Role Overview
The VP, Security Consulting provides enterprise‑level leadership and strategic advisory in the design, governance, and integration of cybersecurity capabilities across the Group. Reporting to the Group Chief Information Security Officer (GCISO), this role acts as a trusted advisor and design authority, ensuring security decisions are aligned with business objectives, regulatory requirements, and the Group's cybersecurity framework.
The role leads high‑impact security consulting engagements and provides executive oversight across security architecture, threat modelling, technology risk, and incident preparedness. It operates as an advisory and governance role and does not assume day‑to‑day security operations.
Responsibilities:
- Own enterprise security policies, standards, and guidelines in alignment with Group cybersecurity principles.
- Lead a team of Cybersecurity Specialists performing security architecture reviews and advisory engagements
- Acts as final security design authority for enterprise‑level, high‑risk initiatives, with escalation to the GCISO for formal risk acceptance by Business Owners where required
- Serve as a trusted delegate of the GCISO in enterprise security advisory matters, governance forums, and senior stakeholder engagements, as assigned
- Own and continuously enhance the enterprise threat modelling and security architecture assurance capability
- Advise senior business and technology leaders on cybersecurity risks, trade‑offs, and emerging threats
- Partner with Group IT and business teams to enable secure adoption of cloud, AI, and emerging technologies
- Support continuous improvement of incident preparedness, resilience, and security culture initiatives
- This role reports directly to the Group Chief Information Security Officer (GCISO)
Requirements:
- Bachelor's degree in Computer Science, Information Technology or related field
- 10–15 years of progressive experience in cybersecurity, with demonstrated leadership in security consulting, architecture, or enterprise advisory roles
- Strong ability to communicate cybersecurity risks clearly in business and executive‑level terms
- Proven ability to influence senior stakeholders and govern security outcomes in complex, matrixed organisations
- Deep expertise across security architecture, risk management, incident response, cloud and AI security
- Strong working knowledge of major security frameworks and standards (e.g. ISO 27001, NIST, CIS, OWASP, MITRE ATT&CK)
- Relevant certifications (e.g. CISSP, CISM, CISA) strongly preferred
