Head of Cyber Security and Information Risk bei Pzcussons

We are PZ Cussons. Our purpose is For everyone, for life, for good.

Sustainability and the wellbeing of people, families and communities everywhere are at the heart of everything that we do.

Since our founding in 1884, we have been creating products to delight, care for and nourish consumers. Across our core categories of Hygiene, Baby and Beauty, our trusted and well-loved brands include Carex, Cussons Baby, Sanctuary Spa and St. Tropez.

POSITION SNAPSHOT

Job title: Head of Cybersecurity & Security Operations

Location: Manchester

Contract type: Permanent

WHO ARE WE

PZ Cussons is a FTSE250 listed consumer goods business, headquartered in Manchester, UK. We employ around 2,600 people across our operations in Europe, North America, Asia-Pacific and Africa. Since our founding in 1884, we have been creating products to delight, care for and nourish consumers. Across our core categories of Hygiene, Baby and Beauty, our trusted and well-loved brands include Carex, Childs Farm, Imperial Leather, Morning Fresh, Original Source, Sanctuary Spa and St. Tropez.

Sustainability and the wellbeing of our employees and communities everywhere are at the heart of our business model and strategy, and captured by our purpose: For everyone, for life, for good.

If you want to join a business in transformation with exciting growth plans and the opportunity to work flexibly and finish at 1pm every Friday, apply to work for us today.

The Role:

The Head of Cybersecurity & Security Operations is accountable for safeguarding PZ Cussons’ global technology environment, data, and digital assets from cyber threats. This is the most senior cybersecurity position within PZ Cussons. The Head of Cybersecurity & Security Operations provides the strategic leadership, architectural governance, and operational coordination required to protect the organisation’s people, data, and systems.

By leading both operational security and governance, risk, and compliance activities, this role ensures a unified and consistent approach to managing cyber risk. Through strong partnership, influence, and accountability, the Head of Cybersecurity ensures that every part of PZ Cussons contributes to a secure and resilient digital estate, giving the Board and executive team confidence that cyber risk is managed effectively.

They act as the organisation’s senior cybersecurity authority — owning and evolving the enterprise security vision, strategy, and roadmap — and coordinating all cyber initiatives across internal teams, service partners, and business stakeholders.

This role combines strategic leadership, security architecture governance, cyber operations oversight, and governance, risk & compliance (GRC) management to ensure that the company’s digital estate remains protected, resilient, and compliant. The role provides visibility and assurance to executive management and the Audit & Risk Committee, balancing enablement with risk reduction and fostering a strong, positive security culture across all regions.

Key Responsibilities:

Strategic Leadership & Accountability

• Serve as the single point of accountability for cybersecurity and resilience across the enterprise.

• Act as PZ Cussons’ senior cybersecurity authority, owning and evolving the enterprise security vision, strategy, and roadmap.

• Define and execute the cybersecurity programme aligned to business objectives and recognised frameworks.

• Partner with the Director of Infrastructure & Operations, CIO, Legal, Risk, HR, and Supply Chain to embed security into all business operations and change programmes.

• Lead the integration of secure-by-design principles into technology and transformation initiatives.

• Advise the Director of Infrastructure & Operations, CIO, and senior leadership on evolving cyber risks and strategic mitigation priorities.

• Contribute to investment planning, project prioritisation, and IT strategy through a security-first lens.

• Provide regular reporting and assurance on threat posture, incidents, and maturity to the CIO and Audit & Risk Committee.

• Establish measurable KPIs/KRIs and continuous-improvement plans for cyber-risk reduction.

• Act as executive lead during cyber or data-related crises, coordinating response across IT, Legal, Communications, and external partners.

Cyber Risk, Governance & Compliance

• Lead the GRC and Information Risk function, ensuring enterprise-wide visibility of cyber and information risks.

• Maintain oversight of the IT & Cyber Risk Register, ensuring risks are documented, owned, and mitigated within defined tolerances.

• Drive security governance through policy, process, and risk-based controls.

• Chair internal cybersecurity governance forums to review risks, progress, and control effectiveness.

• Ensure compliance with internal and external audit, regulatory, and policy requirements.

• Own the policy, standards, and control environment for cybersecurity, ensuring alignment to corporate governance requirements.

• Lead third-party and supplier assurance, ensuring contractual security obligations and oversight mechanisms are in place.

Security Strategy & Architecture Governance

• Translate strategic objectives into architectural principles and secure-by-design standards across cloud, identity, endpoint, and network domains.

• Provide governance and oversight of enterprise and solution security architecture to ensure consistent protection and resilience.

• Evaluate new technologies, transformation initiatives, and integrations for security risk and alignment to standards.

• Maintain awareness of core technical controls and validate that configurations remain effective and resilient.

• Provide subject-matter input into architecture reviews, change boards, and project delivery gates.

• Partner with architecture and technical-operations teams to embed security within design reviews, change control, and project delivery.

• Monitor emerging threats and technologies to keep the security architecture current and effective.

Security Operations Oversight

• Lead and direct day-to-day cyber-defence operations across internal and managed service teams.

• Ensure robust processes for detection, triage, containment, and recovery from security incidents.

• Act as the primary escalation point for significant security events and coordinate executive communication.

• Manage security service partners to ensure performance, value, and continuous improvement against SLAs and KPIs.

• Oversee vulnerability management, threat intelligence, and continuous monitoring programmes.

• Champion automation and analytics within the security stack to enhance speed and accuracy of response.

• Track and report operational metrics (MTTD, MTTR, vulnerability closure %, incident trends).

Partnership & Collaboration

• Align closely with the Director of Infrastructure & Operations, Technical Operations, Service Delivery, and Application Support teams to ensure security controls are consistently implemented, maintained, and improved across the estate.

• Work collaboratively with the Director of Infrastructure & Operations to embed cybersecurity into IT strategy, operational planning, and transformation initiatives.

• Engage proactively with external partners to ensure services meet performance, compliance, and responsiveness expectations.

• Build strong cross-functional relationships to enable coordinated and rapid response to security events.

• Collaborate with the Data Protection Officer, Legal, and Risk teams to harmonise cybersecurity, data privacy, and corporate-governance obligations.

User Awareness & Culture

• Lead the enterprise security-awareness and behaviour-change programme, promoting positive security culture across all markets.

• Design and sponsor internal campaigns and targeted training that simplify cybersecurity and build user confidence.

• Act as a visible and trusted partner to the business, making cybersecurity accessible and enabling innovation securely.

Resilience & Business Continuity

• Oversee enterprise cyber-resilience and disaster-recovery planning to ensure critical services can recover from disruption.

• Chair or contribute to crisis-management exercises and incident post-mortems.

• Integrate lessons learned into policy, process, and control improvements.

Leadership & People Development

• Lead, mentor, and develop the cybersecurity, GRC, and information-risk team, including the Security Operations Analyst.

• Provide clear goals, performance measures, and career development for direct reports.

• Promote a culture of shared accountability, awareness, and proactive engagement across the business.

• Represent cybersecurity at senior forums, providing authoritative guidance on risk and resilience.

• Build internal capability through education, communication, and recognition of best practice.

Knowledge, Skills & Experience

• 10+ years in cybersecurity leadership within a complex, multi-region organisation. Demonstrated success combining governance, architecture oversight, and operational management.

• Deep understanding of cyber threats, enterprise technology, risk management, and security architecture across cloud, identity, and endpoint ecosystems.

• Skilled in aligning to recognised frameworks (ISO 27001, NIST CSF, CIS Controls) and tailoring them to organisational maturity.

• Experienced in enterpise risk management, audit engagement, and assurance reporting. Understanding of data-protection and corporate-governance codes.

• Strong executive presence with ability to influence across functions and manage both internal and external teams through accountability and collaboration.

• Excellent communicator; capable of briefing senior executives and the Board on cybersecurity posture, risk, and mitigation priorities.

• Certifications (preferred) - CISSP, CISM, CRISC, or equivalent. Cloud-security or Microsoft-security certifications advantageous.

Key Stakeholders

• Director of Infrastructure & Operations

• CIO and Audit & Risk Committee / Internal Audit

• Data Protection Officer / Legal Counsel

• Technical Operations, Service Delivery, and Architecture teams

• Managed service and security operations partners

• Business Unit and Regional IT Leads

Equal Opportunities: 

At PZ Cussons, we value diversity and make sure everyone feels included. We want our team to reflect society and our global customers. We welcome applicants from all backgrounds and your unique perspective helps us develop brands and create new products for our consumers. 

Please note that we are not able to offer visa sponsorship or assist with relocation support for this role. Applicants must have the right to work in the country where this role is located before applying.

If you need extra support during this process, please inform us so that we can accommodate your needs appropriately. It is important to us that all candidates feel recognised and have a good experience with PZ Cussons as part of our commitment to inclusivity. 

#LI-CE1

#LI-Hybrid

PZ Cussons is big enough to make your mark, small enough to make it yours. Apply to join us!