Director of Cyber Security

Job Summary

The Director of Cybersecurity North America is responsible for maintaining and executing WHSmith North America’s cyber security strategy, leading a focused team to ensure operational rigor, compliance with regulations (including retail-specific compliance), and effective implementation of security controls to protect digital assets. They will act as the key liaison between the executive team and the operational staff.

Board Reporting & Group Support

• Provide regular updates and risk assessments to the North America Board, ensuring transparency and alignment with corporate governance.

• Support the Group CISO in global security initiatives, acting as a regional extension of group-level strategy and execution.

Strategic Leadership

• Develop and maintain the North America cybersecurity roadmap aligned with global WHSmith security objectives.

• Serve as a trusted advisor to senior leadership on emerging threats, regulatory changes, and risk posture.

Business Engagement

• Actively engage with key business sponsors across HR, Finance, Legal, and other functions to ensure security initiatives align with organizational priorities.

• Communicate complex security concepts in business-friendly language to influence decision-making and secure buy-in.

Governance & Compliance

• Establish and enforce IT security policies, standards, and procedures in line with NIST, PCI DSS, and WHSmith governance frameworks.

• Ensure adherence to WHSmith Information Security Governance Policy and Systems Security Policy.

Operational Oversight

• Lead incident response efforts for North America, ensuring timely detection, containment, and remediation of security events.

• Oversee vulnerability management, threat intelligence, and monitoring activities in collaboration with the Global Security Operations Centre (GSOC).

Risk Management

• Identify and mitigate risks related to partial monitoring coverage and manual processes within the North American IT estate.

• Drive continuous improvement initiatives to close security gaps and enhance maturity across NIST CSF domains.

Team Leadership

• Manage and mentor a regional security team, fostering professional development and succession planning.

• Collaborate with global InfoSec peers to ensure consistent security posture across all WHSmith geographies

Job Requirements

• Bachelor of Science in Cybersecurity, information technology, or related
• 5-8 years directly related experience, 3 years’ Cybersecurity supervisory experience
• Proven experience in IT security, risk management, and policy development.
• Experience with configuring and integrating systems within enterprise IT environment.
• Proven experience managing industry standard security stacks.
• Excellent understanding of regulatory requirements and industry best practices.
• Ability to collaborate effectively with all business verticals to align security initiatives with organizational goals.
• Team Leadership and Collaboration: Strong leadership skills, including the ability to motivate and manage a diverse team, are essential.