The Role
Group Cyber Security Overview
The Group Cyber Security team are responsible for ensuring that the cyber risk is managed appropriately across the Group. The cyber strategy has been updated and there is a renewed focus recognising that cyber security needs to be part of the Groups culture and DNA.
The Group operates a highly federated business model. The cyber strategy has considered the most effective way to build improved cyber capabilities while supporting the effectiveness of this operating model.
It’s an exciting time to join the Group Cyber Security team – a time of significant investment. With the adoption of the new strategy, Group Cyber Security will be responsible for setting the cyber standard and measuring compliance to this standard for all businesses within the Group. A multi-year transformation programme has been established to build improved cyber capabilities. This is a diverse programme touching all areas of cyber security. This permanent role will play a key part in shaping and supporting the delivery of the transformation programme, before assuming responsibility for embedding, operating, and continually improving the new initiatives as they transition into business‑as‑usual
Role Summary
As the strategic architect of Manufacturing and OT cyber security future, the Head of Manufacturing and OT Security develops and owns the OT cyber security strategy, shaping a resilient, forward-thinking environment where operational technology and manufacturing plants are safeguarded against evolving threats.
Reporting into the Group CISO, this role sets the strategic vision, defines the security technology roadmap, and establishes robust controls and governance frameworks that empower every division to operate securely and resiliently. By partnering with divisions to drive risk reduction and security improvements and championing regulatory excellence and continuous improvement, this leader will deliver step-change transformation across the global Manufacturing/OT landscape.
Through dynamic collaboration, expert guidance, and charismatic leadership, the Head of Manufacturing and OT Security will inspire teams and stakeholders to elevate security awareness, respond decisively to incidents, and build a legacy of operational resilience that enables the Group to thrive in a rapidly changing digital world.
Role Responsibilities/Accountabilities
Key Responsibilities:
1. Manufacturing / OT Security Assurance and Culture
• Develop and own the costed Manufacturing and OT cyber security strategy, laying out the vision for Manufacturing and OT resilience and improving the operational resilience of plants from cyber-attacks.
• Define the technology roadmap for Manufacturing and OT security, ensuring alignment with business objectives and transformation goals.
• Define and uphold standard controls and architecture blueprints for Manufacturing/OT security.
• Define, develop, and continuously improve the Manufacturing/OT security operating model, including sourcing appropriate support services.
• Manage and assure regulatory compliance with respect to Manufacturing/OT Cyber Security and coordinate the submission of NIS2 requirements, leveraging the GRC and Technical Assurance teams.
• Maintain a register of Manufacturing/OT projects relevant to Manufacturing/OT security and assure that security processes are followed and reviewed with system owners.
• Establish and run appropriate governance boards for OT and Manufacturing cyber security.
• Champion Manufacturing/OT Security Governance within the business area, including risk management, internal governance boards, compliance frameworks, and supply chain.
• Champion education and awareness about Manufacturing/OT cyber risks.
• Support and champion the Manufacturing/OT step change improvements that are delivered through the GCS Transformation programme.
• Collaborate across verticals with the GCS Leadership Team.
2. Risk Management
• Coordinate and assure delivery of Manufacturing/OT cyber security risk reduction activities, providing assurance to manufacturing security owners that risks are effectively managed.
• Review risk assessments for security concerns to ensure quality and identify common gaps.
• Partner with divisions to drive risk reduction and security improvements.
• Assure Manufacturing/OT security vulnerability intelligence is reviewed, with appropriate responses communicated to stakeholders.
3. Third Party Management
• Ensure relationships with Manufacturing and OT third-party suppliers are managed, with secure connectivity, alignment with the Group security standards, and appropriate risk management in coordination with System Owners.
• Enable third-party risk and assurance, including supplier assessments, contractual compliance, and secure third-party connectivity.
4. Incident Response
• Assuring Manufacturing/OT Security Incident Response plans are in place and tested, and the appropriate business division representatives are included in Manufacturing/OT Incident Response Teams.
• Be a key member of the Cyber Incident Management Team, assisting in coordination for incident response and ensuring Manufacturing/OT incident response plans are in place, tested, and inclusive of relevant business/division representatives.
5. Awareness, Training & Leadership
• Raise awareness of Manufacturing/OT security risks and partner with divisions to provide training and build a culture of security.
• Champion education and awareness about Manufacturing/OT cyber risks across the group.
• Lead and manage the Manufacturing/OT security team, setting clear objectives and fostering a culture of continuous improvement.
• Act as a subject matter expert (SME) and trusted advisor to system owners, divisions, and senior stakeholders.
• Demonstrate charismatic, all-round leadership to drive change and inspire teams.
Experience, Knowledge, Skills & Attributes
• 7+ years’ experience in Manufacturing/OT cyber security within a large, complex organisation.
• Deep understanding of OT environments (SCADA, ICS, PLCs, DCS), securing industrial control systems and critical infrastructure, knowledge of OT-specific protocols (Modbus, OPC, DNP3, etc.) and risk assessment and threat modelling for OT systems.
• Strong knowledge of cyber security frameworks (ISO 27001, NIST, CIS Controls) and OT security standards such as IEC62443 and NIST 800-82.
• Expertise in relevant regulatory compliance such as NIS2 and H&S regulations.
• Proven experience developing and implementing enterprise-wide cyber risk management processes.
• Professional certifications such as CISSP, CISM, GICSP or ISA/IEC 62443 certificates.
• Excellent leadership, communication, and influencing skills.
• Excellent collaboration skills with cross-functional teams.
• Ability to drive cultural change and embed security awareness.
Desirable
• Experience operating within a federated business model
:quality(80))
:quality(80))
:quality(80))