We are seeking a Head of Information Security for a global retail organisation on an initial contract basis, based in Lisbon (hybrid position).
This role may transition to a permanent basis at some point.
This is a senior security leadership role responsible for managing governance, risk, compliance, and security operations across global regions.
The position requires both strategic oversight and hands-on execution, ensuring that security policies, risk frameworks, and compliance measures are further embedded and/or continuously improved within the business.
Key Responsibilities: 1.
Security Governance & Compliance Develop, implement, and enforce security policies across the organisation and its regional entities.
Ensure compliance with recognised Security Frameworks such as ISO27001 / NIST and other industry security frameworks.. Lead the annual security audit and maintain ongoing compliance across global operations.
2.
Risk Management & Supply Chain Security Own and enhance the enterprise risk management framework, ensuring it is adaptable across multiple regions.
Conduct annual security risk assessments and mitigation planning.
Manage supply chain security, assessing vendor risks and responding to customer requirements.
3.
Incident Management & Response Oversee cybersecurity incident management, ensuring an integrated approach across global locations.
Work closely with IT teams in different regions to embed incident response and mitigation strategies.
4.
Security Operations & Third-Party Collaboration Work closely with the Security Operations Centre (SOC) to improve security processes.
Engage with third-party security providers to ensure regional security risks are addressed effectively.
Provide leadership in managing third-party risks.
Qualifications & Experience: 8+ years of experience in IT and cybersecurity, governance, or risk management.
Strong background in compliance with security frameworks such as NIST, ISO 27001, and other similar frameworks.
Proven track record in embedding security policies and risk management frameworks across multiple regions.
Experience working in multinational or global organisations, understanding cross-regional security challenges and building relationships to achieve objectives.
Hands-on experience in security incident response and risk mitigation strategies.
Strong leadership and communication skills to engage with stakeholders at all levels.
Please contact me for more details and an initial discussion.
Thanks Steve