Senior Director of Cyber Security

The Senior Leader of Cyber Engineering and Identity & Access Management (IAM) will provide enterprise‑wide leadership to secure critical assets, enable digital transformation and ensure compliance with regulatory expectations. As a designated Senior Management Function (SMF) under the Financial Conduct Authority’s Senior Managers & Certification Regime (SM&CR) this role carries personal accountability for the effectiveness of cyber resilience, identity security and data protection programs.

The leader will serve as a trusted advisor to the Chief Information Security Officer, Chief Information Officer and the Board, shaping the organisation’s defence strategy while enabling secure growth.

We are seeking a highly experienced and strategic senior leader to oversee our Cyber Engineering, IAM and Data Loss Prevention (DLP) functions. This role will be responsible for driving the design, delivery and governance of enterprise‑wide security engineering solutions while ensuring secure, scalable and resilient identity and data protection services.

• Define and execute the global strategy for Cyber Engineering, IAM and DLP in alignment with the enterprise security and technology roadmap.
• Serve as a trusted advisor to the CISO, CIO and executive leadership on emerging threats, secure architecture, identity and data protection.
• Establish metrics and reporting to demonstrate effectiveness, risk reduction and compliance with regulatory requirements (e.g. NIST CSF, DORA, NYDFS, SOX, FCA).
• Lead engineering teams responsible for core security platforms including endpoint protection, cloud security, network defence, vulnerability management and Dev Sec Ops  integrations.
• Build and mature a comprehensive vulnerability management programme including continuous scanning, risk‑based prioritisation, remediation tracking and Board‑level reporting.
• Drive innovation by embedding security into cloud, hybrid and modern application architectures (Secure by Design principles).
• Ensure the adoption of automation, orchestration and advanced analytics to improve detection, response and resiliency.

• Lead engineering teams responsible for core security platforms including endpoint protection, cloud security, network defence, vulnerability management and Dev Sec Ops  integrations.
• Build and mature a comprehensive vulnerability management programme including continuous scanning, risk‑based prioritisation, remediation tracking and Board‑level reporting.
• Drive innovation by embedding security into cloud, hybrid and modern application architectures (Secure by Design principles).
• Ensure the adoption of automation, orchestration and advanced analytics to improve detection, response and resiliency.

• Own enterprise‑wide IAM strategy including workforce and customer identity, privileged access management (PAM), identity governance and administration (IGA) and multi‑factor authentication (MFA).
• Lead initiatives to modernise and integrate IAM platforms to support cloud adoption, Zero Trust and frictionless user experiences.
• Partner with business and technology leaders to enable secure digital transformation through robust identity services.

• Advance a comprehensive DLP programme to safeguard sensitive information across endpoints, cloud, email and collaboration platforms.
• Establish enterprise‑wide policies and controls to prevent unauthorised data exfiltration, insider threats and regulatory breaches.
• Implement monitoring, classification and enforcement mechanisms that balance data protection with business enablement.
• Partner with business compliance and data governance teams to align DLP strategy with GDPR, FCA, PRA, SOX and other global data protection requirements.
• Provide executive and Board‑level reporting on data protection risks, incidents and mitigation efforts.

• Ensure IAM, DLP and security engineering practices meet regulatory audit and policy requirements.
• Define and maintain standards for identity lifecycle, access controls, data handling and information protection.
• Oversee risk assessments and remediation programmes tied to…