Cyber Security Operations Lead

Full time / Flexible Working

Salary: £42,593pa-£48,245pa, with potential for further progression to £54,317pa with our pay progression scheme.

Location: Hybrid

Contracted to our Wilmslow, London, Edinburgh, Cardiff or Belfast office, however, we offer flexible home and office-based working opportunities. There will be times when you will be expected to attend the office to collaborate with colleagues or travel due to business need. Please note, from Autumn 2026 our head office will relocate from Wilmslow to Manchester city centre.

• Pay progression scheme.
• Hybrid and flexible working options.
• 25 days paid holiday per year, plus privilege and public holidays.
• Flexi leave (up to 26 additional days leave per year).
• Pension (employer contribution around 28.9%).
• Online discount scheme to save money at major supermarkets, retailers, gyms, restaurants, insurance providers and many more.
• Health Cash Plan.
• Fantastic development opportunities to learn and progress.

Further details can be found on the benefits section of our website.

The Information Commissioner\'s Office is the UK regulator for information rights, and our purpose is to empower you through information. As an employer, we are enthusiastic about making a positive difference to the lives and careers of our people, and we empower you to be curious, collaborative, impactful, and inclusive.

We are looking for an experienced Cyber Security Operations Lead with great leadership and technical skills to work in a high profile and dynamic environment. You will play a key role in protecting our data and systems, which is essential to enable and support our organisation in successfully achieving its objectives.

As part of a growing Cyber Security team, you will provide subject matter expertise on cyber security risks and opportunities and use your skills and experience to manage and respond to threats and vulnerabilities.

Reporting to the Cyber Security Operations Manager, and leading a small team of cyber security practitioners, you will collaborate closely with colleagues across our Digital, Data and Technology department, as well as relevant authorities, and support partners, to drive and deliver effective cyber security.

• Monitoring of system and network activity to identify unauthorised actions by users or potential intrusion by an attacker.
• Preparation for, handling of, and following up of cyber security incidents, to minimise the damage to our organisation and prevent recurrence.
• Management of the configuration of protected systems to ensure that any vulnerabilities are understood and managed.
• Assessment, validation and reporting of information on current and potential cyber threats to maintain the organisation's situational awareness.
• Management of cyber security risks in line with business objectives and regulatory requirements.
• Management of cyber security education and awareness programme.
• Management of cyber security performance measures.

Essential criteria assessed at application stage:

• Experience relevant to the role requirements, as described in the role responsibilities and person specification, and accumulated through any combination of academic or vocational qualifications or experience.
• Minimum of two years' experience in a similar role.
• Working experience of security operations and incident management.
• Working experience of risk management and mitigation.
• Working experience of developing and delivering security education and awareness programmes.

Essential criteria assessed during interview:

• Knowledge of security operations and incident management, including configuration, operation, and maintenance of secure systems, detection and response to incidents, and collection and use of threat intelligence.
• Knowledge of security management systems and organisational security controls, including standards, best practices, and approaches to risk assessment and mitigation.
• Knowledge of human factors, including usable security, social and behavioural factors impacting security, security culture and awareness, as well as the impact of security controls on user behaviours.
• Good time management skills, and an ability to remain calm under pressure and manage complex workloads.
• Effective communication and interpersonal skills with people at all levels, and an ability to influence change at an organisational level.
• Self-motivated and dynamic with the ability to identify issues and own remediations.

The ICO is committed to promoting and enhancing equality, diversity, and inclusion. We are focused on developing a workforce that is representative of the communities we serve and together we are building an inclusive workplace where all of our colleagues have the opportunity to make a real difference. We are championing this through our Equality Diversity and Inclusion Board together with a number of staff networks. Read more about our commitment on our website.

Candidates with a disability who meet the minimum criteria for this vacancy will be invited to interview as part of the ICO\'s commitment to the Disability Confident Scheme.

As part of the ICO\'s commitment to our EDI objectives and creating a workplace that represents the communities and societies we serve, we guarantee an interview to candidates who declare they identify as belonging from an ethnic minority background and who meet the minimum criteria for this vacancy

If you are disabled or have an impairment and require an alternative application method, please email the HR team at recruitment@ico.org.uk

Please submit your CV and cover letter by 23:59, Friday 10th October. Your cover letter should be no more than 1,000 words and should clearly demonstrate how you meet the essential criteria for the role.

We may close this vacancy early if we receive a high volume of applications. To ensure your application is considered, we encourage you to apply as soon as possible. If you require any reasonable adjustments to support your application, please contact us at recruitment@ico.org.uk.

In the event of a high volume of applications, we may not be able to invite all candidates who meet the minimum criteria to interview. However, we encourage you stay in touch and apply for future roles that match your interests.

All candidates who meet the minimum criteria and apply in-line with our guaranteed interview scheme for disabled and ethnic minority applicants will be interviewed.