Head of Security and Compliance

Cambridge
1 month ago
Applications closed

Related Jobs

View all jobs

Information Security Manager - ISO27001

Cyber Security Manager

Senior IT Information Security Officer

The Head of Data and Information Security

IT Manager

IT Manager

Why join Marshall Land Systems in this role?

The Head of Business Security & Compliance is responsible for leading the global security and compliance strategy across all UK, European and Canadian sites, programmes, and projects. The role provides senior expertise across information security, cyber security, data governance, and defence security requirements, ensuring the organisation meets all legislative, regulatory, and contractual standards. This position acts as the principal link between technical teams, business leadership, government partners, clients, and external authorities to maintain a robust, compliant, and resilient security environment.

Responsibilities in this role include:

Strategic Security, Data Governance & Compliance Leadership

Provide senior leadership on IT and data compliance, including global expertise in data management, information security, and GDPR requirements.
Establish, maintain, and continuously improve the organisation's security frameworks, procedures, policies, and standards, ensuring alignment with legislation, MoD requirements, Government guidelines, contract requirements and corporate expectations.
Lead initiatives to embed and sustain a robust security culture across all business areas.

Cyber Security Oversight & IT Assurance

Oversee cyber security governance, working closely with IT teams and managed service providers to ensure controls are implemented, functioning, tested, and routinely audited.
Provide senior guidance to ensure IT systems and infrastructure comply with security procedures, data protection standards, and operational requirements.
Develop and deliver organisation-wide training on IT compliance, information security, and cyber security best practices.
Defence Security, Accreditation & Classified Material Management
Act as the organisation's Security Controller and Crypto Custodian, ensuring full compliance with defence security obligations.
Manage all aspects of personnel and facility security clearances, security accreditation, and the handling, processing, storage, mustering, and destruction of protectively marked and crypto-related material.
Lead the management of Security Aspects Letters (SALs), security reporting, audits, and all requirements linked to defence contracts.

Physical, Facilities & Operational Security

Plan, implement, and oversee FSC-compliant physical and operational security measures for sites, facilities, programmes, and projects.
Manage contracts and performance for security services, systems, and equipment.
Ensure security vetting processes are effectively managed in partnership with HR and deliver mandatory security inductions and briefings.

Assurance, Monitoring & Reporting

Lead the audit and assurance programme to validate the effectiveness of security procedures, controls, and compliance measures.
Analyse security incidents, produce monthly security performance reporting, and proactively address emerging patterns or risks.
Maintain organisational security SLAs, manuals, and compliance documentation, ensuring all accreditations remain current and properly governed.

Stakeholder Engagement & External Relations

Work closely with internal stakeholders to anticipate and resolve security risks, ensuring programmes and projects meet required security standards.
Maintain influential relationships with external commercial and government security advisors, including the Police, CTSA, MOD, NPSA, DE&S, and other relevant agencies.
Represent the organisation confidently in all security-related engagements, audits, and consultations.

Continuous Improvement & Environmental Awareness

Monitor changes in legislation, technology, threat landscapes, and best practices to ensure the organisation remains compliant and well-protected.
Drive continuous improvement across all areas of security and compliance.

Apply if you have most of the following:

Extensive experience in security, information assurance, cyber governance, or compliance roles.
Proven track record leading security in a multi-site or multinational organisation.
Experience working with MoD, NPSA, DE&S, government security agencies, or other regulated defence/security environments.
Experience handling classified information, managing clearances, or acting in roles such as Security Controller or Crypto Custodian.
Demonstrated experience overseeing cyber security controls, audits, or compliance in partnership with IT teams and MSPs.
Familiarity with frameworks such as ISO 27001, NIST, CAF, or similar standards.
Experience developing corporate security policies, frameworks, and operating procedures.
Experience leading security accreditation, assurance reviews, or certification maintenance.
Exposure to facility and physical security planning, contract management, and security technology solutions.
Experience delivering security awareness training and supporting cultural transformation programmes.
Successful track record working with senior leadership teams, HR, IT, facilities, programme management, and external partners.
Experience presenting security performance, risks, and incident insights to executive boards or senior stakeholders.
Experience analysing incidents, producing incident reports, and implementing corrective actions

Additional local needs

The successful candidate will need to be eligible to obtain full SC clearance.

The benefits we will offer you include:

27 days holiday increasing with service up to 30 days (option to buy /sell)
Pension contributions up to 9%
Private medical insurance for you and your partner
Extensive flexible benefit program including Cycle to Work
Life assurance at 4x basic salary
Enhanced parental leave and pay
Paid volunteering leave
Access to industry leading wellbeing resources and tools

Marshall Land Systems is a Canadian-owned global company with an unrivalled pedigree of British engineering excellence. From its origins in Cambridge, UK, through more than a century of innovation, pioneering advances from the nose of Concorde to the early Hydrogen fuel cell technology that ultimately powered the moon landings, Marshall engineers now continue to innovate specialist vehicles and infrastructure for NATO forces across the world. From bomb disposal vehicles to deployed shelters, from command and control to CT scanners on the battlefield, Marshall Land Systems protects people in critical situations with the very best in engineering. It employs 600 people with major facilities the UK, Canada, and the Netherlands.

#LI-Hybrid

#LI-DS1

#IND-AEO

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

How to Write a Cyber Security Job Ad That Attracts the Right People

Cyber security is now a board-level priority for organisations across the UK. From financial services and healthcare to critical infrastructure, SaaS platforms and the public sector, demand for skilled cyber security professionals continues to grow. Yet despite this demand, many employers struggle to attract the right candidates. Cyber security job adverts often generate large volumes of applications, but few are a genuine match. Meanwhile, experienced security engineers, analysts and architects quietly ignore adverts that feel vague, unrealistic or disconnected from real security work. In most cases, the problem is not a lack of talent — it is the quality of the job advert. Cyber security professionals are trained to assess risk, spot weaknesses and question assumptions. A poorly written job ad signals organisational immaturity and weak security culture. A well-written one signals seriousness, competence and trust. This guide explains how to write a cyber security job ad that attracts the right people, improves applicant quality and positions your organisation as a credible security employer.

Education Jobs

Maths for Cyber Security Jobs: The Only Topics You Actually Need (& How to Learn Them)

If you are applying for cyber security jobs in the UK it can feel like “real security people” must be brilliant at maths. The reality is simpler: most roles do not need degree-level pure maths. What they do need is confidence with a small set of practical topics that show up repeatedly in day-to-day work across SOC, incident response, cloud security, AppSec, threat detection, IAM & security engineering. This guide strips the maths down to what actually helps you get hired. It includes a 6-week learning plan plus portfolio projects you can publish to prove the skills. You will focus on: Number systems & bitwise thinking (binary, hex, bytes, XOR) Modular arithmetic basics (enough to understand how modern crypto “works”) Probability & statistics for detection, triage & risk Discrete maths for logic, sets, graphs & complexity Security maths habits: estimation, false positive control & evidence-led reporting You will not waste time on heavy theory that rarely appears in junior or mid-level cyber security roles.

Jobs

Neurodiversity in Cyber Security Careers: Turning Different Thinking into a Superpower

Cyber security is all about thinking like an attacker, spotting unusual patterns, protecting systems & responding calmly when everything looks like it’s on fire. It’s a discipline built on curiosity, persistence & noticing things other people miss. That’s exactly why it can be such a good fit for many neurodivergent people. If you live with ADHD, autism or dyslexia, you may have been told your brain is “too distracted”, “too literal” or “too disorganised” for a security role. In reality, the traits that can make traditional office work tough often line up beautifully with cyber security work – from hyperfocus in incident response to meticulous analysis in threat hunting. This guide is written for cyber security job seekers in the UK. We’ll look at: What neurodiversity means in a cyber context How ADHD, autism & dyslexia strengths map to different security roles Practical workplace adjustments you can ask for under UK law How to talk about neurodivergence during applications & interviews By the end, you’ll have a clearer sense of where you might thrive in cyber security – & how to turn “different thinking” into a genuine superpower.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.