Head of Global Cyber Risk, Policy, Reporting & Compliance

Head of Global Cyber Risk, Policy, Reporting & Compliance
Location: Global

Serco delivers critical public services across highly regulated sectors and complex operating environments worldwide. Maintaining a strong, consistent and transparent cyber risk and compliance posture is fundamental to trust, resilience and long-term performance.

The Head of Global Cyber Risk, Policy, Reporting & Compliance is a senior leadership role accountable for defining, governing and continuously enhancing Serco’s global cyber risk management and compliance framework. The role ensures cyber risk is clearly understood, effectively managed and fully integrated into Serco’s wider enterprise risk landscape at a divisional level. Acting as a trusted advisor to the Group CISO & wider ELT this role provides authoritative insight, assurance and direction on cyber risk, policy and regulatory compliance across all regions.

What you’ll be doing

•    Establish, own and continuously enhance a global cyber risk management framework spanning all business units, contracts and geographies.
•    Define and maintain Serco’s global cyber risk appetite, thresholds and supporting dashboards, ensuring clear visibility of risk exposure and trends.
•    Identify, assess and prioritise cyber risks, ensuring proportionate mitigation strategies and effective risk treatment plans are in place & ensure cyber risks are fully integrated into enterprise risk management processes and corporate risk registers, aligned with Group risk governance.
•    Own and govern the global cybersecurity policy suite, including standards and baseline control requirements.
•    Ensure global policies and controls remain aligned with regulatory and contractual obligations including GDPR, NIS2, PCI-DSS, SOC and other jurisdiction-specific requirements.
•    Drive consistent global adoption of policies and standards, working closely with technology, operations and business leaders.
•    Lead global cyber compliance programmes, ensuring ongoing adherence to regulatory, contractual and industry requirements across all regions.
•    Own audit and regulatory readiness, including external assessments, certifications and regulatory reviews.
•    Build and operate a global compliance monitoring capability, ensuring findings are tracked, remediated and reported effectively.
•    Act as the senior point of contact for regulators, auditors and key external stakeholders on cyber risk and compliance matters.
•    Own global cyber risk and compliance reporting to the Group CISO, Group CD&TO, Executive Committee and Board.
•    Deliver forward-looking analysis and trend insight on emerging threats, control effectiveness and changes in risk posture.
•    Partner closely with Security Operations, Architecture, Data Protection and Privacy, Legal, Internal Audit, IT and divisional technology leadership.

What you’ll need to succeed

•    Significant leadership experience in risk management & security governance, ideally from a Cyber security perspective, within large, complex organisations.
•    Proven track record of establishing and operating enterprise-wide risk frameworks, policy suites and governance models.
•    Demonstrable experience engaging with regulators, auditors and Board-level stakeholders.
•    Strong understanding of regulatory, assurance and risk frameworks across multiple jurisdictions.
•    Ability to balance regulatory and control requirements with commercial realities and operational delivery.
•    Highly credible communicator, able to articulate complex risk issues clearly to senior technical and non-technical audiences.
•    Strong leadership capability, influencing across regions, cultures and organisational boundaries.
•    Collaborative, pragmatic and resilient, able to lead through complexity and competing priorities.

What we offer

•    Competitive six figure leadership salary 
•    Performance bonus of up to 40%
•    Executive-level benefits package including 10% pension, a company car or £5860 car allowance and flexible benefits
•    A highly visible role with direct exposure to Executive Leadership and the Board
•    The opportunity to shape and assure cyber risk and compliance at global scale in a purpose-driven organisation

All Serco employees must ensure that their current line manager is aware of their application.  For confidential enquiries please contact MyHR. Serco are Disability Confident Leader employers and are committed to employing and retaining people with disabilities.  Disabled applicants who meet the minimum criteria for the job will be given the opportunity to demonstrate their abilities at an interview. For help with your application please contact 0345 010 4000.