Head of Cyber Security Risk

The Head of Cyber Security Risk will lead the strategic direction and operational execution of cyber risk management across CRH International. This role is critical to ensuring the protection of digital assets, operational resilience, and regulatory compliance across diverse global operations.

As a key member of the CRH International Technology Leadership Team, reporting directly to the International CIO, the role will influence enterprise-wide decisions on cyber risk, resilience, and cyber transformation, while working closely with CRH Group functions.

The successful candidate will bring a proven track record of applying real-world, pragmatic approaches to cyber risk, striking a balance between strategic oversight and hands-on delivery. They will drive technical enhancements and measurable risk reduction across CRH’s international operating companies, while working seamlessly across both technical and business teams.

This role requires a leader who can balance diverse stakeholder expectations, navigate ambiguity, simplify and clarify direction, and drive continuous improvement across CRH International’s cyber posture.

• Define and lead a collaborative cyber risk strategy aligned with CRH International’s business and digital transformation goals.
• Establish governance and processes to manage cyber risk across CRH International business units, operating companies and central teams and functions.
• Integrate cyber risk thinking and outcomes into CRH International’s risk management and strategic planning processes.
• Drive continued improvement in all areas of cyber risk across the division, leading the existing team, and collaborating with Operating Companies.
• Apply practical, business-aligned approaches to identifying, assessing, and prioritising cyber risks.
• Prioritise and implement risk-based controls and mitigation strategies that reflect operational realities and business constraints.
• Balance competing demands and priorities, while ensuring overall enhancements and progress aligned to the Divisional strategic objectives and roadmaps.

• Drive the transformation of cyber risk capabilities across CRH’s international operating companies, moving from theory to transformative impact and outcomes.
• Lead the deployment of security roadmaps, technologies and automation to enhance detection, response, and resilience services in place today.
• Define central priorities, outcomes, roadmap and operational security metrics, capabilities and services.
• Oversee the evolution of GRC platforms, threat intelligence, and incident response capabilities to support improved reporting across CRH International.

• Work to ensure alignment and co-development of Group cyber security requirements (e.g. Policies, Standards, and Strategic Direction), while ensuring divisional balance.
• Work collaboratively with members of the existing Risk & Internal Control, Technology Operations, Technology Driven Transformation, Internal Audit and central Cyber team to achieve joint wins and outcomes.
• Work closely with IT, OT, product, and commercial teams to embed cyber risk management into business processes and technology platforms.
• Foster a culture of shared accountability for cyber risk across technical and non-technical stakeholders.
• Ensure cyber risk initiatives support CRH’s customer-centric approach and operational excellence.

• Serve as the key owner and be accountable for cyber security risk for CRH International, working closely with the CRH International CIO, senior leadership, and relevant stakeholder committees on cyber risk matters.
• Balance competing stakeholder expectations while maintaining focus on long-term risk reduction and resilience.
• Communicate effectively across all levels of the organisation, translating technical risk into business language, with simple common-sense action plans and implementation approaches.

• Operate effectively in complex, ambiguous environments where risk is evolving and information may be incomplete.
• Lead initiatives that improve CRH’s overall cyber posture, maturity, and readiness across international operations.
• Promote a proactive, forward-looking approach to cyber risk that supports innovation and business agility, in environments with competing priorities.

You possess the following:

• Understanding of standards and frameworks such as ISO 27001, NIST, NIS, PCI DSS, etc., with the ability to prioritise, and implement practical risk-based reduction initiatives.
• Demonstrated success in leading cyber risk transformation and delivering real-world solutions to complex risk challenges.
• Strong stakeholder management and communication skills at executive and technical levels.

• 10+ years in cyber security, risk management, or IT leadership roles within global enterprises.
• Experience in leading teams, delivering year-on-year transformation across central, regional and local teams and environments.
• Experience in leading security transformation in a leading Industrial organisation.
• Experience of working in a federated organisation, with an ability to “find a way”.

• Further education, development and ongoing training as part of career.