Great People Work Here.
BizTX: Co-Creating WOW Through Digital Innovation
It’s an exciting time to be part of BizTX at Twinings Ovaltine. At the heart of this iconic brand, we’re on a mission to drive exponential growth and productivity through cutting-edge technology to transform the business globally.
We’re not here to simply provide IT services. We’re technology leaders and strategic partners, co-creating innovative solutions that help the business run, grow, and transform. Everything we do is guided by our commitment to ‘WOW’ our consumers, customers and colleagues. WOW experiences, WOW solutions, and WOW impact.
Our people think differently. We have an exponential mindset that helps us push boundaries and shape what’s next. The future at Twinings Ovaltine is full of possibility and we’d love you to be a part of it.
As a key member of the BizTX Senior Leadership Team, Lead cyber security and IT governance, risk and compliance (GRC) for TwiningsOvO. Own the business’s security posture and IT control environment and act as TwiningsOvO’s senior security point of contact into the ABF Group CISO function.
This is a build-and-embed leadership role. The goal is to make security and control proportionate, owned and integrated into how the business runs and how the transformation agenda is delivered - an enabler, not a blocker.
This is a divisional security leadership role. The ABF Group CISO owns Group security strategy, standards, architecture, threat intelligence, monitoring and major incident command. This role does not duplicate that.
- The Director adopts and operationalises Group security standards within TwiningsOvO, and owns local cyber risk and the IT control environment.
- The Director is TwiningsOvO’s senior point of contact into ABF Group Cyber Security and Group Internal Audit.
- The role is sized for a complex but single-division business delivered through standards, partnering and influence rather than a large standing team.
Leadership Team Membership
As a member of the BizTX Leadership Team, the Director contributes beyond cyber security — helping shape technology direction, risk management and business transformation priorities, and the overall resilience and success of BizTX.
In scope
- TwiningsOvO cyber risk posture and the cyber risk register.
- IT GRC: control framework, IT general controls (ITGCs), policy adoption and exceptions, control testing and continuous compliance.
- Audit readiness and remediation across IT and security.
- Security-by-design across BizTX delivery (S/4HANA RISE, AMS, AI, integrations, cloud and data).
- Identity, access and segregation-of-duties governance for critical platforms.
- Third-party, SaaS and AMS security and privacy risk assessment.
- Local coordination of security incidents and escalation to the Group.
- Security awareness and culture within the business.
Out of scope (owned by ABF Group CISO / others)
- Group security strategy, standards authorship and architecture direction.
- Group SOC, SIEM, threat intelligence and 24/7 monitoring.
- Group-wide / major incident command.
- Enterprise security tooling selection at the Group level.
Strategic & divisional leadership
- Lead cyber security and IT GRC for TwiningsOvO and set the local roadmap, priorities and investment case within ABF Group standards.
- Make security and control proportionate to a single-division business — through standards, partnering and influence, not a large standing team.
Cyber security & risk
- Own TwiningsOvO’s cyber risk posture; maintain a single, prioritised cyber risk register with named owners and tracked remediation.
- Give the GM and Leadership Team clear visibility of risk exposure and control effectiveness.
- Coordinate local response to security incidents, with rapid escalation to and alignment with the ABF Group security function.
- Drive vulnerability, patch and exposure management in line with Group expectations.
Governance, risk & compliance (IT GRC)
- Own the IT control environment, including ITGCs across SAP S/4HANA and other core applications.
- Operate IT GRC in BAU: governance forums, policy adoption and exceptions, control testing and continuous compliance against ABF and regulatory expectations.
- Lead audit readiness and remediation; act as single point of contact for Internal Audit and external auditors on IT and security, and close findings on time.
- Govern identity, access and segregation-of-duties controls for critical systems.
Security by design
- Embed proportionate security and control requirements into BizTX delivery standards and the project lifecycle.
- Provide security assurance across the transformation portfolio from initiation through to go-live.
- Advise programme and product teams so controls are designed in, not retrofitted — without slowing delivery.
- Set and govern security and privacy requirements for third parties, SaaS and AMS partners, and assess vendor risk before contracting.
ABF Group partnership
- Act as TwiningsOvO’s senior security point of contact into the ABF Group CISO function and Group Internal Audit.
- Adopt and operationalise Group security strategy, standards and architecture within TwiningsOvO — translate, don’t duplicate.
- Represent TwiningsOvO’s security and control interests in Group programmes and forums and escalate divisional risk into the centre.
Capability, culture & stakeholders
- Build a practical, security-aware culture through targeted, role-relevant education and leadership engagement.
- Establish lightweight ways of working, clear accountabilities and a partnering model.
- Act as a trusted advisor to the GM and Leadership Team, translating technical risk into simple, commercial, decision-ready terms.
Essential
- Significant leadership experience in cyber security and IT governance, risk and compliance.
- Proven track record embedding or maturing security and control capability in a complex organisation.
- Strong grasp of IT control environments, ITGCs, audit and risk frameworks, applied pragmatically rather than dogmatically.
- Credible with senior leadership; challenges honestly and translates technical risk into commercial, decision-ready terms.
- Comfortable owning local accountability while operating within Group governance — diplomatic with the centre, decisive locally.
Desirable
- Experience as a Head of Cyber Security, BISO, divisional / business security lead, or in a senior IT GRC leadership role.
- SAP / ERP, cloud (RISE), AI governance and major transformation experience.
- Familiarity with ISO 27001, NIST CSF and CIS Controls.
-
Yearly bonus based on personal contribution and financial performance
- Flexible working options
- 25 days holiday plus 8 bank holidays and the option to buy and sell holidays
- Onsite Gym and Wellbeing Centre
- Perkbox – employee discount scheme with discounts online, in high street stores, cinema, holidays, restaurants and many more
- Pension scheme with your contributions matched for up to 10% of your salary
- Cycle to work scheme
- SimplyHealth Cash plan
- Onsite Staff shop and online staff discounts
- Bupa Private Medical Insurance
- Competitive Car Allowance
- Electric Car Scheme
- Access to LinkedIn Learning
- Access to ABF Networking, connect, collaborate, and grow across the ABF Group.
Twinings has become one of the world’s most renowned tea companies over its 300-year history because we never stop learning, never stop experimenting and never stop inventing. We take pride in our tea from bud to cup and have been working with some of our tea estates around the world since the early 18th Century.
More than 300 years later, the love of tea is still here - and so are we! We still sell tea from Thomas’s shop, and we still work hard to bring the most innovative new blends to tea lovers around the world. Now, we have over 500 varieties and our teas are cherished all over the world. Our expert master blenders taste more than 3,000 cups of tea every week. So you can be sure the next cup you taste will be every bit as good as the one yesterday or the day before.
Our approach to Diversity, Equity & Inclusion
At TwiningsOvo, we believe in the power of diversity to drive innovation and meaningful work. We are committed to building a workplace where people from all backgrounds, identities, and experiences feel safe, valued, have a sense of belonging and are empowered to thrive. Inclusion is more than a goal, it’s how we work together every day. As an equal opportunity employer, we prohibit any unlawful discrimination against an applicant on the basis of their ethnicity, colour, religion, sex, gender, gender identity, gender expression, sexual orientation, national origin, family or parental status, disability, neurodiversity, age, socioeconomic background or any other status protected by law and are committed to promoting diversity across our workplace.
Applicants may be entitled to reasonable adjustments under the terms of the Equality Act. A reasonable adjustment is a change in the way things are typically done which will ensure an equal employment opportunity.
Please inform our Talent Acquisition or HR Shared Services team if you need any assistance completing your application or to otherwise participate in the application process.