Global Head of Cyber Strategy - London, United Kingdom - Diageo

Diageo

Verified Company

London, United Kingdom

2 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

Job Description:
About us

Diageo is the world's leading premium drinks company with an outstanding collection of brands, such as Johnnie Walker, Smirnoff, Baileys, Captain Morgan, Tanqueray and Guinness.

With over 200 brands in 180 countries and a global network of entrepreneurial individuals, our teams blend a diverse range of experience, knowledge and skills.

We connect customers and consumers to our iconic products and create innovative experiences that bring people together to celebrate life.

About the function

Information Management & Security (IM&S) is committed to protecting Diageo brands, revenue, reputation, and employees through a global program including cyber security strategy and risk management.

About the role

The Global Head of Cyber Strategy will provide the leadership that aligns the business Must Do's with security goals, objectives, threats, risks, and mitigation plans.

This is a global role that requires alignment across D&T Strategic Planning, Value Streams, and Enterprise Services.

Main responsibilities- Develop an annual plan for information security programs and prepare the project budgets for submission and approval by the Digital & Technology (D&T) Portfolio Board.- Validate that the strategic initiatives have been delivered as planned and have achieved the expected benefits in terms of new capabilities, risk reduction, and cost avoidance or reduction.- Develop a multi-year cyber strategy, goals, and plans and communicate it to D&T leadership.- Demonstrate how cyber security plans address both complex cyber threats and escalating pace of digital and information risk.- Align the security program across Enterprise Architecture and D&T Value Streams.- Provide line management of the cyber security risk management function (i.e., one direct report).- Develop and maintain the information security strategy which supports Diageo Must Do's and IM&S objectives across the Risk Management, Data Privacy, IT General Controls, Security Operations, and Records Management.- Manage the cyber security risk management function ensuring a proactive effective program operates to identify the mitigate strategic risks.- Align with Enterprise Architecture in the creation of strategic roadmaps that will drive a global investment program for IM&S.- Transform high level strategy into actionable annual portfolio plans that will address the threats and risks.- Act as the Business Partner leading the IM&S Value Stream and attend monthly Value Stream Board meetings to seek financial approval to initiate projects and review ongoing portfolio financial status.- Ensure the strategy function sustains the capabilities required to stay in the Top Quartile of CPG companies.- Align with the Security Enterprise Architect on the goals and objectives of the IM&S strategy so that the Architect can select the best solution to achieve each goal.- Ensure that strategic security plans map back to cyber security risks in the Risk Register.

Additional responsibilities- Build a multi-year investment program around the strategy and create the business cases to support the investments.- Drive the annual portfolio planning process which requires the creation of Project Briefs, entering the projects costs, dates, and required resources into Planview, working with the Portfolio Management Office to complete their requirements for portfolio submission.- As the Business Partner for the IM&S Value Stream, initiate projects approved by the Portfolio Board by ensuring a Security lead completes the Project Initiation Document (PID) and Financial Workbook for each project.- Seek D&T Finance approval in a Value Stream Board meeting to move each project from Ideation to Initiation status in Planview and request a Project Manager from the Project Management Office.- Develop Key Performance Indicators (KPIs) and thresholds against each of the IM&S initiatives.- Attend weekly IM&S PLT meetings to monitor the progress on each inflight project and intervene as needed to resolve project issues.- Manage the risk management function to ensure that cyber security risks are properly managed and adhere to the Global Risk Management Standard and the IM&S Risk Management Process.

- Align with D&T stakeholders in the following functions: Enterprise Architecture, Portfolio Management Office, D&T Portfolio Finance, Value Stream leads, Enterprise Services, Business Integrity, Business Development (Mergers & Acquisitions), D&T Regional Planning Leads

Work Experience/Skills required- Minimum of 15 years of broad information security experience including responsibility for direct line management of a security team- Experience developing and implementing security strategy for a large global organization- Broad knowledge of IT security vendors and products and how they mitigate risk- Depth and breadth across all the core bodies of information security knowledge including threat, vulnerability, risk, and controls.

- Excellent English oral and written commun