Head of cyber security job description.
Hiring a head of cyber security or advancing into a senior security leadership role? This job description outlines responsibilities in strategy development, team leadership, board-level reporting, and policy ownership. It also details expected skills and what salary this role commands.
What does a head of cyber security do?
The head of cyber security is responsible for setting and executing the company’s cyber strategy, overseeing all aspects of security operations, compliance, risk management, and architecture. They report into senior leadership and shape how the business anticipates, prepares for, and responds to cyber threats.
They manage multiple teams (engineering, GRC, incident response), build strategic roadmaps, lead security audits, and liaise with regulators. Their work includes defining policy, selecting technologies, managing vendor relationships, and aligning the security function with commercial objectives.
In scaling businesses, they may establish foundational practices. In larger organisations, they lead mature teams, set global policies, and ensure the company meets complex compliance standards while staying agile and resilient against ever-changing threats.
Key responsibilities of a head of cyber security.
The head of cyber security defines and leads the organisation’s cyber defence strategy. Typical responsibilities include:
-
Setting cyber security vision, policies, and risk frameworks
-
Managing teams responsible for security operations, engineering, and governance
-
Overseeing incident response, threat detection, and vulnerability management
-
Reporting on security risks to executive leadership and board members
-
Aligning cyber programmes with business continuity and regulatory goals
-
Leading risk assessments, security audits, and compliance reviews
-
Managing vendor relationships and security tooling selection
-
Driving organisation-wide security awareness and training
-
Coordinating with CIO, CISO, and legal on high-risk decisions
-
Representing security during mergers, acquisitions, or system migrations
This role blends strategic oversight with leadership across operations, policy, and risk.
Skills and requirements for a head of cyber security.
Heads of cyber security lead strategic planning, security operations, and compliance. Employers typically look for:
-
8–12 years of cyber security or IT leadership experience
-
Proven success leading defensive operations at scale
-
Deep knowledge of risk, governance, compliance, and architecture
-
Experience building or scaling cyber security teams and functions
-
Skilled in reporting to boards or executive leadership
-
Familiarity with cloud security, endpoint protection, and network security
-
Ability to define KPIs, tooling strategy, and incident protocols
-
Strong vendor management and budgeting capabilities
-
Confidence handling breaches, audits, and continuity scenarios
Most heads of cyber security are key technical leaders embedding security culture.
Average salary for a head of cyber security
In the UK, the average salary for a head of cyber security typically ranges from £85,000 to £120,000, based on leadership scope, regulatory alignment, and infrastructure complexity.
-
Mid-level heads of cyber typically earn between £85,000 and £100,000
-
Senior heads with global security mandates or board-level input may earn between £101,000 and £120,000
-
Packages often include strategic KPIs, risk reduction goals, and team performance metrics
London and remote-first security operations offer the strongest pay, especially in regulated sectors.
Career progression for a head of cyber security.
A head of cyber security leads the protection of business systems, ensuring security architecture, policy, and operations are aligned with regulatory and risk requirements. This role sits just below executive leadership and often reports to the board. A common path includes:
Security analyst / Engineer
Executes on day-to-day security operations and monitoring.
Cyber security manager
Leads teams, builds policy frameworks, and oversees remediation strategies.
Head of cyber security
Owns the organisation's entire cyber strategy. Manages tools, team, partners, and board-level risk reporting.
Chief information security officer (CISO)
Transitions into an executive position responsible for cyber strategy across global or enterprise operations.
salary guide
Our UK IT salary guide.
Heads of cyber security own strategy, policy, and security architecture across the business. Compensation should reflect accountability and board-level reporting.
Use our UK IT salary guide to benchmark senior security roles, compare with 2024 trends, and support hiring through 2026.
FAQS
Head of cyber security FAQs.
They oversee the full security function — including incident response, engineering, awareness, and risk governance. It’s a pivotal leadership role that balances technical credibility with cross-functional influence, especially in businesses where data security underpins commercial value.
While security managers may run the day-to-day, the head of cyber security sets the roadmap. They decide which tools to invest in, how teams are structured, and how risk is reported to the board. The role is broader and more strategic — often with budget ownership and hiring authority.
Businesses with regulatory exposure (PCI, ISO 27001, GDPR), operational complexity (multi-site, global), or recent breaches. These include financial firms, law practices, SaaS providers, and government contractors.
A leader who can shape culture as well as tooling. Someone who’s equally comfortable running tabletop simulations, presenting risk matrices to the board, and guiding analysts through incident escalation. They must be visible, decisive, and technically credible.
Most go on to become CISOs — particularly if they’ve gained experience in stakeholder reporting and crisis leadership. Others move into security consulting, government cyber advisory, or global roles at enterprise scale.
