SalaryCompetitiveRole PurposeThe Head of Cyber Security & Privacy is accountable for implementing and maintaining information security across Nando's UKI's operations, protecting customers and Nandocas whilst enabling the business to operate securely. This role ensures security policies, standards and practices agreed with and set by the Group CISO are effectively embedded across restaurants, digital platforms, supply chain and support functions within the Nando's UKI.The role is a mixture of working with peers and the CISO to set standards and policies and assuring those in market. This individual is also the Data Protection Officer for Nando's UKI.Reporting & AccountabilityReports to: UKI Technology DirectorWorks closely with: Group CISO (for guidance, standards, and frameworks).Accountable for: UKI cyber security posture, compliance and assurance.Works closely with the UKI Chief Risk OfficerWorks closely with the Head of Product & Delivery- Technology Platforms.Key ResponsibilitiesSecurity Implementation & OperationsUnderstand Group security Architecture and Implement Group information security policies and standards across Nando's UKI. Understand how Group policies add to UKIs threat vectors and plan accordinglyManage day-to-day security operations including monitoring, threat detection and incident response.Coordinate with the Security Operations Centre on Nando's UKI-specific threats and incidents.Maintain the Nando's UKI cyber security risk register and elevate significant risks.Conduct security assessments of Nando's UKI systems, suppliers and processes.Act as approver for the Data Protection Impact Assessment process.Incident ResponseAct as Nando's UKI incident commander for cyber security incidentsCoordinate response with Group CISO for major incidentsDocument and report incidents following Group standardsImplement lessons learned and track remediation actionsNando's UKI Stakeholder EngagementBuild relationships with Nando's UKI leadership (Tech, People, Ops, Risk, Legal, Supply Chain)Ensure security is embedded in Nando's UKI initiatives, projects and training.Support the Nando's UKI CEO to understand and prioritise cyber securityTranslate technical security risks into business impact for Nando's UKI stakeholdersSecurity Culture & AwarenessDeliver security awareness training to Nando's UKI teams using Group materialsMake security engaging and relevant to restaurant teams and support office staffAct as the face of security in the Nando's UKI - visible, approachable and credibleCommunicate security in line with Nando's values and tone of voiceMaintain knowledge of the evolving threat landscape, relevant regulatory requirements, and industry standards applicable to Nando's (e.g. ISO 27001 and NIST)Keep abreast of emerging risks related to technology, data privacy, and cyber securityActively engage with reputable industry bodies, publications, and peer networks, and apply relevant insights to continuously assess whether the organisation's security posture, policies, and controls remain fit for purpose.Third-Party & Vendor ManagementAssess security risks of Nando's UKI-specific suppliers and vendorsWork with Procurement to ensure security requirements in supplier contractsMonitor ongoing compliance of third parties with security standardsEscalate significant third-party risks to Group CISOCompliance & AuditEnsure and demonstrate Nando's UKI compliance with Group security policies and relevant legislation (e.g. GDPR, local data protection laws)Coordinate Nando's UKI participation in security audits and assessmentsMaintain evidence and documentation for compliance reportingSupport Group CISO with regulatory reviews affecting the Nando's UKIArchitecture & ProjectsReview and approve security requirements for Nando's UKI technology initiativesEnsure secure configuration of Nando's UKI systems and infrastructureWork with Group CISO to implement identity and access management standardsSupport secure deployment of the Global Nando's Platform in the Nando's UKIData SecurityImplement data classification and data lifecycle management practicesEnsure sensitive data is appropriately protected across the Nando's UKIMonitor and report on data security metricsInvestigate and remediate data security incidentsSkills & QualificationsEssential5+ years experience in information security, with at least 2 years in a leadership roleStrong practical knowledge of security operations, incident response and risk managementExperience implementing security frameworks (NIST CSF, ISO 27001 or similar)Ability to influence stakeholders without direct authorityExcellent communication skills - can explain technical risks to non-technical audiencesUnderstanding of GDPR and data protection principlesExperience working in multi-site or retail/hospitality environmentsDesirableRelevant certifications (CISSP, CISM, Security+, CEH or similar)Experience with cloud security (AWS, Azure, GCP)Up to date knowledge of security tools (SIEM, EDR, vulnerability management)Understanding of secure development practicesExperience in a franchised or multi-site organisationWhat Success Looks LikeYear 1Nando's UKI leadership understands and actively supports security prioritiesClean audit outcomes against Group security standardsSecurity embedded in all major Nando's UKI projects and initiativesEffective incident response demonstrated through exercises and/or real incidentsHigh engagement rates with security awareness programmesOngoingNando's UKI consistently meets Group security metrics and KPIsStrong working relationship with Group CISO and other Nando's UKI Heads of SecurityProactive identification and mitigation of Nando's UKI-specific risksSecurity seen as an enabler rather than a blockerPositive feedback from Nando's UKI stakeholders on security support and guidance#LI-DNI #J-18808-Ljbffr