Director of Cyber Security & Governance

Twinings Ovaltine · Remote

Great People Work Here.

BizTX: Co-Creating WOW Through Digital Innovation

It’s an exciting time to be part of BizTX at Twinings Ovaltine. At the heart of this iconic brand, we’re on a mission to drive exponential growth and productivity through cutting-edge technology to transform the business globally. 

We’re not here to simply provide IT services. We’re technology leaders and strategic partners, co-creating innovative solutions that help the business run, grow, and transform. Everything we do is guided by our commitment to ‘WOW’ our consumers, customers and colleagues. WOW experiences, WOW solutions, and WOW impact.

Our people think differently. We have an exponential mindset that helps us push boundaries and shape what’s next. The future at Twinings Ovaltine is full of possibility and we’d love you to be a part of it. 

As a key member of the BizTX Senior Leadership Team, Lead cyber security and IT governance, risk and compliance (GRC) for TwiningsOvO. Own the business’s security posture and IT control environment and act as TwiningsOvO’s senior security point of contact into the ABF Group CISO function. 

This is a build-and-embed leadership role. The goal is to make security and control proportionate, owned and integrated into how the business runs and how the transformation agenda is delivered - an enabler, not a blocker. 

This is a divisional security leadership role. The ABF Group CISO owns Group security strategy, standards, architecture, threat intelligence, monitoring and major incident command. This role does not duplicate that. 

  • The Director adopts and operationalises Group security standards within TwiningsOvO, and owns local cyber risk and the IT control environment. 
  • The Director is TwiningsOvO’s senior point of contact into ABF Group Cyber Security and Group Internal Audit. 
  • The role is sized for a complex but single-division business delivered through standards, partnering and influence rather than a large standing team. 

Leadership Team Membership 

As a member of the BizTX Leadership Team, the Director contributes beyond cyber security — helping shape technology direction, risk management and business transformation priorities, and the overall resilience and success of BizTX. 


In scope 

  • TwiningsOvO cyber risk posture and the cyber risk register. 
  • IT GRC: control framework, IT general controls (ITGCs), policy adoption and exceptions, control testing and continuous compliance. 
  • Audit readiness and remediation across IT and security. 
  • Security-by-design across BizTX delivery (S/4HANA RISE, AMS, AI, integrations, cloud and data). 
  • Identity, access and segregation-of-duties governance for critical platforms. 
  • Third-party, SaaS and AMS security and privacy risk assessment. 
  • Local coordination of security incidents and escalation to the Group. 
  • Security awareness and culture within the business. 

Out of scope (owned by ABF Group CISO / others) 

  • Group security strategy, standards authorship and architecture direction. 
  • Group SOC, SIEM, threat intelligence and 24/7 monitoring. 
  • Group-wide / major incident command. 
  • Enterprise security tooling selection at the Group level. 

Strategic & divisional leadership 
  • Lead cyber security and IT GRC for TwiningsOvO and set the local roadmap, priorities and investment case within ABF Group standards. 
  • Make security and control proportionate to a single-division business — through standards, partnering and influence, not a large standing team. 
Cyber security & risk 
  • Own TwiningsOvO’s cyber risk posture; maintain a single, prioritised cyber risk register with named owners and tracked remediation. 
  • Give the GM and Leadership Team clear visibility of risk exposure and control effectiveness. 
  • Coordinate local response to security incidents, with rapid escalation to and alignment with the ABF Group security function. 
  • Drive vulnerability, patch and exposure management in line with Group expectations. 
Governance, risk & compliance (IT GRC) 
  • Own the IT control environment, including ITGCs across SAP S/4HANA and other core applications. 
  • Operate IT GRC in BAU: governance forums, policy adoption and exceptions, control testing and continuous compliance against ABF and regulatory expectations. 
  • Lead audit readiness and remediation; act as single point of contact for Internal Audit and external auditors on IT and security, and close findings on time. 
  • Govern identity, access and segregation-of-duties controls for critical systems. 

Security by design 
  • Embed proportionate security and control requirements into BizTX delivery standards and the project lifecycle. 
  • Provide security assurance across the transformation portfolio from initiation through to go-live. 
  • Advise programme and product teams so controls are designed in, not retrofitted — without slowing delivery. 
  • Set and govern security and privacy requirements for third parties, SaaS and AMS partners, and assess vendor risk before contracting. 
ABF Group partnership 
  • Act as TwiningsOvO’s senior security point of contact into the ABF Group CISO function and Group Internal Audit. 
  • Adopt and operationalise Group security strategy, standards and architecture within TwiningsOvO — translate, don’t duplicate. 
  • Represent TwiningsOvO’s security and control interests in Group programmes and forums and escalate divisional risk into the centre. 
Capability, culture & stakeholders 
  • Build a practical, security-aware culture through targeted, role-relevant education and leadership engagement. 
  • Establish lightweight ways of working, clear accountabilities and a partnering model. 
  • Act as a trusted advisor to the GM and Leadership Team, translating technical risk into simple, commercial, decision-ready terms. 
Essential 

  • Significant leadership experience in cyber security and IT governance, risk and compliance. 
  • Proven track record embedding or maturing security and control capability in a complex organisation. 
  • Strong grasp of IT control environments, ITGCs, audit and risk frameworks, applied pragmatically rather than dogmatically. 
  • Credible with senior leadership; challenges honestly and translates technical risk into commercial, decision-ready terms. 
  • Comfortable owning local accountability while operating within Group governance — diplomatic with the centre, decisive locally.
Desirable 
  • Experience as a Head of Cyber Security, BISO, divisional / business security lead, or in a senior IT GRC leadership role. 
  • SAP / ERP, cloud (RISE), AI governance and major transformation experience. 
  • Familiarity with ISO 27001, NIST CSF and CIS Controls. 
  • Monthly phone bill maximum reimbursement limit is Rs.3000. 
  • Annual check-up for employee and spouse including Doctor consultation - reimbursement up to INR 15,000.
  • Medical Insurance 5 lakhs Flat Coverage. 
  • PF and Gratuity. 
  • Long Service Policy.
  • Life Term Policy
  • Monthly Broadband Bill Reimbursement - Rs.2000 or on actual whichever is lower
  • Access to LinkedIn Learning 
  • Access to ABF Networking, connect, collaborate, and grow across the ABF Group. 

Security pay context

Based on 1,629 disclosed Security salaries on RoleSuite, the role pays a median of $142K/year, with most offers between $114K and $180K (10th–90th percentile: $95K–$216K).

See the full Security salary breakdown →
Apply →

Other roles at Twinings Ovaltine

More Security roles