Security Ciso jobs

About the role

Reporting to the IT Director, you will lead Bestway’s cybersecurity function through a modern, 3-Layer Operating Model. Your primary focus is to govern our outsourced Managed Detection & Response (MDR/SOC) partners, own the internal GRC (Governance, Risk, and Compliance) framework, and ensure data protection standards are met. You will act as the strategic link between external security experts and our internal Architecture and Platform Engineering teams to ensure Bestway remains secure, compliant, and AI-ready.

About Bestway

Bestway Group is a diversified multinational family owned business with annualised turnover in excess of £4.5 billion. Starting off as a chain of retail convenience stores, the Group has grown to become a diversified multinational business with interests across the wholesale, pharmacy, real estate, cement and banking sectors. The Group is also the largest overseas investor in Pakistan.

Owned by the Pervez, Choudrey and Sheikh families, Bestway Group was founded in 1976 by Sir Anwar Pervez OBE H Pk, who remains Chairman. Serving over 12 million customers and employing over 28,000 individuals, the Group supports and serves communities through its operations across the UK, Pakistan and the Middle East

Key Responsibilities

• Act as the primary owner for our outsourced 24/7 SOC/MDR partners. Monitor their performance against SLAs, manage incident escalations, and ensure they are proactively hunting threats across our Azure and Snowflake environments.
• Own the implementation and operation of data security to discover, classify, and protect sensitive data across the group, supporting our broader AI roadmap.
• Maintain the Group Information Security Policy, Cyber Risk Register, and Risk Appetite statements.
• Lead internal and external security audits, ensuring UK GDPR compliance and managing regulatory reporting.
• Partner with the technology team to ensure that cybersecurity policies are translated into automated "Golden Path" guardrails.
• Translate complex security alerts into business-relevant risk stories for the IT Director and the Board.

Required Skills and Experience (Must-have)

• Proven experience managing high-performance external Managed Security Service Providers (MSSP) or MDR vendors
• Deep knowledge of ISO 27001, NIST, and UK GDPR. Experience maintaining a formal Enterprise Risk Register.
• Familiarity with DSPM (Data Security Posture Management) tools like Cyera or similar data discovery platforms.
• High-level understanding of Azure/AWS security controls, Identity protocols (OIDC/SAML), and MFA strategies (Entra ID).
• Experience coordinating response and recovery efforts between external forensic teams and internal IT functions.
• Ability to tell "risk stories" that align security investment to margin preservation and business continuity.

• Skilled at holding external partners accountable and driving value from service contracts.
• Focuses on material risk reduction rather than theoretical compliance.

Benefits:

• Competitive salary
• Pension
• 22 days annual leave plus the option to buy additional days
• Life Assurance
• Private Medical
• Onsite parking

We understand that no applicant ever ticks every box so please do consider applying should some or most of the above apply. Bestway Group is an equal opportunity employer and we value diversity and inclusion. We welcome people of different nationalities, backgrounds, experiences, abilities, and perspectives. We want strong, and diverse teams built from talented individuals with different backgrounds identities and experiences.

If this is of interest to you and you would like to learn more, please do get in touch, we are looking forward to hearing from you.