Head of Cloud Security
We believe in better. And we make it happen.
Better content. Better products. And better careers.
Working in Tech, Product or Data at Sky is about building the next and the new. From broadband to broadcast, streaming to mobile, SkyQ to Sky Glass, we never stand still. We optimise and innovate.
We turn big ideas into the products, content and services millions of people love.
And we do it all right here at Sky.
This role is an exciting opportunity to join us and lead the Sky Cloud Security team, who are a team of security professionals working hard to develop solutions to secure our public, private, and hybrid cloud computing environments working across AWS, Azure, and GCP as well as VMware and native Kubernetes technology stacks. This is a chance to establish a new function within the Sky Group CISO organisation working with cutting edge technologies in a fast-paced and highly entrepreneurial culture.
What you'll do
The Head of Cloud Security is responsible for leading and overseeing all aspects of cloud security within the organization. This includes designing and implementing security controls, managing a team of security professionals, monitoring cloud environments for threats, and ensuring compliance with industry regulations.
- Provide guidance and support to junior members of the team, acting as a role model and providing thought-leadership in practice and application of security principles and solutions.
- You will help educate our business on cybersecurity best practice for cloud computing and contribute to updates of relevant security standards to continuously improve our cyber security baselines.
- Improve use of existing security solutions to ensure our business meets security baselines and implements the best practice easily and by default. Working with stakeholders across related disciplines you will lead efforts to integrate our cloud solutions and toolchain with Sky’s Cyber Security capabilities.
- Cloud Security Strategy and Leadership:
- Develop and communicate the organization's cloud security strategy and vision.
- Lead and mentor a team of cloud security professionals.
- Stay updated on emerging cloud security trends, threats, and best practices.
- Security Architecture and Design:
- Collaborate with cloud architects to ensure security is integrated into cloud architecture.
- Design and implement security controls, including identity and access management, encryption, and network security.
- Security Policies and Standards:
- Review, update, and enforce cloud security policies, standards, and procedures.
- Ensure alignment with industry standards, regulations, and best practices.
- Cloud Security Operations:
- Ensure monitoring of cloud environments for security incidents and vulnerabilities is integrated with our incident response.
- Develop and maintain incident response and disaster recovery plans for cloud services.
- Implement threat detection and prevention processes and run books.
- Compliance and Risk Management:
- Ensure cloud services comply with relevant regulations not only in the UK but across Sky’s territories in the EU (e.g., GDPR, Telecommunications, PCI).
- Plan, managed, and deliver risk assessments and manage efficient mitigation strategies.
- Prepare for and participate in security audits and assessments.
- Vendor Security Assessment:
- Assess and manage the security of third-party cloud service providers.
- Evaluate vendor security practices and contracts.
- Incident Response and Forensics:
- Put in place efficient incident response processes for cloud security breaches. Take leadership on critical incidents to ensure continuity of our customer services.
- Develop and manage thorough and effective post-incident analysis and remediation.
- · Manage the budget for cloud security initiatives, tools, and resources.
What you'll bring
- This is a senior role, and the successful candidate will be expected to provide technical and professional leadership across the discipline.
- A deep knowledge and understanding of Cyber Security and its application to Cloud Computing.
- You will have an excellent knowledge and first-hand experience of delivering and governing secure and compliant enterprise-wide cloud computing environments and business applications.
- Experience of detecting, responding to, containing and learning from cyber security incidents impacting Cloud computing.
- Experience of integrating and configuring Cloud environments with logging and monitoring solution such as AWS Guard duty, AWS Security hub, Azure MS Sentinel, Splunk
- A demonstrable background in monitoring and managing cybersecurity compliance of infrastructure and services across one or more of AWS, Azure, and GCP.
- Experience of managing and driving timely detection, mitigation and remediation of operating system and software vulnerabilities in cloud applications and infrastructure
- Experience with vulnerability management tools such as AWS Inspector, Azure MS Defender, Veracode, Tenable, Qualys
- Experience in implementing, configuring and managing solutions to defend Cloud environments from network based attacks using web application firewalls (WAFs), anti Denial of Service tools such as AWS/ Azure WAF, AWS Shield, Akamai, Cloudflare
- Experience in oversight and auditing of Identity, Authentication, and Authorization systems across multiple cloud providers in a hybrid cloud environment. Managing continuous improvements in access control management.
- Proven record of working with cloud technology teams to ensure compliance with cyber security standards and security baselines in applications using containerisation, VMs, as well as serverless functions.
- Proven record in working in environments subject to regulatory compliance and/or part of the UK critical infrastructure and security standards like PCI, NIST800-53.
- An ability to work independently toward achieving a common vision for Cloud Security at Sky and in establishing and maintaining relations with stakeholders up to C-level across multiple departments within an Enterprise environment.
- Good written and verbal communication skills to liaise with stakeholders at varying levels of seniority across the business.
- Invested in a culture to self-learn and grow additional skillsets.
- · Be curious to learn and share learnings and knowledge with the wider team.
Our products, platforms and technologies are constantly evolving that’s why keeping Sky safe from cyber-attacks is one of our top priorities. Our Cyber Security team helps the business grow while protecting our customers, colleagues and partners from increasingly sophisticated cyber threats. Our team includes Cyber Fusion Centre, Security Services, Risk and Compliance, Programme Delivery and Business Security, and we work across the UK, Italy and Germany. Join us and you’ll get involved in tackling challenges and future threats in an ever-changing cyber landscape.
There's one thing people can't stop talking about when it comes to #LifeAtSky: the perks. Here’s a taster:
- Sky Q, for the TV you love all in one place
- The magic of Sky Glass at an exclusive rate
- A generous pension package
- Private healthcare
- Discounted mobile and broadband
- A wide range of Sky VIP rewards and experiences
Inclusion & how you'll work
We are a Disability Confident Employer, and welcome and encourage applications from all candidates. We will look to ensure a fair and consistent experience for all, and will make reasonable adjustments to support you where appropriate. Please flag any adjustments you need to your recruiter as early as you can.
We’ve embraced hybrid working and split our time between unique office spaces and the convenience of working from home. You’ll find out more about what hybrid working looks like for your role later on in the recruitment process.
Your office space
Our Osterley Campus is a 10-minute walk from Syon Lane train station. Or you can hop on one of our free shuttle buses that run to and from Osterley, Gunnersbury, Ealing Broadway and South Ealing tube stations. There are also plenty of bike shelters and showers.
On campus, you’ll find 13 subsidised restaurants, cafes, and a Waitrose. You can keep in shape at our subsidised gym, catch the latest shows and movies at our cinema, get your car washed, and even get pampered at our beauty salon.
We'd love to hear from you
Inventive, forward-thinking minds come together to work in Tech, Product and Data at Sky. It’s a place where you can explore what if, how far, and what next.
But better doesn’t stop at what we do, it’s how we do it, too. We embrace each other’s differences. We support our community and contribute to a sustainable future for our business and the planet.
If you believe in better, we’ll back you all the way.
Just so you know: if your application is successful, we’ll ask you to complete a criminal record check. And depending on the role you have applied for and the nature of any convictions you may have, we might have to withdraw the offer.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits AWS Azure C Cloud Cloudflare Compliance Encryption Firewalls Forensics GCP GDPR IAM Incident response Kubernetes Monitoring Network security Qualys Risk assessment Risk management Security assessment Security strategy Splunk Strategy Threat detection Veracode VMware Vulnerabilities Vulnerability management
More jobs like this
Remote - United Kingdom Remote - United Kingdom Full TimeExecutive Executive-levelUSD 45K - 85K * USD 45K+ *
Director Analyst, Cryptography and Encryption - Remote UK, IrelandAES Blockchain C Certificate management Cloud Compliance +13
Career development Competitive pay Conferences Health care Insurance +5
London, United Kingdom London, United Kingdom Full TimeExecutive Executive-levelUSD 87K - 120K * USD 87K+ *
Palo Alto Networks
Chief Security Officer (CSO), UK&IC Cloud Computer Science ISO 27001 Network security NIST +4
Career development Conferences Medical leave Startup environment Team events
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open o365 Security Architect jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Product Security Engineer jobs
- Open Security Researcher jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open CISM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open EDR-related jobs