Director of Cyber Security

Job Summary The Director of Cybersecurity North America is responsible for maintaining and executing WHSmith North America’s cyber security strategy, leading a focused team to ensure operational rigor, compliance with regulations (including retail-specific compliance), and effective implementation of security controls to protect digital assets. They will act as the key liaison between the executive team and the operational staff. Board Reporting & Group Support • Provide regular updates and risk assessments to the North America Board, ensuring transparency and alignment with corporate governance. • Support the Group CISO in global security initiatives, acting as a regional extension of group-level strategy and execution. Strategic Leadership • Develop and maintain the North America cybersecurity roadmap aligned with global WHSmith security objectives. • Serve as a trusted advisor to senior leadership on emerging threats, regulatory changes, and risk posture. Business Engagement • Actively engage with key business sponsors across HR, Finance, Legal, and other functions to ensure security initiatives align with organizational priorities. • Communicate complex security concepts in business-friendly language to influence decision-making and secure buy-in. Governance & Compliance • Establish and enforce IT security policies, standards, and procedures in line with NIST, PCI DSS, and WHSmith governance frameworks. • Ensure adherence to WHSmith Information Security Governance Policy and Systems Security Policy. Operational Oversight • Lead incident response efforts for North America, ensuring timely detection, containment, and remediation of security events. • Oversee vulnerability management, threat intelligence, and monitoring activities in collaboration with the Global Security Operations Centre (GSOC). Risk Management • Identify and mitigate risks related to partial monitoring coverage and manual processes within the North American IT estate. • Drive continuous improvement initiatives to close security gaps and enhance maturity across NIST CSF domains. Team Leadership • Manage and mentor a regional security team, fostering professional development and succession planning. • Collaborate with global InfoSec peers to ensure consistent security posture across all WHSmith geographies Job Requirements • Bachelor of Science in Cybersecurity, information technology, or related • 5-8 years directly related experience, 3+ years’ Cybersecurity supervisory experience • Proven experience in IT security, risk management, and policy development. • Experience with configuring and integrating systems within enterprise IT environment. • Proven experience managing industry standard security stacks. • Excellent understanding of regulatory requirements and industry best practices. • Ability to collaborate effectively with all business verticals to align security initiatives with organizational goals. • Team Leadership and Collaboration: Strong leadership skills, including the ability to motivate and manage a diverse team, are essential. Apply tot his job