Head of Cyber Security Delivery

Job Description
Job Title Head of Cyber Security Delivery
Job Family Head of Cyber Security
Job Group Solutions
Job Band B
Days, Shifts and Hours

Days: Monday to Friday
Hours: 40 hours per week

Typically reports to Chief Information Security Officer
Role Purpose
The Head of Cyber Delivery is accountable for defining, mobilising and executing the
Cyber Security change portfolio in alignment with the organisation’s cyber strategy.
Operating within the Cyber Security Leadership Team and reporting directly to the CISO,
the role ensures that strategic cyber objectives are translated into structured, governed
and measurable programmes of delivery across a complex, highly regulated Critical
National Infrastructure (CNI) environment.
The role leads a team of Project Managers and provides functional oversight to
multidisciplinary technical delivery teams responsible for implementing secure technology
capabilities, resilience improvements and regulatory control enhancements across the
Heathrow cyber estate.
This position operates at the intersection of Cyber Security, Enterprise IT, Operational
Technology (OT), and Business Leadership, ensuring that cyber initiatives are aligned
with enterprise risk appetite, regulatory obligations, and operational resilience priorities.
Specific responsibilities include:-
 To translate the enterprise Cyber Security Strategy into an executable, prioritised
and governed delivery roadmap.
 To lead and mature cyber programme and project delivery disciplines across the
Cyber function.
 To ensure compliance with UK regulatory frameworks applicable to aviation and
Critical National Infrastructure.
 To strengthen Heathrow’s cyber resilience posture in the context of evolving threat
landscapes.
 To ensure cyber investment delivers measurable risk reduction and operational
value aligned to business objectives.

Principal Accountabilities
Strategic Leadership & Portfolio Governance

HEATHROW | JOB FAMILY FRAMEWORK

Job Description

Classification: Confidential

Classification: Confidential

 Define and maintain the Cyber Delivery Portfolio aligned to strategic objectives,
regulatory requirements and enterprise risk management frameworks.
 Establish and enforce programme governance structures, stage gates, reporting
cadence and financial oversight mechanisms.
 Partner with the CISO to prioritise investments based on threat intelligence, risk
exposure and regulatory commitments.
 Provide regular executive-level reporting to senior IT, business leadership and
Board-level forums.
Programme & Project Delivery
 Lead a team of Cyber Project Managers responsible for delivering a portfolio of
security transformation initiatives.
 Oversee large-scale change programmes spanning IT, OT and airport operational
environments.
 Ensure delivery methodologies are appropriate for a regulated CNI context (e.g.,
hybrid agile/waterfall, structured assurance checkpoints).
 Manage interdependencies across technology, operational and regulatory
workstreams.
 Ensure delivery outcomes are measurable in terms of risk reduction, control
maturity and compliance uplift.
Regulatory & Compliance Alignment
 Ensure cyber programmes support compliance with relevant regulatory regimes
including:
o UK aviation security frameworks
o CNI requirements
o Data protection legislation
o Relevant standards such as National Cyber Security Centre guidance and
ISO/IEC 27001

 Act as a senior liaison with regulators and external assurance bodies where
required.
Stakeholder & Relationship Management
 Build trusted relationships across:
o Cyber Security leadership
o CIO and senior IT leadership
o Operational airport leadership
o External partners and suppliers
o Regulatory authorities
 Provide strategic advisory input to business initiatives to ensure security is
embedded by design.
Capability & Team Leadership
 Develop and mature the Cyber Delivery function, embedding best practice
programme and portfolio management disciplines.
 Provide functional oversight to technical teams delivering cyber capabilities.
 Establish a performance culture focused on accountability, transparency and
continuous improvement.
 Mentor and develop Cyber Project Managers and delivery leads.

HEATHROW | JOB FAMILY FRAMEWORK

Job Description

Classification: Confidential

Classification: Confidential

Financial & Commercial Oversight
 Own cyber delivery budget tracking, forecasting and benefits realisation
management.
 Oversee supplier performance and contract delivery in conjunction with
Commercial and Procurement teams.

Qualifications and Experience
Experience (Essential)
 Minimum 5 years’ experience in a senior cyber, technology or security delivery
leadership role.
 Demonstrable experience leading large-scale transformation programmes in
complex, highly regulated environments.
 Experience operating within Critical National Infrastructure sectors (e.g., aviation,
transport, utilities, defence).
 Proven track record of delivering cyber security capabilities at enterprise scale.
 Experience engaging directly with executive stakeholders and regulators.
 Exposure to aviation sector environments and understanding of airport operational
systems.
Essential Skills
 Strong portfolio and programme governance expertise (e.g., MSP, PRINCE2,
SAFe or equivalent frameworks).
 Deep understanding of cyber risk management, threat landscapes and control
frameworks.
 Ability to align cyber investment to quantified risk reduction and business
outcomes.
 Executive-level communication and reporting capability.
 Advanced stakeholder management and influencing skills.
 Financial acumen including budget management and benefits realisation.
 Strong leadership capability across matrix and federated structures.
Desirable Skills
 Experience integrating IT and Operational Technology (OT) security programmes.
 Knowledge of aviation-specific regulatory environments.
 Familiarity with NIS Regulations and UK CNI oversight structures.
 Experience in crisis management or cyber incident recovery programmes.
 Exposure to cloud security transformation and identity modernisation initiatives.
Education & Professional Certifications
 Bachelor’s degree in Cyber Security, Information Security, Computer Science,
Engineering or related discipline (or equivalent professional experience).
 Relevant certifications such as:
o CISSP

HEATHROW | JOB FAMILY FRAMEWORK

Job Description

Classification: Confidential

Classification: Confidential

o CISM
o CRISC
o MSP / PRINCE2 Practitioner
o PgMP or equivalent senior programme qualification (desirable)

Personal Attributes
 Strategic thinker with strong execution discipline.
 Credible and authoritative leader within technical and business environments.
 High integrity and resilience under pressure.
 Collaborative, transparent and outcome-driven.
 Comfortable operating in a highly visible, mission-critical national infrastructure
setting.