Director of Cyber Security

About Us

The Financial Times is one of the world’s leading news organisations, globally recognised for its authority, integrity and accuracy, with a mission to deliver quality information and services worldwide.

At the FT, curiosity thrives and ambitious thinking is rewarded. Together, we help audiences stay better informed and deepen their understanding of the world around them.

Our Product & Tech teams drive us forward in an ever-evolving digital landscape, delivering cutting-edge products to over one million digital subscribers daily. Our growth relies on a diverse, dedicated and dynamic group of product, tech, delivery and data specialists.

With a supportive culture, entrepreneurial spirit and opportunities at every turn, there are no limits to where your FT career can take you.

Build a newsworthy career at the FT.

Our commitment to diversity, equity and inclusion

We believe in the power of unique perspectives and want all voices in our organisation to be heard, respected and valued. A supportive workplace is one where employees feel they can be themselves and operate to their full potential. We are committed to removing barriers for everyone, with a focus on addressing those faced by underrepresented groups.

As Director of Cyber Security, you will be at the forefront of safeguarding the Financial Times' digital landscape, leading critical functions in Cyber Consultancy & Engineering and Cyber Governance. Reporting directly to the Vice President of Cyber Security, you will help drive the strategic vision and operational excellence needed to fortify the FT’s cyber defences. This role is pivotal in enabling the organisation to innovate fearlessly and operate with confidence, ensuring resilience against an ever-evolving threat landscape. Your leadership will shape a secure future for the FT, empowering the business to thrive securely in the digital age.

Key Responsibilities

Cyber Consultancy & Engineering

• Secure Development: Collaborate with engineering and IT teams to embed security into systems and applications.
• Technical Expertise: Provide guidance on secure architecture, secrets management, and best practices.
• Threat Management: Lead all aspects of penetration testing, bug bounty programs, and vulnerability reporting to mitigate risks and align with regulations.
• Vendor Relationships: Manage partnerships with security vendors, ensuring value and support.

Cyber Governance

• Compliance and Risk: Ensure adherence to standards like Cyber Essentials, ISO 27001, and GDPR. Manage third-party risks, audits, and a comprehensive risk register.
• Policy and Governance: Develop and maintain policies, procedures, and a robust governance framework to address evolving threats.
• Strategic Oversight: Support incident response and provide advice to enhance the organisation's cyber readiness.

Leadership and Strategy

• Culture and Awareness: Foster a security-conscious culture through training and advocacy.
• Performance Tracking: Define important metrics to measure and communicate the success of security initiatives.
• Team Development: Lead, mentor, and retain a high-performing team of professionals.
• Strategic Alignment: Partner with the VP of Cyber Security to align strategies with business objectives and drive impactful change.

Required Skills and Experience

• Proven leadership experience in a senior cyber security role, ideally within a complex, global organisation.
• Deep expertise in one or more of the following areas: security consultancy, security engineering, vulnerability management or governance.
• Deep knowledge of modern DevSecOps practices.
• Experience in leading vulnerability management programs, including expertise in utilising tools and processes for vulnerability scanning, conducting penetration testing, and delivering actionable reporting to support an effective and comprehensive vulnerability management strategy.
• Excellent communication and stakeholder management skills, with the ability to convey complex technical issues to non-technical audiences.
• Hands-on experience collaborating with engineering and development teams to integrate security into CI/CD pipelines.
• Experience in applying and conforming to relevant regulations and standards such as Cyber Essentials, GDPR, ISO 27001, NIST Cybersecurity Framework.
• Strong analytical and problem-solving skills, with a determined and proactive approach.
• Knowledge of emerging security trends and threats relevant to the publishing and media industry.

Preferred Qualifications

• Degree in related subject or equivalent experience
• Professional certifications such as CISSP, CISM, or GIAC are highly desirable.
• Cloud security certifications such as AWS Certified Security Specialist

What’s in it for you? Our benefits

Our benefits vary by location, but we are committed to providing best-in-class perks across all our offices. These include generous annual leave, medical cover, inclusive parental leave packages, subsidised gym memberships and opportunities to give back to the community. Full details of our benefits are available here.

We’ve embraced a hybrid working model which is 50% of time in the office. We will support specific flexibility requests for all roles where feasible.

Accessibility

We are a disability confident employer and Valuable 500 signatory.

Please let us know if you require any reasonable adjustments/personalisation as part of the application process or to enable you to attend an interview. If you would like to discuss your requirements or have any questions, email talent@ft.com and a member of our team will be happy to help.

#LI-NF1