Chief Information Security Officer

Salary: up to £100,000 depending on experience

Dynamic (hybrid) working: 2 to 3 days per week on-site, due to workload classification

Security Clearance: British Citizen (DV will be crucial for this role - either you already hold this at application stage or we will apply for DV at offer stage).

What we can offer you:

• Company Bonus: Bonus of up to 35.5% of base salary
• Pension: maximum total (employer and employee) contribution of up to 14%
• Private Medical Insurance
• Car Allowance: £510 per month allowance
• Flexible working: We welcome applicants who are looking for flexible working arrangements

The Role:

In recognition of the business risks and the expanding and evolving threat environment, the UK's Chief Information Security Officer (CISO) holds responsibility for the safeguarding and regulatory compliance of all information systems, assets, and data. This includes any managed service providers, ensuring adherence to both national and international security laws, regulations, and frameworks.

The CISO collaborates with the Head of Product Cyber Security to manage all Cyber and Information Security interactions with the Ministry of Defence (MOD) and the UK Intelligence Community, including agencies like the NCSC, as they relate to corporate capabilities. The CISO also oversees disaster recovery, incident management, and breach responses for cyber and information assets, coordinating with external agencies where necessary.

Serving as the principal Cyber and Information Security advisor, the CISO provides expertise and guidance to senior leadership, including the Group Head of Security and the Board of Directors.

What we are looking for:

• Extensive experience in Secure by Design, system accreditation/assurance, and the government encryption/protection approval processes.
• Proficient knowledge of ISO 27001, ISO 27701, Cyber Essentials Plus, and NIST/CMMC frameworks.
• Established networks with external entities, including the MOD, government bodies, and the UK Intelligence community.
• In-depth understanding of NCSC, HMG, and MOD policies regarding classified information systems.
• Expertise in international cybersecurity and Information Security implementation.
• Familiarity with HMG-approved IT security products and their applications.
• A solid understanding of IT network architectures, application security, firewall configurations, and OS hardening.
• Knowledge of business processes and emerging organizational priorities.
• Experience with enterprise information systems in a defence context, including associated mitigations, controls, risks, and governance frameworks.
• Strong communication skills with the ability to clearly explain security solutions to complex challenges and offer strategic advice to stakeholders at all levels.
• Relevant certifications such as CISSP, CISM, or GIAC.
• Experience managing Cyber Security and IT outsourcing contracts.
• Significant experience in the Cyber and Information Assurance Security industry, with a focus on MOD or UK Intelligence Community (UKIC) collaboration.
• Experience leveraging intelligence reporting to drive risk reduction within an organization.
• Experience working with or in the UK Intelligence Community and relevant MOD Cyber and Security functions.
• A Master's level postgraduate degree is desirable.
• Executive leadership and management experience.
• A broad, comprehensive background in security operations, protective security, and personnel security.
• Public speaking and engagement experience in large group settings.