Information Security & Data Governance Lead (UK)

Lead the Information Security & Data Governance function for a UK-based, senior individual contributor role. Develop and maintain information and cyber security policies, standards, and procedures aligned with ISO 27001, NIST CSF, and CIS Controls; conduct risk assessments across IT, OT, and cloud; drive incident response planning and secure-by-design principles. Establish and manage an enterprise data governance framework, including data classification, retention, protection standards, and data ownership across business units; ensure compliance with GDPR, UK Data Protection Act, and applicable US privacy laws. Oversee regulatory compliance across regions, internal/external audits, and risk registers; monitor regulatory changes and update policies accordingly. Design and deliver enterprise cybersecurity awareness programs, including phishing simulations; tailor training for corporate and OT environments. Act as SME on security, governance, and compliance; manage third-party/vendor risk programs and provide leadership insights to executive teams. Senior individual contributor role operating across multiple jurisdictions with no direct reports; energy/critical infrastructure exposure and OT awareness desirable.