JOB FUNCTION: This position is responsible for leading the strategic and operational direction of Chelsea FC’s Information and Cyber Security, reporting into to the Director of Technology.
This role is both strategic and operational: it defines the security vision, embeds governance, and drives risk reduction across the Club’s football and commercial operations, while also providing leadership in day-to-day cyber defence.
The postholder will influence senior leadership, ensure compliance with key regulations, and work with internal teams and external partners to build a resilient, future-ready security posture that enables innovation on and off the pitch.
MAIN RESPONSIBILITIES:
Strategic Leadership and Governance:
- Define and evolve Chelsea FC’s cybersecurity strategy aligned with Club objectives and industry best practice.
- Lead the development and enforcement of information security policies, standards, and frameworks.
- Drive the Information Security Risk Management programme, reporting on key risks, mitigation, and maturity progress.
- Provide strategic security insights to the Information Security Steering Committee, Director of Technology, COO, CDO, CFO, CEO, etc. - as required.
- Act as subject matter expert and advisor to executives and other business stakeholders on cyber risk, emerging threats, and technology opportunities.
Risk and Compliance
- Ensure compliance with all applicable standards and regulations, including PCI DSS, GDPR, and Premier League cybersecurity requirements.
- Oversee periodic independent security maturity assessments and ensure remediation plans are executed.
- Maintain the risk register in collaboration with IT, Risk & Compliance, and business stakeholders.
- Embed security considerations into procurement, contract negotiations, and third-party vendor management.
Security Operations
- Provide senior oversight for security operations, ensuring effective monitoring, detection, and response.
- Govern the SOC provider, ensuring SLAs and threat detection capabilities meet the Club’s requirements.
- Lead response to significant security incidents, engaging with senior leadership, regulators, law enforcement, and insurers.
- Ensure a robust vulnerability management and penetration testing programme is in place and actioned.
- Oversee endpoint, email, and identity security across the Club’s workforce and infrastructure.
Secure Technology and Development
- Champion secure design and “security by default” across infrastructure and applications.
- Oversee identity and access management, including MFA, privileged access, and zero trust principles.
- Lead the adoption of SSDLC/DevSecOps practices across the Club’s development workflows.
- Partner with Infrastructure and Cloud teams to ensure Azure, GCP, Microsoft 365 and AWS environments are governed and secure.
Culture, Awareness and Training
- Develop and deliver the Club’s security awareness programme, including phishing simulations, campaigns, and training.
- Provide security briefings and horizon-scanning reports for senior leaders.
- Ensure new employees receive induction training in information security.
- Promote a culture of shared responsibility for security across all functions.
Programme and Change Leadership
- Act as security lead on major transformation projects (e.g., CCTV infrastructure upgrade, authentication improvements, data warehouse programmes).
- Embed security into the Technology change management process, ensuring early engagement and risk identification.
- Evaluate and approve new third-party tools and SaaS platforms from a security perspective.
KEY RELATIONSHIPS:
- Internal: Director of Technology, Risk & Compliance, Legal, HR, Technology Infrastructure, Service Desk, Facilities, Football Operations, Marketing & Commercial teams, Physical Security, Matchday Safety, etc.
- External: SOC, Microsoft, Security Vendors, cyber insurers, regulators, and law enforcement (NCSC, Action Fraud), Payment Service Providers, Credit Card Schemes, Cyber Insurer, Premier League.
MEASURES OF PERFORMANCE:
- Effective management of IT security risks and incidents.
- Compliance with organisational and regulatory standards.
- Reporting on security.
- Operational efficiency and cost management in line with budgetary goals.
- Successful alignment of security strategy with organisational outcomes.
EXPERIENCE/REQUIREMENTS:
Essential:
- Significant experience in an information security leadership role (e.g. Security Manager) within a complex, high-profile organisation.
- Strong knowledge of: Cloud security (Azure, GCP, Microsoft 365).
- Security operations (EDR, SIEM, SOC workflows).
- Governance and regulatory frameworks (PCI DSS, GDPR, ISO 27001 desirable).
- Demonstrable experience of leading incident response, risk management, and vulnerability management programmes.
- Track record of influencing senior stakeholders and presenting at executive/Board level.
- Proven ability to manage third-party vendors and contracts.
Desirable:
- Information security management qualifications (e.g., CISSP, CISM).
- Knowledge of Enterprise Architecture methodologies (e.g., TOGAF).
- Familiarity with ITIL Service Management practices.
End Date: 1st April
Gmail
Yahoomail