Chief Information Security Officer

Job summary

The Chief Information Security Officer will create an environment and culture that ensures security of information and technology for ICS and DSIT and DESNZ, our partner departments. You will enable the organisations to achieve their objectives and drive innovation in services and leverage new technologies in a safe and secure way. The chief information security officer role is part of both the Government Digital and Data profession and the Government Security profession.

The Chief Information Security Officer role sits within the ICS Security team within the ICS Operations directorate. ICS Security delivers security assurance across Cyber and Protective Security domains to both DESNZ and DSIT with a lighter governance approach across their partner organisations.

This critical leadership role requires a strategic leader, national security thinker, and cyber specialist who blends deep technical acumen, risk management, and interorganisational influence to protect public data and services from cyber threats, aligning with national security objectives and values whilst enabling all our organisations to achieve their objectives and deliver services innovatively and leveraging new technologies, in a safe and secure way.

If you are able to apply your deep technical knowledge and experience in a dynamic environment, at the sharp end of government technology, that supports departments to deliver their outcomes, then this is the role for you.

Reporting to the Deputy Director for Security and Resilience, as a key member of the ICS Operations Directorate Senior Leadership Team, you will manage a team of specialist cyber and information security technologists to ensure there are strategies and plans in place which support innovation and ensure departmental systems are resilient to cyber-attack. You will work closely with the ICS Digital delivery team to deliver continuous improvements to our ability to detect and defend against the most capable threat actors. You will work seamlessly with the wider ICS Security team to ensure all dimensions of security are aligned and ensure the best outcomes across all our organisations are achieved.

In the role you will also serve as the lead for ICS and its customers on cyber incidents - often at pace – including within significant cross government activities, contributing your expertise and supporting your peers.

Job description

In this role you will:

• Determine how to get to the level of information and cyber security maturity ICS and DESNZ/DSIT needs and create a strategy for information and cyber security that supports the ICS and DESNZ/DSIT strategy (including shared services) and wider government security and cyber strategies.
• Lead the ICS and DESNZ/DSIT in implementing the information and cyber security strategy.
• Evaluate the current status and maturity of information and cyber security in ICS and DESNZ/DSIT.
• Understand cyber and information risks across ICS and DESNZ/DSIT and advise the boards and other leaders on how to mitigate risks in their areas and in future plans.
• Enable ICS, DESNZ and DSIT to be innovative in a safe and secure way.
• Ensure ICS, DESNZ and DSIT are prepared for cyber attacks and can detect, respond to and recover from an attack.
• Ensure that information and cyber security aspects of crisis management are effective.
• Encourage a culture of cyber security awareness and good security practices.
• Implement practices to increase the maturity of information and cyber security.

Person specification

Essential Criteria

• You must have a strong track record in leading cyber security within a large complex organisation.
• You must demonstrate experience of collaborative leadership and stakeholder management, with the ability to articulate cyber risk clearly to senior leaders and meet the following cyber experience, all as detailed in the Government Digital Data Profession Capability Framework:

Desirable Criteria

• Professional certifications such as CISSP, CCSP, CRISC, CCISO.
• Experience of working within/with government departments, agencies, or regulated sectors.
• A track record of leveraging new technologies (e.g. cloud, AI, zero trust) securely.
• A degree in cyber security, information security, computer science, or a related discipline.