Job Title: Head of Cyber Security Delivery
Job Family: Head of Cyber Security
Job Group: Solutions
Job Band: B
Days: Monday to Friday
Hours: 40 hours per week
Typically reports to Chief Information Security Officer
Classification: Confidential
Role Purpose
The Head of Cyber Delivery is accountable for defining, mobilising and executing the Cyber Security change portfolio in alignment with the organisation's cyber strategy. Operating within the Cyber Security Leadership Team and reporting directly to the CISO, the role ensures that strategic cyber objectives are translated into structured, governed and measurable programmes of delivery across a complex, highly regulated Critical National Infrastructure (CNI) environment.
This position operates at the intersection of Cyber Security, Enterprise IT, Operational Technology (OT), and Business Leadership, ensuring that cyber initiatives are aligned with enterprise risk appetite, regulatory obligations, and operational resilience priorities.
Specific Responsibilities
- Translate the enterprise Cyber Security Strategy into an executable, prioritised and governed delivery roadmap.
- Lead and mature cyber programme and project delivery disciplines across the Cyber function.
- Ensure compliance with UK regulatory frameworks applicable to aviation and Critical National Infrastructure.
- Strengthen Heathrow's cyber resilience posture in the context of evolving threat landscapes.
- Ensure cyber investment delivers measurable risk reduction and operational value aligned to business objectives.
Programme & Project Delivery
Lead a team of Cyber Project Managers responsible for delivering a portfolio of security transformation initiatives. Oversee large-scale change programmes spanning IT, OT and airport operational environments. Ensure delivery methodologies are appropriate for a regulated CNI context (e.g., hybrid agile/waterfall, structured assurance checkpoints). Manage interdependencies across technology, operational and regulatory workstreams. Ensure delivery outcomes are measurable in terms of risk reduction, control maturity and compliance uplift.
Regulatory & Compliance Alignment
- UK aviation security frameworks
- CNI requirements
- Data protection legislation
- Relevant standards such as National Cyber Security Centre guidance and ISO/IEC 27001
Stakeholder & Relationship Management
- Cyber Security leadership
- CIO and senior IT leadership
- Operational airport leadership
- External partners and suppliers
- Regulatory authorities
Capability & Team Leadership
Develop and mature the Cyber Delivery function, embedding best practice programme and portfolio management disciplines. Provide functional oversight to technical teams delivering cyber capabilities. Establish a performance culture focused on accountability, transparency and continuous improvement. Mentor and develop Cyber Project Managers and delivery leads.
Financial & Commercial Oversight
Own cyber delivery budget tracking, forecasting and benefits realisation management. Oversee supplier performance and contract delivery in conjunction with Commercial and Procurement teams.
Qualifications and Experience
Experience (Essential):
- Minimum 5 years' experience in a senior cyber, technology or security delivery leadership role.
- Demonstrable experience leading large-scale transformation programmes in complex, highly regulated environments.
- Experience operating within Critical National Infrastructure sectors (e.g., aviation, transport, utilities, defence).
- Proven track record of delivering cyber security capabilities at enterprise scale.
- Experience engaging directly with executive stakeholders and regulators.
- Exposure to aviation sector environments and understanding of airport operational systems.
Essential Skills:
- Strong portfolio and programme governance expertise (e.g., MSP, PRINCE2, SAFe or equivalent frameworks).
- Deep understanding of cyber risk management, threat landscapes and control frameworks.
- Ability to align cyber investment to quantified risk reduction and business outcomes.
- Executive-level communication and reporting capability.
- Advanced stakeholder management and influencing skills.
- Financial acumen including budget management and benefits realisation.
- Strong leadership capability across matrix and federated structures.
Desirable Skills:
- Experience integrating IT and Operational Technology (OT) security programmes.
- Knowledge of aviation-specific regulatory environments.
- Familiarity with NIS Regulations and UK CNI oversight structures.
- Experience in crisis management or cyber incident recovery programmes.
- Exposure to cloud security transformation and identity modernisation initiatives.
Education & Professional Certifications:
- Bachelor's degree in Cyber Security, Information Security, Computer Science, Engineering or related discipline (or equivalent professional experience).
- Relevant certifications such as CISSP, CISM, CRISC, MSP / PRINCE2 Practitioner, PgMP or equivalent senior programme qualification (desirable).
Personal Attributes
- Strategic thinker with strong execution discipline.
- Credible and authoritative leader within technical and business environments.
- High integrity and resilience under pressure.
- Collaborative, transparent and outcome-driven.
- Comfortable operating in a highly visible, mission critical national infrastructure setting.