Head of Information Security

We are seeking a strategic and forward-thinking Head of Information Security to lead and evolve our enterprise-wide security capability across YTL Utilities UK. 

This is a critical leadership role responsible for establishing a business-enabling security function that protects essential services while supporting agile and compliant delivery across IT, OT and Digital environments. You will operate at the forefront of a dynamic threat landscape, ensuring the organisation maintains a resilient and credible security posture aligned with regulatory expectations and business priorities. 

This is a unique opportunity to shape and lead Information Security within a critical national infrastructure organisation. You will play a pivotal role in building a resilient, future-ready business while influencing security at the highest level. 

What you'll do

• Define and deliver a cohesive security strategy aligned to the Technology Operating Model.
• Ensure security capabilities are structured, scalable and aligned to design principles. 
• Lead the transition from siloed activities to integrated, outcome-driven services. 
• Own and embed the enterprise security risk model into business decision-making.
• Provide forward-looking risk insight and clear reporting to senior leaders and the Board. 
• Establish governance frameworks that enable effective decision-making and accountability. 
• Lead the development of a strong central security architecture capability. 
• Embed security into enterprise architecture, solution design and procurement. 
• Drive standardisation through reusable security controls and patterns. 
• Oversee detection, response and recovery across IT and OT environments. 
• Continuously improve incident response capability and organisational resilience.
• Align incident management with regulatory and crisis management requirements. 
• Embed a risk-based approach to supplier and partner security. 
• Strengthen security boundaries across IT, OT and business environments. 
• Develop a strong security-aware culture across the organisation. 
• Deliver impactful education programmes that drive behavioural change. 
• Position security as a practical, business-aligned enabler. 
• Act as the senior security advisor to the Group CTIO and executive leadership. 
• Provide data-driven insights to senior stakeholders and the Board.
• Lead and shape a high-performing security function aligned to the Technology operating model. 

What you'll need

You will be an experienced security leader with a proven ability to influence at the executive level and deliver integrated, enterprise-wide security capabilities. You will have proven leadership experience in security operations and incident response teams, and experience building and leading integrated security functions. 

A strong track record embedding security into business and technology delivery and a deep understanding of security architecture, threat modelling and security controls will be very important, alongside the experience operating in highly regulated, complex environments.

You will be able to balance risk, cost and business agility at the executive level, and have experience advising Boards and senior stakeholders on cyber risk.

Direct knowledge and experience of the following methodologies and standards: 

• NIS Regulations and Cyber Assessment Framework (CAF)  
• GDPR and Data Protection Act  
• ISO27001:2022, ISO27005, ISO31000  
• PCI DSS  
• NIST 800-30 / 800-53  
• CIS Top 18 and OWASP Top 10 

What you'll receive

• A combined pension contribution of up to 20%. 
• Career progression and professional development opportunities. 
• 25 days' holiday rising to 28 with length of service. 
• The opportunity to sell up to five days of holiday every year. 
• The opportunity to buy up to ten days of holiday each year (subject to conditions). 
• A healthcare package that allows you to claim back healthcare costs. 
• Life assurance of up to eight times your salary. 
• The opportunity to lease a new electric car through salary sacrifice (subject to conditions). 
• Cashback and discounts from more than 3,000 retailers. 
• One paid volunteering day each year. 
• Enhanced family leave and pay arrangements. 
• Access to an interactive health and wellbeing platform. 
• Support from trained mental health first aiders. 
• A £1,000 referral fee if you recommend someone who is successfully recruited by us. 

Who we are

YTL UK is part of the international YTL Group based in Kuala Lumpur. The UK companies include: 

• Wessex Water – one of the top-performing water and sewerage companies in England and Wales, serving 2.9 million people across the South West 
• YTL Developments – a major UK developer currently redeveloping a 350-acre former airfield into an award-winning, exciting mix of houses, apartments, schools, commercial space, restaurants and hotels, to make a truly sustainable new community 
• YTL Construction UK – a top 20 UK contractor providing fully integrated services to infrastructure, residential, commercial, industry, energy and environmental sectors 
• YTL Live – the development and operation of an entertainment complex that includes a 20,000 capacity arena, conferencing and exhibition space plus a number of other retail, environmental and specialist businesses. 

Our people tell us that YTL UK is a great place to work, which is why so many of them stay with us! You will have a unique opportunity to develop and progress your career within such a diverse group. We are passionate about diversity and inclusion – with that in mind, all applicants are welcome. We are delighted to have signed the Armed Forces Covenant and are a Disability Confident Employer.

If you require reasonable adjustments to be made during the recruitment process, please inform a member of our Recruitment team.