Director of Information (Cyber) Security – UK

Job Description

Company: Jewson

Location: Coventry, GB

STARK UK
is a leading building materials distributor in Northern Europe, is looking for an impact-oriented
Director of Information (Cyber) Security
to drive major change and elevate technology’s role in an industry leader.

With a transformation over the past 2 years the CTO will play a key role in shaping the future of the team, instilling the right culture and ways of working, and supporting the change required for technology to underpin the continued growth of the UK business.

What You’ll Be Doing
The Director of Information Security (UK) is responsible for leading the strategic direction, operational excellence, and continuous improvement of the company’s information and cyber security capabilities. This role ensures the confidentiality, integrity, and availability of information assets, while delivering robust security governance, risk management, and compliance.

The Director will play a critical role in aligning security strategy with business objectives, driving digital transformation, and fostering a culture of security awareness and resilience. The Director will oversee incident response, policy/standards development, and the implementation of security controls to support business growth and regulatory compliance. This role will work collaboratively with the Group CISO and team.

You Will Be Required To

• Define and publish the UK Business Unit Information & Cyber Security (ICS) Strategy and Vision, ensuring alignment to Group strategy

• Develop, implement and monitor UK ICS programme of improvements

• Establish the UK ICS Roadmap with supporting architectural roadmap

• Govern UK-based security policies and standards, providing requirements for related technical processes/documentation

• Direct the management of IT Security risks

• Oversee the development and implementation of security training & awareness

• Develop and lead the UK ICS team to ensure they can deliver business strategy in alignment with agreed security strategy

• Facilitate incident-response planning and security incident support, with Global SoC

• Provide the UK Exec Team with appropriate management information and cyber security intelligence and insight, to support decision-making

• Assure compliance with relevant legal and regulatory requirements

• Partner with the business to assist with business and technology planning

What You’ll Need To Have
Technical Expertise

• Proven experience leading information security teams in large, complex organisations.

• Strong expertise in security strategy, governance, risk management, and compliance (e.g., ISO 27001, NIST, Cyber Essentials, GDPR).

• Demonstrated ability to deliver and embed security policies, standards, and technical controls at scale.

• Demonstrated ability to deliver and embed security policies, standards, and technical controls at scale.

• Track record of driving cultural change and building security-conscious communities.

• Knowledge of data privacy, regulatory requirements, and industry best practices.

• Experience with security audits, third-party risk management, and vendor assessments.

Leadership & Strategy

• Innovative thinking and leadership skills, with an ability to lead and motivate cross-functional teams

• Excellent leadership and people management skills, with experience developing multidisciplinary teams.

• Excellent interpersonal, collaboration and communication skills (written/verbal) and a proven ability to work with all levels of stakeholders. Able to bridge technical and business domains.

Methodologies & Compliance

• Proficient in ITIL, and Agile.

• Knowledge of cybersecurity principles and compliance frameworks (ISO 27001, GDPR, etc).

• Support the formulation and manage business continuity and disaster recovery (DR) plans to ensure high availability and resilience of critical systems.

Education & Experience

• Bachelor’s degree in computer science, Engineering, or related field (Master’s preferred). Relevant professional certifications (e.g., CISSP, CISM, CISA, CRISC) are highly desirable.

• Substantial experience in risk, security, IT roles.

• Professional security management certification

Behaviours

• Makes time to understand business while adapting to rapidly changing conditions.

• Calm under pressure and able to work to tight deadlines and targets.

• Able to prioritise conflicting demands on personal and departmental resources.

• Self-starter who proactively initiates change at pace.

• Results driven, sets ambitious goals and defines clear priorities.

Source: BeBee