Head of Infrastructure and Cybersecurity

We’re Sky, Europe’s biggest entertainment brand. Think top-quality shows. Breaking news. Innovative tech. Must-have products. Careers here mean the freedom and support you need to make an impact – pushing boundaries, creating solutions, hitting targets. And as part of our close-knit team, you’ll enjoy plenty of benefits. Plus, experiences you’ll only find at Sky.

This role is an exciting opportunity to join us and lead the Sky Infrastructure Security team, who are a team of security professionals working hard to develop solutions to secure our infrastructure estate. Our Cyber security team helps the business grow while protecting our customers, colleagues, and partners from increasingly sophisticated cyber threats. Whilst primarily working within the UK Cyber Security teams you will be expected to work with our wider teams across the UK, Italy, Germany, and India. Join us and you’ll get involved in tackling challenges and future threats in an ever-changing cyber landscape.

The Head of Infrastructure Security is responsible for leading and overseeing all aspects of infrastructure security within the organization. This includes Vulnerability Management, Network Security and Endpoint Security (security toolset). The role also includes the designing and implementing security controls, managing a team of security professionals, monitoring the environments for threats, and ensuring compliance with industry regulations.

What you’ll get
Sky Q, a generous pension and private health care. Access to over 12,000 LinkedIn Learning courses to support your development. And if that’s not enough, our award-winning Osterley campus boasts six subsidised restaurants, a cinema, gym, and much more.

To find out more about working with us, search #LifeatSky on LinkedIn, Twitter or Instagram.

What you’ll do

• Provide guidance and support to junior members of the team, acting as a role model and providing thought-leadership in practice and application of security principles and solutions.

• You will help educate our business on cybersecurity best practice for infrastructure security and contribute to updates of relevant security standards to continuously improve our cyber security baselines.

• Review, develop and maintain internal standards and technical configuration and management baseline requirements.

• Establish a collaborative model with security teams across Sky’s geographic regions.

• Create and manage a working group of relevant IT teams, other business divisions to assess key infrastructure security risks, establish and communicate baseline cyber-security controls, plan and monitor implementation of controls and strategic initiatives accordingly.

• Improve use of existing security solutions to ensure our business meets security baselines and implements the best practice easily and by default. Working with stakeholders across related disciplines you will lead efforts to integrate our security solutions and toolchain with Sky’s Cyber Security capabilities.

• Infrastructure Security Strategy and Leadership:

o Develop and communicate the organization's infrastructure security strategy and vision.

o Lead and mentor a team of infrastructure security professionals.

o Stay updated on emerging security trends, threats, and best practices.

• Security Architecture and Design:

o Collaborate with security architects to ensure security is integrated into architecture.
o Design and implement security controls, including Endpoint Detection & Response (EDR), vulnerability management, systems hardening and network security.

• Security Policies and Standards:

o Review, update, and enforce infrastructure security policies, standards, and procedures.
o Ensure alignment with industry standards, regulations, and best practices.

• Infrastructure Security Operations:

o Oversee the day-to-day infrastructure operations in the areas of:
▪ Vulnerability management,
▪ Perimeter network security – WAF, firewalls, DNS security, email security,
▪ Internal network security – NAC, network intrusion detection, server protection
▪ Endpoint protection – Servers, workstations, mobile devices
o Ensure monitoring of infrastructure controls for security incidents and vulnerabilities are integrated with our incident response.
o Develop, maintain incident response and disaster recovery plans for infrastructure security services.
o Implement threat detection and prevention processes and run books.

• Compliance and Risk Management:

o Ensure infrastructure services comply with relevant regulations not only in the UK but across Sky’s territories in the EU (e.g., GDPR, Telecommunications, PCI).
o Plan, managed, and deliver risk assessments and manage efficient mitigation strategies.
o Prepare for and participate in security audits and assessments.

• Vendor Security Assessment:

o Assess and manage the security of third-party infrastructure service providers.
o Evaluate vendor security practices and contracts.

• Incident Response and Forensics:

o Take leadership on critical incidents to ensure continuity of our customer services.
o Develop and manage thorough and effective post-incident analysis and remediation.

• Manage the budget for Infrastructure security initiatives, tools, and resources.

What we look for

• This is a senior role, and the successful candidate will be expected to provide technical anD professional leadership across the discipline.

• A deep knowledge and understanding of Cyber Security and its application to Infrastructure Security.

• You will have an excellent knowledge and first-hand experience of delivering and governing secure and compliant enterprise-wide infrastructure environments and security controls across business applications.

• Experience of detecting, responding to, containing, and learning from cyber security incidents impacting infrastructure estate.

• You will have deep understanding of securing operating systems such as Linux, Windows, IOS

• Experience of integrating and configuring infrastructure security toolset with logging and monitoring solution such as WAF, firewalls, network intrusion, Network Access Controls, Cloud environments

• A demonstrable background in managing cybersecurity compliance of infrastructure and services.

• Experience of managing and driving timely detection, mitigation and remediation of operating system and software vulnerabilities in server, workstation, and network assets

• Experience with vulnerability management tools such as AWS Inspector, Azure MS Defender, Tenable, Qualys

• Experience in implementing, configuring, and managing solutions to defend perimeter from networks-based attacks using web application firewalls (WAFs), anti-Denial of Service tools such as AWS/ Azure WAF, AWS Shield, Akamai, Cloudflare

• Proven record of working with cloud technology teams to ensure compliance with cyber security standards and security baselines in applications using containerisation, VMs, as well as serverless functions.

• Proven record in working in environments subject to regulatory compliance and/or part of the UK critical infrastructure and security standards like PCI, NIST800-53.

• An ability to work independently toward achieving a common vision for Infrastructure Security at Sky and in establishing and maintaining relations with stakeholders up to C-level across multiple departments within an Enterprise environment.

• Professional security management certification, such as a Certified Information Systems Security

• Professional (CISSP), Certified Information Security Manager (CISM), or other strongly preferred.

• Good written and verbal communication skills to liaise with stakeholders at varying levels of seniority across the business.

• Invested in a culture to self-learn and grow additional skillsets.

• Be curious to learn and share learnings and knowledge with the wider team.

So, what are you waiting for? Apply now for a chance to forge your own career path and be brilliant as part of a bright, talented team.

Just so you know: if your application is successful, we’ll ask you to complete a criminal record check. And depending on the role you have applied for and the nature of any convictions, we might withdraw the offer.

We’re happy to discuss flexible working.

It’s our people that make Sky Europe’s leading entertainment company. That’s why we work hard to be an

inclusive employer, so everyone at Sky can be their best.

A job you love to talk about.