Director of Cyber Security, Financial Times

• Proven leadership experience in a senior cyber security role, ideally within a complex, global organisation
• Deep expertise in one or more of the following areas: security consultancy, security engineering, vulnerability management or governance
• Deep knowledge of modern DevSecOps practices
• Experience in leading vulnerability management programs, including expertise in utilising tools and processes for vulnerability scanning, conducting penetration testing, and delivering actionable reporting to support an effective and comprehensive vulnerability management strategy
• Excellent communication and stakeholder management skills, with the ability to convey complex technical issues to non-technical audiences
• Hands-on experience collaborating with engineering and development teams to integrate security into CI/CD pipelines
• Experience in applying and conforming to relevant regulations and standards such as Cyber Essentials, GDPR, ISO 27001, NIST Cybersecurity Framework
• Strong analytical and problem-solving skills, with a determined and proactive approach
• Knowledge of emerging security trends and threats relevant to the publishing and media industry

Desirable

• As Director of Cyber Security, you will be at the forefront of safeguarding the Financial Times' digital landscape, leading critical functions in Cyber Consultancy & Engineering and Cyber Governance
• Reporting directly to the Vice President of Cyber Security, you will help drive the strategic vision and operational excellence needed to fortify the FT’s cyber defences
• This role is pivotal in enabling the organisation to innovate fearlessly and operate with confidence, ensuring resilience against an ever-evolving threat landscape
• Your leadership will shape a secure future for the FT, empowering the business to thrive securely in the digital age
• Secure Development: Collaborate with engineering and IT teams to embed security into systems and applications
• Technical Expertise: Provide guidance on secure architecture, secrets management, and best practices
• Threat Management: Lead all aspects of penetration testing, bug bounty programs, and vulnerability reporting to mitigate risks and align with regulations
• Vendor Relationships: Manage partnerships with security vendors, ensuring value and support
• Compliance and Risk: Ensure adherence to standards like Cyber Essentials, ISO 27001, and GDPR. Manage third-party risks, audits, and a comprehensive risk register
• Policy and Governance: Develop and maintain policies, procedures, and a robust governance framework to address evolving threats
• Strategic Oversight: Support incident response and provide advice to enhance the organisation's cyber readiness
• Culture and Awareness: Foster a security-conscious culture through training and advocacy
• Performance Tracking: Define important metrics to measure and communicate the success of security initiatives
• Team Development: Lead, mentor, and retain a high-performing team of professionals
• Strategic Alignment: Partner with the VP of Cyber Security to align strategies with business objectives and drive impactful change