Click here to revoke the Cookie consent

Head of Cloud Security

  • Sky
  • Osterley, Isleworth TW7, UK
  • 02/11/2023
Full time

Job Description

We believe in better. And we make it happen.

Better content. Better products. And better careers.

Working in Tech, Product or Data at Sky is about building the next and the new. From broadband to broadcast, streaming to mobile, SkyQ to Sky Glass, we never stand still. We optimise and innovate.

We turn big ideas into the products, content and services millions of people love.

And we do it all right here at Sky.

This role is an exciting opportunity to join us and lead the Sky Cloud Security team, who are a team of security professionals working hard to develop solutions to secure our public, private, and hybrid cloud computing environments working across AWS, Azure, and GCP as well as VMware and native Kubernetes technology stacks. This is a chance to establish a new function within the Sky Group CISO organisation working with cutting edge technologies in a fast-paced and highly entrepreneurial culture.

What you'll do

The Head of Cloud Security is responsible for leading and overseeing all aspects of cloud security within the organization. This includes designing and implementing security controls, managing a team of security professionals, monitoring cloud environments for threats, and ensuring compliance with industry regulations.

  • Provide guidance and support to junior members of the team, acting as a role model and providing thought-leadership in practice and application of security principles and solutions.
  • You will help educate our business on cybersecurity best practice for cloud computing and contribute to updates of relevant security standards to continuously improve our cyber security baselines.
  • Improve use of existing security solutions to ensure our business meets security baselines and implements the best practice easily and by default. Working with stakeholders across related disciplines you will lead efforts to integrate our cloud solutions and toolchain with Sky’s Cyber Security capabilities.
  • Cloud Security Strategy and Leadership:
  • Develop and communicate the organization's cloud security strategy and vision.
  • Lead and mentor a team of cloud security professionals.
  • Stay updated on emerging cloud security trends, threats, and best practices.
  • Security Architecture and Design:
  • Collaborate with cloud architects to ensure security is integrated into cloud architecture.
  • Design and implement security controls, including identity and access management, encryption, and network security.
  • Security Policies and Standards:
  • Review, update, and enforce cloud security policies, standards, and procedures.
  • Ensure alignment with industry standards, regulations, and best practices.
  • Cloud Security Operations:
  • Ensure monitoring of cloud environments for security incidents and vulnerabilities is integrated with our incident response.
  • Develop and maintain incident response and disaster recovery plans for cloud services.
  • Implement threat detection and prevention processes and run books.
  • Compliance and Risk Management:
  • Ensure cloud services comply with relevant regulations not only in the UK but across Sky’s territories in the EU (e.g., GDPR, Telecommunications, PCI).
  • Plan, managed, and deliver risk assessments and manage efficient mitigation strategies.
  • Prepare for and participate in security audits and assessments.
  • Vendor Security Assessment:
  • Assess and manage the security of third-party cloud service providers.
  • Evaluate vendor security practices and contracts.
  • Incident Response and Forensics:
  • Put in place efficient incident response processes for cloud security breaches. Take leadership on critical incidents to ensure continuity of our customer services.
  • Develop and manage thorough and effective post-incident analysis and remediation.
  • · Manage the budget for cloud security initiatives, tools, and resources.

What you'll bring

  • This is a senior role, and the successful candidate will be expected to provide technical and professional leadership across the discipline.
  • A deep knowledge and understanding of Cyber Security and its application to Cloud Computing.
  • You will have an excellent knowledge and first-hand experience of delivering and governing secure and compliant enterprise-wide cloud computing environments and business applications.
  • Experience of detecting, responding to, containing and learning from cyber security incidents impacting Cloud computing.
  • Experience of integrating and configuring Cloud environments with logging and monitoring solution such as AWS Guard duty, AWS Security hub, Azure MS Sentinel, Splunk
  • A demonstrable background in monitoring and managing cybersecurity compliance of infrastructure and services across one or more of AWS, Azure, and GCP.
  • Experience of managing and driving timely detection, mitigation and remediation of operating system and software vulnerabilities in cloud applications and infrastructure
  • Experience with vulnerability management tools such as AWS Inspector, Azure MS Defender, Veracode, Tenable, Qualys
  • Experience in implementing, configuring and managing solutions to defend Cloud environments from network based attacks using web application firewalls (WAFs), anti Denial of Service tools such as AWS/ Azure WAF, AWS Shield, Akamai, Cloudflare
  • Experience in oversight and auditing of Identity, Authentication, and Authorization systems across multiple cloud providers in a hybrid cloud environment. Managing continuous improvements in access control management.
  • Proven record of working with cloud technology teams to ensure compliance with cyber security standards and security baselines in applications using containerisation, VMs, as well as serverless functions.
  • Proven record in working in environments subject to regulatory compliance and/or part of the UK critical infrastructure and security standards like PCI, NIST800-53.
  • An ability to work independently toward achieving a common vision for Cloud Security at Sky and in establishing and maintaining relations with stakeholders up to C-level across multiple departments within an Enterprise environment.
  • Good written and verbal communication skills to liaise with stakeholders at varying levels of seniority across the business.
  • Invested in a culture to self-learn and grow additional skillsets.
  • · Be curious to learn and share learnings and knowledge with the wider team.

Team overview

Cyber Security

Our products, platforms and technologies are constantly evolving that’s why keeping Sky safe from cyber-attacks is one of our top priorities. Our Cyber Security team helps the business grow while protecting our customers, colleagues and partners from increasingly sophisticated cyber threats. Our team includes Cyber Fusion Centre, Security Services, Risk and Compliance, Programme Delivery and Business Security, and we work across the UK, Italy and Germany. Join us and you’ll get involved in tackling challenges and future threats in an ever-changing cyber landscape.

The rewards

There's one thing people can't stop talking about when it comes to #LifeAtSky: the perks. Here’s a taster:

  • Sky Q, for the TV you love all in one place
  • The magic of Sky Glass at an exclusive rate
  • A generous pension package
  • Private healthcare
  • Discounted mobile and broadband
  • A wide range of Sky VIP rewards and experiences

Inclusion & how you'll work

We are a Disability Confident Employer, and welcome and encourage applications from all candidates. We will look to ensure a fair and consistent experience for all, and will make reasonable adjustments to support you where appropriate. Please flag any adjustments you need to your recruiter as early as you can.

We’ve embraced hybrid working and split our time between unique office spaces and the convenience of working from home. You’ll find out more about what hybrid working looks like for your role later on in the recruitment process.

Your office space


Our Osterley Campus is a 10-minute walk from Syon Lane train station. Or you can hop on one of our free shuttle buses that run to and from Osterley, Gunnersbury, Ealing Broadway and South Ealing tube stations. There are also plenty of bike shelters and showers.

On campus, you’ll find 13 subsidised restaurants, cafes, and a Waitrose. You can keep in shape at our subsidised gym, catch the latest shows and movies at our cinema, get your car washed, and even get pampered at our beauty salon.

We'd love to hear from you

Inventive, forward-thinking minds come together to work in Tech, Product and Data at Sky. It’s a place where you can explore what if, how far, and what next.

But better doesn’t stop at what we do, it’s how we do it, too. We embrace each other’s differences. We support our community and contribute to a sustainable future for our business and the planet.

If you believe in better, we’ll back you all the way.

Just so you know: if your application is successful, we’ll ask you to complete a criminal record check. And depending on the role you have applied for and the nature of any convictions you may have, we might have to withdraw the offer.