We are seeking an experienced Head of Cyber Security and Productivity Solutions to lead the protection of the company’s information, systems and users across all global environments. This senior leadership role is responsible for embedding security by default across every layer of technology, ensuring that security controls are not only documented but consistently applied and operationally effective.

The role owns information security operations and modern workplace services, spanning identity and access management, endpoint security, data protection, threat detection, incident response and compliance monitoring. Operating across a complex, global technology estate, the Head of Cyber Security and Modern Workplace Operations ensures alignment with recognised governance and control frameworks, including ISO27001, NIST 800-53, NIST 800-171, Essential 8 and Cyber Essentials Plus.

This role acts as the operational bridge between IT, Risk and Compliance, ensuring that security and compliance requirements are embedded into day-to-day operations and technology delivery. It works closely with Technical Operations to ensure infrastructure resilience and with Service Operations to support rapid containment, investigation and root cause analysis of security-related incidents.

In addition, the role leads the Modern Workplace domain, ensuring that end-user devices, collaboration tools and SaaS platforms are secure, well governed and deliver a high-quality user experience.

Key Responsibilities:

Cyber security operations leadership

• Lead information security operations across all global environments.

• Embed a security by default approach across infrastructure, platforms and digital services.

• Ensure security controls are operationally effective and aligned with business needs.

• Manage the relationship with Managed Service Security Partners (MSSP).

Governance, risk and compliance

• Own compliance alignment with ISO27001, NIST 800-53, NIST 800-171, CMMC, Essential 8, DISP and Cyber Essentials Plus.

• Ensure ongoing audit readiness through proactive monitoring, evidence collection and control validation.

• Act as the operational interface between IT, Risk and Compliance functions.

Identity, access and endpoint security

• Own identity and access management standards, including multifactor authentication and conditional access.

• Lead endpoint security and management, including configuration, policy enforcement and lifecycle management using platforms such as Intune and Defender.

• Ensure consistent application of security standards across all user devices and environments.

Threat detection, monitoring and incident response

• Oversee continuous monitoring, threat detection and security event management.

• Lead incident response readiness, coordination and post-incident analysis.

• Work closely with Service Operations to ensure rapid containment and effective remediation of security incidents.

Vulnerability and patch management

• Coordinate vulnerability identification, prioritisation and remediation across infrastructure, platforms and endpoints.

• Ensure effective patch management processes are in place and aligned with risk-based priorities.

Modern workplace operations

• Lead the secure design, configuration and lifecycle management of the modern workplace environment.

• Ensure communication and collaboration tools are secure, compliant and user focused.

• Balance security controls with usability and productivity.

Policy, configuration and audit readiness

• Ensure security configurations, policies and standards are clearly defined, enforced and monitored.

• Maintain audit readiness through strong documentation, reporting and control assurance.

User awareness and behavioural security

• Lead user awareness and behavioural security training programmes.

• Promote secure working practices and a strong security culture across the organisation.

Delivery collaboration

• Engage with IT Project Management and delivery teams to ensure security and compliance requirements are embedded into all projects and change initiatives.

• Provide security assurance and guidance throughout project lifecycles.

Outcomes

• A strong, embedded security by default culture across IT and digital delivery functions.

• Reduced risk exposure through proactive monitoring, detection and response.

• Consistent adherence to compliance frameworks and audit requirements.

• A secure, efficient and user-focused modern workplace experience.

• Improved organisational resilience against evolving and emerging cyber threats.

About you

You are a senior cyber security and workplace technology leader with a strong operational background and a clear understanding of governance, risk and compliance. You are comfortable operating in complex, global environments and influencing across technical and non-technical stakeholders.

You balance security rigor with pragmatism, ensuring controls are effective without unnecessarily impacting user experience or business delivery.

You’ll bring with you experience and capabilities including:

• Proven leadership experience in cyber security operations and/or modern workplace environments.

• Strong knowledge of security frameworks including ISO27001 and NIST.

• Hands-on experience with identity, access management and endpoint security technologies.

• Experience leading threat detection, incident response and vulnerability management activities.

• Strong understanding of SaaS security, data protection and modern collaboration platforms.

• Experience working closely with risk, compliance and audit functions.

• Excellent stakeholder management and communication skills.

You’re good at:

• Embedding security into everyday operations and delivery.

• Translating governance and compliance requirements into practical controls.

• Leading teams through incident response and continuous improvement.

• Balancing security, usability and operational efficiency.

• Communicating clearly with technical teams, leadership and end users.

M&C Saatchi Group is an Equal Opportunity Employer which does not discriminate, celebrates diversity and bases all hiring and promotion decisions solely on talent and capability, without regard for any personal characteristics.

All employee information is kept confidential according to General Data Protection Regulation (GDPR).