçons de mieux comprendre les communautés que nous servons. Cela signifie que nous voulons également vous aider à donner le meilleur de vous-même lorsque vous postulez à un poste chez nous. Si vous avez besoin d'aménagements ou d'aide pendant le processus de candidature, veuillez en informer l'équipe de recrutement. Ces informations seront traitées avec soin et n'auront aucune incidence sur le résultat de votre candidature. Soyons nous-même Get In TouchIntroduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match.
Apr 04, 2026
Full time
Cookie Notice Chief Information Security Officer Title: Chief Information Security Officer Company: Ipsen Pharma (SAS) About Ipsen: Ipsen is a mid-sized global biopharmaceutical company with a focus on transformative medicines in three therapeutic areas: Oncology, Rare Disease and Neuroscience. Supported by nearly 100 years of development experience, with global hubs in the U.S., France and the U.K, we tackle areas of high unmet medical need through research and innovation. Our passionate teams in more than 40 countries are focused on what matters and endeavor every day to bring medicines to patients in 88 countries. We build a workplace that champions human-centric leadership and fosters a culture of collaboration, excellence and impact. At Ipsen, every individual is empowered to be their true selves, grow and thrive alongside the company's success. Join us on our journey towards sustainable growth, creating real impact on patients and society!For more information, visit us at and follow our latest news on and . Job Description: The Chief Information Security Officer (CISO) is a strategic executive responsible for protecting the company's physical, digital, and intellectual assets. In a pharmaceutical context, this includes safeguarding sensitive R&D data, clinical trial information, patient privacy, and proprietary technologies. The CISO leads the development and execution of a comprehensive security strategy encompassing cybersecurity, regulatory compliance, physical security, and internal investigations. This role includes building and managing a multidisciplinary security and investigations team, ensuring alignment with business goals and regulatory requirements. WHAT - Main Responsibilities & Technical Competencies Strategic Leadership Develop and execute a forward-looking security strategy aligned with corporate objectives and industry trends. Advise executive leadership and the board on risk posture, threat landscape, and investment priorities. Lead cross-functional initiatives to embed security into digital transformation, innovation, and operational excellence. Establish KPIs and performance metrics to measure and improve security effectiveness. Cybersecurity & IT Security Oversee the design and implementation of cybersecurity architecture and controls. Ensure protection of IT infrastructure, cloud environments, and sensitive data. Lead incident response, threat intelligence, and vulnerability management programs. Maintain compliance with global standards (e.g., ISO 27001, NIST, GDPR, HIPAA). Governance, Risk & Compliance Develop and enforce enterprise-wide security policies and procedures. In alignment with the business ethics team, ensure compliance with pharmaceutical regulations (e.g., FDA, EMA, GxP). Conduct risk assessments, internal audits, and third-party security evaluations. Report regularly to senior leadership on risk mitigation and compliance status. Investigations & Incident Management Establish and lead an internal investigations function to address security breaches, misconduct, and regulatory violations. Build and manage a team of investigators and analysts with expertise in digital forensics, compliance, and legal coordination. Collaborate with HR, Legal, and external agencies on sensitive investigations and disciplinary actions. Ensure thorough documentation, reporting, and resolution of incidents in line with legal and regulatory standards. Fraud Management Develop and implement a fraud prevention and detection framework across the organization. Lead investigations into suspected fraud, misconduct, and financial irregularities. Collaborate with Finance, Legal, and Compliance to ensure timely resolution and reporting of fraud cases. Maintain a whistleblower program and ensure confidentiality and integrity in handling reports. Monitor fraud trends and proactively adjust controls and training programs. Team Management & Development Build and lead a multidisciplinary security team (cybersecurity, physical security, investigations, risk management). Define roles, responsibilities, and career development paths for team members. Foster a culture of accountability, agility, and continuous learning. Manage vendor relationships and external consultants as needed. Physical & Operational Security Oversee facility security, access control, and surveillance systems. Coordinate with facilities and operations on emergency preparedness and response. Develop and test business continuity and disaster recovery plans. Stakeholder Engagement Partner with various functions & business leaders including Legal, Regulatory Affairs, R&D, and Medical Affairs to align security with business needs. Lead security awareness and training programs across the organization. Represent the company in external forums, industry groups, and regulatory engagements. HOW - Knowledge & Experience Skills: Technical depth in cybersecurity and investigations Leadership and team development Fraud detection and prevention expertise Regulatory and compliance acumen Communication and stakeholder management Crisis and incident responseKnowledge & Experience: 15+ years of experience in security leadership, preferably in pharma or life sciences. Proven track record in strategic planning, investigations, fraud management, and team leadership. Certifications such as CISSP, CISM, CISA, CRISC, or CFE (Certified Fraud Examiner) are highly desirable. Strong understanding of regulatory environments and risk management frameworks.Education / Certifications : Bachelor's or Master's degree in Information Security, Computer Science, or related field.Language(s) : Fluency in English. Knowledge of European language is a plus for global roles.Nous nous engageons à créer un lieu de travail où chacun se sent écouté, valorisé et soutenu, où nous incarnons " The Real Us ". La valeur que nous accordons aux différentes perspectives et expériences motive notre engagement en faveur de l'inclusion et de l'égalité des chances. Lorsque nous intégrons des modes de pensée diversifiés, nous prenons des décisions plus réfléchies et découvrons des solutions plus innovantes. Ensemble, nous nous efforçons de mieux comprendre les communautés que nous servons. Cela signifie que nous voulons également vous aider à donner le meilleur de vous-même lorsque vous postulez à un poste chez nous. Si vous avez besoin d'aménagements ou d'aide pendant le processus de candidature, veuillez en informer l'équipe de recrutement. Ces informations seront traitées avec soin et n'auront aucune incidence sur le résultat de votre candidature. Soyons nous-même Get In TouchIntroduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match.
This role has a starting salary of £70,975 per annum, for working 36 hours per week. We are excited to be recruiting a Chief Information Security Officer to join our fantastic team based at Woodhatch Place in Reigate. We offer a hybrid working model with a minimum of two office days per week. Our Offer to You 26 days' holiday, rising to 28 days after 2 years' service and 31 days after 5 years' service (prorated for part time staff) Option to buy up to 10 days of additional annual leave A generous local government salary related pension Up to 5 days of carer's leave and 2 paid volunteering days per year Paternity, adoption and dependents leave An Employee Assistance Programme (EAP) to support health and wellbeing Learning and development hub where you can access a wealth of resources Wellbeing and lifestyle discounts including gym, travel, and shoppingA chance to make a real difference to the lives of our residents. About the Role In this senior leadership role, you will own and drive cyber security strategy, governance and operational resilience across Surrey County Council's complex hybrid environment. Your typical week will include: Leading cyber risk management, governance forums and assurance activity across IT&D, ensuring risks are identified, assessed and clearly reported to senior stakeholders. Overseeing incident preparedness and live response, including coordination with suppliers, IT operations and information governance. Providing expert direction on security technologies, control effectiveness, logging/monitoring, and vulnerability management priorities. Setting clear security expectations and driving cultural change across service owners, technical teams and leadership groups. Developing and maintaining cyber policies, standards and evidence based reporting. This is a hands-on leadership role where strategic thinking and operational decision-making are equally important. You will hold line management responsibility for the cyber security function, including analysts or virtual team members through matrix management, and provide leadership and direction across IT&D and supplier teams. Within your first 12-18 months, you will be expected to lead or significantly contribute to: Delivery of a refreshed cyber security strategy and multi year improvement roadmap Establishment of strengthened cyber governance, including improved reporting, risk tracking and decision making structures Implementation of a formal cyber exercising programme (tabletop and technical) across IT&D, information governance and key suppliers Measurable improvements in vulnerability management, logging/monitoring coverage and supplier assurance Significant uplift in incident response maturity, including documentation of playbooks, interfaces and recovery expectations. This role is central to strengthening the resilience of essential public services. You will directly shape the council's ability to manage and reduce cyber risk, influence technology and service design decisions, and embed a cyber aware culture across one of the UK's largest local government environments. With a dedicated investment programme to drive security improvements, you will have a significant opportunity to transform how the organisation protects its people, data and systems. Your Application In order to be considered for shortlisting, your application will clearly evidence the following skills and align with our behaviours: Significant senior cyber security leadership experience in a complex organisation Strong capability to operate strategically and hands on, delivering measurable security improvements Deep understanding of cyber risk management, governance and assurance frameworks Proven experience leading cyber incidents, including response coordination and exercising Excellent communication and stakeholder influence skills across technical and non technical groups Familiarity with NCSC aligned approaches and/or frameworks such as NIST CSF Relevant professional qualifications such as CISSP or CISM To apply, we request that you submit a CV and you will be asked the following 4 questions: What steps would you take in your first few months to understand our cyber risks and priorities? Can you describe a complex cyber incident you have led, including how you coordinated the response and what improvements were implemented afterwards? How do you balance strategic cyber security planning with hands on delivery to ensure both long term resilience and quick, tactical gains? Which cyber security governance or risk management frameworks (e.g., NCSC CAF, NIST CSF) have you implemented, and how have they influenced decision making and assurance in your previous organisations? The job advert closes at 23:59 on 12/04/2026 with interviews planned shortly afterwards. Local Government Reorganisation (LGR) Surrey County Council is undergoing Local Government Reorganisation, moving from a two-tier system to two new unitary councils in April 2027. If you are employed by Surrey on 1st April 2027, your role will transfer with current terms and conditions to one of the new organisations, supporting local devolution and greater powers for our communities. Join our dynamic team and shape the future of local government. Make a lasting impact with innovative solutions and improved services for our community. Help us build a brighter future for our residents! Our Commitment We are a disability confident employer which means if you have shared a disability on your application form and have evidenced you meet the minimum criteria, we guarantee you an interview. Your skills and experience truly matter to us. From application to your first day, we're committed to supporting you with any adjustments you need, we value inclusion and warmly welcome you to join and help build a workplace where everyone be
Apr 02, 2026
Full time
This role has a starting salary of £70,975 per annum, for working 36 hours per week. We are excited to be recruiting a Chief Information Security Officer to join our fantastic team based at Woodhatch Place in Reigate. We offer a hybrid working model with a minimum of two office days per week. Our Offer to You 26 days' holiday, rising to 28 days after 2 years' service and 31 days after 5 years' service (prorated for part time staff) Option to buy up to 10 days of additional annual leave A generous local government salary related pension Up to 5 days of carer's leave and 2 paid volunteering days per year Paternity, adoption and dependents leave An Employee Assistance Programme (EAP) to support health and wellbeing Learning and development hub where you can access a wealth of resources Wellbeing and lifestyle discounts including gym, travel, and shoppingA chance to make a real difference to the lives of our residents. About the Role In this senior leadership role, you will own and drive cyber security strategy, governance and operational resilience across Surrey County Council's complex hybrid environment. Your typical week will include: Leading cyber risk management, governance forums and assurance activity across IT&D, ensuring risks are identified, assessed and clearly reported to senior stakeholders. Overseeing incident preparedness and live response, including coordination with suppliers, IT operations and information governance. Providing expert direction on security technologies, control effectiveness, logging/monitoring, and vulnerability management priorities. Setting clear security expectations and driving cultural change across service owners, technical teams and leadership groups. Developing and maintaining cyber policies, standards and evidence based reporting. This is a hands-on leadership role where strategic thinking and operational decision-making are equally important. You will hold line management responsibility for the cyber security function, including analysts or virtual team members through matrix management, and provide leadership and direction across IT&D and supplier teams. Within your first 12-18 months, you will be expected to lead or significantly contribute to: Delivery of a refreshed cyber security strategy and multi year improvement roadmap Establishment of strengthened cyber governance, including improved reporting, risk tracking and decision making structures Implementation of a formal cyber exercising programme (tabletop and technical) across IT&D, information governance and key suppliers Measurable improvements in vulnerability management, logging/monitoring coverage and supplier assurance Significant uplift in incident response maturity, including documentation of playbooks, interfaces and recovery expectations. This role is central to strengthening the resilience of essential public services. You will directly shape the council's ability to manage and reduce cyber risk, influence technology and service design decisions, and embed a cyber aware culture across one of the UK's largest local government environments. With a dedicated investment programme to drive security improvements, you will have a significant opportunity to transform how the organisation protects its people, data and systems. Your Application In order to be considered for shortlisting, your application will clearly evidence the following skills and align with our behaviours: Significant senior cyber security leadership experience in a complex organisation Strong capability to operate strategically and hands on, delivering measurable security improvements Deep understanding of cyber risk management, governance and assurance frameworks Proven experience leading cyber incidents, including response coordination and exercising Excellent communication and stakeholder influence skills across technical and non technical groups Familiarity with NCSC aligned approaches and/or frameworks such as NIST CSF Relevant professional qualifications such as CISSP or CISM To apply, we request that you submit a CV and you will be asked the following 4 questions: What steps would you take in your first few months to understand our cyber risks and priorities? Can you describe a complex cyber incident you have led, including how you coordinated the response and what improvements were implemented afterwards? How do you balance strategic cyber security planning with hands on delivery to ensure both long term resilience and quick, tactical gains? Which cyber security governance or risk management frameworks (e.g., NCSC CAF, NIST CSF) have you implemented, and how have they influenced decision making and assurance in your previous organisations? The job advert closes at 23:59 on 12/04/2026 with interviews planned shortly afterwards. Local Government Reorganisation (LGR) Surrey County Council is undergoing Local Government Reorganisation, moving from a two-tier system to two new unitary councils in April 2027. If you are employed by Surrey on 1st April 2027, your role will transfer with current terms and conditions to one of the new organisations, supporting local devolution and greater powers for our communities. Join our dynamic team and shape the future of local government. Make a lasting impact with innovative solutions and improved services for our community. Help us build a brighter future for our residents! Our Commitment We are a disability confident employer which means if you have shared a disability on your application form and have evidenced you meet the minimum criteria, we guarantee you an interview. Your skills and experience truly matter to us. From application to your first day, we're committed to supporting you with any adjustments you need, we value inclusion and warmly welcome you to join and help build a workplace where everyone be
About the role This is a fantastic opportunity to join Southern Water's Cyber Risk & Assurance team, the organisation's second line of defence within the wider Cyber Security function. As a Cyber Risk & Assurance Analyst, you'll play a central role in helping the business understand, manage and reduce cyber risk across critical operations. You'll be responsible for developing and improving cyber risk insights in your area of specialism, driving process and tooling enhancements, and supporting stakeholders across Technology, Legal and the wider business. This is a role for someone who enjoys tackling complex problems, breaking them down into actionable solutions, and collaborating with a wide range of experts. You'll also act as a trusted advisor helping colleagues understand cyber threats, risks and controls, and supporting the wider team in embedding strong cyber risk management practices across Southern Water. What you will be responsible for: You will conduct complex cyber risk assessments, strengthen key controls, deliver clear risk insights, and drive improvements across cyber domains - all while building collaborative relationships across Technology, Security, Legal and the business. Key Responsibilities Maintain an up-to-date understanding of the cyber threat landscape, relevant regulations (including NIS1/NIS2 and GDPR), and emerging risks. Lead, plan and perform complex cyber risk assessments aligned to industry-recognised frameworks, testing the design and effectiveness of cyber controls. Produce high-quality risk assessment reports with clear, actionable conclusions that support timely risk-based decision-making. Identify and deliver improvements across domains such as identity & access management, application security, endpoint security, and network security. Work closely with stakeholders across Security, Technology, Legal, Internal Audit and the wider business to assess control gaps, prioritise remediation actions and track progress to completion. Build strong working relationships across teams to influence, support and strengthen cyber risk management practices. Drive process improvements and enhancements across the Cyber Risk & Assurance function. Additional requirements specific to the role Will work closely with both technical teams and non-technical stakeholders, requiring an ability to communicate complex concepts clearly. Must be comfortable operating in an environment with regulatory, operational and cyber security obligations. Occasional engagement with internal or external audit teams may be required. What you'll bring to the role: Essential Degree-level education or equivalent experience. Strong knowledge of cyber security and information security control best practice. Proven experience in cyber security, risk management or security assessment (10+ years, or advanced degree with 8+ years). In-depth understanding of key frameworks such as NIST (800-37, 800-30, 800-53), ISO 27001/27005, SOC 2, PCI or MITRE ATT&CK. Solid understanding of cloud models, application security, vulnerability and patch management. Experience in regulated and/or unionised environments. Excellent communication skills with the ability to simplify complex findings for senior management. Strong attention to detail and a proactive, positive, innovative mindset. Desirable GRC or security certifications (e.g., CISSP, CISM, CRISC, CISA, GCFE, GSEC, CCSP). Experience with cyber risk modelling (e.g., CyberCube, RMS, Cyence). Hands-on experience with frameworks such as ISO 27001, NIST CSF, NCSC CAF or CIS Controls. Understanding of ICS/OT environments. Southern Water is at the forefront of transforming Britain's water industry, investing significantly to enhance resilience, sustainability, and service excellence. With £7.8bn planned investment for 2025-30, this is an unparalleled opportunity to join a business committed to delivering a generational shift in the way water services are managed. You will be joining at a time of significant change, working alongside a highly skilled leadership team with a clear vision for the future. We offer an environment where senior professionals can make a meaningful impact, influence major strategic decisions, and drive long-term value creation . At Southern Water, we believe diverse perspectives drive innovation. If you're passionate about making a positive impact and think you can bring value to our team, we'd love to hear from you-even if you don't tick every box. Your unique skills and experiences could be exactly what we need. Our Commitment to Diversity We welcome applicants from all backgrounds, identities, and experiences. We do not discriminate based on race, ethnicity, gender, sexual orientation, age, disability, religion, or any other protected characteristic. If you need reasonable adjustments during the recruitment process, please let us know. Additional information: In line with Southern Water's security requirements, successful candidates will be required to provide evidence of their identity, eligibility to work in the UK, criminal record check (DBS) and verification of their employment and/or education history for the past three years. Appointment to this role is subject to the successful completion of all preemployment checks, including security vetting. Please note that if a candidate does not meet the required security standards or fails to pass the vetting process, Southern Water reserves the right to withdraw the offer of employment. Some positions may also require higher levels of security vetting, which may involve providing additional documentation.
Apr 01, 2026
Full time
About the role This is a fantastic opportunity to join Southern Water's Cyber Risk & Assurance team, the organisation's second line of defence within the wider Cyber Security function. As a Cyber Risk & Assurance Analyst, you'll play a central role in helping the business understand, manage and reduce cyber risk across critical operations. You'll be responsible for developing and improving cyber risk insights in your area of specialism, driving process and tooling enhancements, and supporting stakeholders across Technology, Legal and the wider business. This is a role for someone who enjoys tackling complex problems, breaking them down into actionable solutions, and collaborating with a wide range of experts. You'll also act as a trusted advisor helping colleagues understand cyber threats, risks and controls, and supporting the wider team in embedding strong cyber risk management practices across Southern Water. What you will be responsible for: You will conduct complex cyber risk assessments, strengthen key controls, deliver clear risk insights, and drive improvements across cyber domains - all while building collaborative relationships across Technology, Security, Legal and the business. Key Responsibilities Maintain an up-to-date understanding of the cyber threat landscape, relevant regulations (including NIS1/NIS2 and GDPR), and emerging risks. Lead, plan and perform complex cyber risk assessments aligned to industry-recognised frameworks, testing the design and effectiveness of cyber controls. Produce high-quality risk assessment reports with clear, actionable conclusions that support timely risk-based decision-making. Identify and deliver improvements across domains such as identity & access management, application security, endpoint security, and network security. Work closely with stakeholders across Security, Technology, Legal, Internal Audit and the wider business to assess control gaps, prioritise remediation actions and track progress to completion. Build strong working relationships across teams to influence, support and strengthen cyber risk management practices. Drive process improvements and enhancements across the Cyber Risk & Assurance function. Additional requirements specific to the role Will work closely with both technical teams and non-technical stakeholders, requiring an ability to communicate complex concepts clearly. Must be comfortable operating in an environment with regulatory, operational and cyber security obligations. Occasional engagement with internal or external audit teams may be required. What you'll bring to the role: Essential Degree-level education or equivalent experience. Strong knowledge of cyber security and information security control best practice. Proven experience in cyber security, risk management or security assessment (10+ years, or advanced degree with 8+ years). In-depth understanding of key frameworks such as NIST (800-37, 800-30, 800-53), ISO 27001/27005, SOC 2, PCI or MITRE ATT&CK. Solid understanding of cloud models, application security, vulnerability and patch management. Experience in regulated and/or unionised environments. Excellent communication skills with the ability to simplify complex findings for senior management. Strong attention to detail and a proactive, positive, innovative mindset. Desirable GRC or security certifications (e.g., CISSP, CISM, CRISC, CISA, GCFE, GSEC, CCSP). Experience with cyber risk modelling (e.g., CyberCube, RMS, Cyence). Hands-on experience with frameworks such as ISO 27001, NIST CSF, NCSC CAF or CIS Controls. Understanding of ICS/OT environments. Southern Water is at the forefront of transforming Britain's water industry, investing significantly to enhance resilience, sustainability, and service excellence. With £7.8bn planned investment for 2025-30, this is an unparalleled opportunity to join a business committed to delivering a generational shift in the way water services are managed. You will be joining at a time of significant change, working alongside a highly skilled leadership team with a clear vision for the future. We offer an environment where senior professionals can make a meaningful impact, influence major strategic decisions, and drive long-term value creation . At Southern Water, we believe diverse perspectives drive innovation. If you're passionate about making a positive impact and think you can bring value to our team, we'd love to hear from you-even if you don't tick every box. Your unique skills and experiences could be exactly what we need. Our Commitment to Diversity We welcome applicants from all backgrounds, identities, and experiences. We do not discriminate based on race, ethnicity, gender, sexual orientation, age, disability, religion, or any other protected characteristic. If you need reasonable adjustments during the recruitment process, please let us know. Additional information: In line with Southern Water's security requirements, successful candidates will be required to provide evidence of their identity, eligibility to work in the UK, criminal record check (DBS) and verification of their employment and/or education history for the past three years. Appointment to this role is subject to the successful completion of all preemployment checks, including security vetting. Please note that if a candidate does not meet the required security standards or fails to pass the vetting process, Southern Water reserves the right to withdraw the offer of employment. Some positions may also require higher levels of security vetting, which may involve providing additional documentation.
