Cybersecurity Principal Lead

Your new company
You will be working for a known organisation based in Birmingham 2 days a week on-site. The role is inside scope of IR35 and it's a 6-month contract.

Your new role

Job Summary
Lead and champion the development and implementation of a cyber resilience strategy and framework for the organisation, aligned with the organisation's vision, values and objectives. Manage and develop a team of cyber professionals, providing them with clear direction, guidance, support and performance management. Ensure that the organisation meets all the cybersecurity standards and requirements, such as PSN, Cyber Essentials, NCSC Cyber Assessment Framework, PCI-DSS, ISO27001 and any new standards that may arise. Monitor and report on the organisation's cyber security posture, risks, incidents and compliance, using appropriate tools and metrics. Chair the Cyber Security Board, which oversees the delivery of the cyber resilience improvement programme and cyber security strategy to ensure that the programme is aligned with the organisation's priorities, resources and governance. Manage (including establishing and monitoring) the cyber resilience budget and ensure that the organisation obtains value for money from its cyber security investments. Establish and maintain effective relationships with internal and external stakeholders, such as the Information Governance Team, the Senior Management Team, the Audit Committees, external auditors, suppliers and regulators. Provide expert advice and guidance on cyber security matters to the organisation's workforce, managers and elected members, and promote a culture of cyber awareness and best practice. Keep abreast of the latest cyber security trends, threats, technologies and solutions, and ensure that the organisation adopts and adapts to the changing cyber landscape. Respond to and manage any cyber security incidents or breaches and ensure that the organisation has a robust and tested cyber incident response plan.

Your duties and responsibilities are:

1. Act as the principal, accountable and strategic lead for cyber security across the organisation.
2. Be a full and active member of the ICT Strategic Leadership Team.
3. Deputise for the ICT Strategic Lead whenever necessary, including attendance at meetings, report writing and the provision of professional advice.
4. Manage, strategically lead, coach and influence a team of cyber security professionals to ensure cyber security and resilience is robustly developed and maintained.
5. Develop, manage and be accountable for the organisation's Cyber Resilience Improvement Programme.
6. Be fully accountable and strategically manage the compliance of all required security accreditations, including but not limited to ISO27001, PSN Code of Connection, Cyber Essentials, NCSC Cyber Assessment Framework, PCI-DSS.
7. Strategically lead ICT's contribution and action ownership for the NHS's Data Security and Protection Toolkit (DSPT).
8. Manage the Cyber Security Programme budget and work with central government departments to seek additional grant funding as it becomes available.
9. Be accountable, lead and manage the development of the organisation's cyber security strategy ensuring it is fit for purpose, reviewed and communicated via relevant governance processes.
10. Develop and maintain all corporate cyber-related policies and strategies plus supporting Standard Operating Procedures related to cyber security, ensuring these are maintained and embedded within the organisation.
11. Proactively contribute to wider information governance policies from a cyber and ICT perspective.
12. Identify and subsequently manage all cyber security risks and ensure relevant risk treatment plans are developed and delivered.
13. Be the organisation's lead strategic representation and contact point for working with all necessary national, regional and local cyber groups, including NCSC, LGA, ROCU and WARPs.
14. Engage proactively and strategically with all government and related agencies with national cyber security programmes, e.g. DLUHC and the LGA.
15. Manage and take lead accountability for the response to all cyber security incidents as they occur.
16. Be the gold lead or be a full contributing member of any Cyber Response Team established in response to a cyber incident.
17. Manage the contractual relationship with the organisation's managed service Security Operations Centre (SOC).

What you need to do now

If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career.