Head of IT Security - Wembley

Location: Wembley - 5 days on-site

My client is looking to recruit a Head of IT Security to lead and shape their enterprise‑wide security function. This is a senior leadership role offering the opportunity to define security strategy, strengthen governance, and protect critical systems, data, and operations.

The Role:

As Head of Security, you will own the strategic and operational delivery of all information and cyber security activities. You'll develop and implement robust security policies, oversee incident response, and ensure compliance with GDPR, PCI DSS, ISO 27001, and Cyber Essentials Plus. You will be the single point of accountability for all security matters, reporting directly to the executive team and influencing critical business decisions.

Key Responsibilities:

• Develop, maintain, and deliver a 3-5 year Security Strategy and Roadmap covering technology, people, and processes.
• Embed security by design across projects, platforms, data flows, and product development.
• Lead enterprise-wide information, cyber, and data security governance.
• Define and implement security frameworks, policies, and operating models.
• Ensure compliance with GDPR, PCI DSS, Cyber Essentials Plus, and ISO/IEC 27001:2022 aligned practices.
• Lead Data Protection Impact Assessments (DPIAs), data mapping, classification, and retention programs.
• Oversee incident response, vulnerability management, patch compliance, and secure configuration baselines using SCCM, Ivanti, Intune, GPO, and Azure Defender.
• Drive SOC integration, threat intelligence, and monitoring to continuously improve detection and response capabilities.
• Manage hybrid environments, including Azure, AWS, Nutanix, and on‑premise infrastructure.
• Support SD‑WAN, cloud Firewalls, CASB, Zero Trust, and SASE architectures.
• Own enterprise security risk assessments, track key risk indicators (KRIs), and report on cyber maturity to executive leadership.
• Drive security culture through training, phishing simulations, and awareness programs.
• Partner with IT, Legal, HR, and business units to embed security in operations and service delivery.
• Provide security input for vendor assessments, third‑party risk, and M&A due diligence.

Candidate Profile:

• Proven senior leadership experience in information, cyber, or data security.
• CISSP, CISM, or CISA certified (or equivalent).
• Track record of delivering security programs aligned to ISO 27001, NIST, PCI DSS, and Cyber Essentials Plus.
• Hands‑on experience with cloud platforms (Azure, AWS), on‑premise networks, and hybrid architectures.
• Strong experience in Zero Trust security models.
• Experienced in security tooling selection and implementation.
• Deep understanding of data protection legislation, risk management frameworks, and compliance requirements.
• Exceptional leadership, stakeholder engagement, and influencing skills.

Location: London - 5 days on-site

Type: Permanent

My client is looking to recruit a Head of Cyber Security to lead and shape their enterprise‑wide security function. This is a senior leadership role offering the opportunity to define security strategy, strengthen governance, and protect critical systems, data, and operations.

The Role:

As Head of Security, you will own the strategic and operational delivery of all information and cyber security activities. You'll develop and implement robust security policies, oversee incident response, and ensure compliance with GDPR, PCI DSS, ISO 27001, and Cyber Essentials Plus. You will be the single point of accountability for all security matters, reporting directly to the executive team and influencing critical business decisions.

Key Responsibilities:

• Develop, maintain, and deliver a 3-5 year Security Strategy and Roadmap covering technology, people, and processes.
• Embed security by design across projects, platforms, data flows, and product development.
• Lead enterprise-wide information, cyber, and data security governance.
• Define and implement security frameworks, policies, and operating models.
• Ensure compliance with GDPR, PCI DSS, Cyber Essentials Plus, and ISO/IEC 27001:2022 aligned practices.
• Lead Data Protection Impact Assessments (DPIAs), data mapping, classification, and retention programs.
• Oversee incident response, vulnerability management, patch compliance, and secure configuration baselines using SCCM, Ivanti, Intune, GPO, and Azure Defender.
• Drive SOC integration, threat intelligence, and monitoring to continuously improve detection and response capabilities.
• Manage hybrid environments, including Azure, AWS, Nutanix, and on‑premise infrastructure.
• Support SD‑WAN, cloud firewalls, CASB, Zero Trust, and SASE architectures.
• Own enterprise security risk assessments, track key risk indicators (KRIs), and report on cyber maturity to executive leadership.
• Drive security culture through training, phishing simulations, and awareness programs.
• Partner with IT, Legal, HR, and business units to embed security in operations and service delivery.
• Provide security input for vendor assessments, third‑party risk, and M&A due diligence.

Candidate Profile:

• Proven senior leadership experience in information, cyber, or data security.
• CISSP, CISM, or CISA certified (or equivalent).
• Track record of delivering security programs aligned to ISO 27001, NIST, PCI DSS, and Cyber Essentials Plus.
• Hands‑on experience with cloud platforms (Azure, AWS), on‑premise networks, and hybrid architectures.
• Strong experience in Zero Trust security models.
• Experienced in security tooling selection and implementation.
• Deep understanding of data protection legislation, risk management frameworks, and compliance requirements.
• Exceptional leadership, stakeholder engagement, and influencing skills.

Head of Security and Fraud, GPS Client Connectivity

Brand: HSBC

Area of Interest: Commercial Banking

Location: London, GB, E14 5HQ

Work style: Hybrid Worker

Date: 24 Nov 2025

As an HSBC employee in the UK, you will have access to tailored professional development opportunities and a competitive pay and benefits package. This includes private healthcare for all UK‑based employees, enhanced maternity and adoption pay and support when you return to work, and a contributory pension scheme with a generous employer contribution.

We are currently seeking an experienced professional to join our team in the role of Head of Security and Fraud, GPS Client Connectivity. The base location for this role is London.

The Global Head of GPS Client Connectivity Security and Fraud will play a key role in developing and implementing a Fraud and Security strategy across the Global Payments Solutions (GPS Digital Channels) as well as implementation activities by influencing functional stakeholders, in incorporating Fraud and Cybersecurity controls in business initiative delivery under Agile ways of working.

Working closely with 2nd Line of Defence Fraud partners and Enterprise technology teams as well as the Wholesale Business teams, this role will also enable Wholesale Business Management to proactively identify, manage, and prioritise Fraud and Security initiatives for Client Connectivity, as well as facilitating the execution and implementation of these requirements.

In this role you will:

• Manage the payments fraud risk & Cybersecurity virtual business teams
• Be a member of the change reviews to provide security and payment fraud risk input.
• Work with business product owners, IT and Cyber Security teams to identify security & payment fraud risk controls and ensure implementation
• Review and approve security risk reports for Digital Channels releases
• Promote cyber security and payment fraud risk awareness to internal staff and customers by doing presentations and panel discussions
• Provide thought leadership, and facilitate proactive and effective identification and management of Payment Fraud & Cybersecurity requirements using Agile ways of working
• Develop a framework to proactively identify Payment Fraud & Security controls in new products implemented by the organization and challenge existing approaches
• Enable Client Connectivity to proactively identify, manage and prioritise applicable Payment Fraud & Cybersecurity controls, as well as facilitate the execution and implementation of these controls
• Develop and execute a system to effectively and efficiently track applicable Payment Fraud & Cybersecurity requirements associated with business initiatives, and related implementation decisions

To be successful in this role you should meet the following requirements:

• Leading and managing multiple virtual global teams of different sizes to complete mission critical and tight incidents and projects.
• Deep knowledge in Authentication and Payment Fraud attacks/controls/prevention. Strong knowledge of emerging threats and industry solutions available.
• Experience in interpreting, advising, and applying Payment Fraud or Security controls in Digital first transactional banking solutions.
• Experience in Agile way of working (e.g., create and manage a backlog, write user stories track impediments, quick iterations).
• Ability to both grasp big picture and have rigorous attention to detail.
• Ability to influence a diverse group of stakeholders and management, and demonstrate strong collaboration skills across the organization.
• Strong problem‑solving skills with a results‑oriented mindset.

Being open to different points of view is important for our business and the communities we serve. At HSBC, we’re dedicated to creating diverse and inclusive workplaces – no matter their gender, ethnicity, disability, religion, sexual orientation, or age. We are committed to removing barriers and ensuring careers at HSBC are inclusive and accessible for everyone to be at their best. We take pride in being a Disability Confident Leader and will offer an interview to people with disabilities, long‑term conditions or neurodivergent candidates who meet the minimum criteria for the role.

Matching status can be determined by reviewing the candidate profile requirements and your own experience. If you meet the key qualifications, this could be a match; otherwise, it may be a miss.

warning

About the latest Head of it security wembley Jobsin Wembley !