Head of Information and Cyber Security

Role: Head of Cyber Security

Location: Hybrid 1 day per week in London (flexible)

Salary: £80,000 – £84,000 + benefits

This is a pivotal leadership role in shaping and strengthening the cybersecurity landscape of a values-driven, non‑profit organisation. The organisation is recognised as a top 100 Employer, historically named as one of the most inclusive employers in the UK.

The Head of Cyber Security will design, develop, and coordinate all aspects of the Information Security strategy, encompassing governance and risk management, incident response, and disaster recovery. The Head of Cyber Security will manage a multitude of third‑party partnerships from the SOC, to vulnerability management, to patching, and network and firewall operations.

The organisation has made significant strides in recent years, establishing its first dedicated security function and partnering with a managed SOC provider. The next phase is about refinement: enhancing capability, strengthening partnerships, and driving strategy.

Reporting to the Director of Technology, the Head of Cyber Security will:

• Own and evolve the organisation's security strategy and roadmap, aligned to NIST.
• Oversee a small internal team (2 privacy / GDPR specialists).
• Manage all external 3rd party security contracts / relationships - SOC, vulnerability management, patching, and firewall operations.
• Oversee incident response, risk mitigation, and disaster recovery planning.
• Support delivery of Cyber Essentials Plus accreditation.
• Present cyber and data risks at risk, audit, and board level.
• Champion security awareness and training across the organisation (including phishing simulations and user education).

• Held Senior / Lead positions in Information and Cyber Security.
• Strong grounding in cyber security leadership, risk, and governance, ideally within regulated or complex environments (public, charity, or enterprise).
• Experience managing SOCs or third‑party security services.
• Solid understanding of technical principles (firewalls, phishing, vulnerabilities, routing, MFA, etc) - you can challenge, not necessarily configure.
• Knowledge of NIST and experience supporting Cyber Essentials Plus or similar certifications.
• Excellent stakeholder management and communication skills and comfortable presenting to execs, trustees, and end users alike.
• Leadership style that builds trust and collaboration, more about influence than command.
• Strategic mindset with patience for long‑term delivery.

This is a genuine opportunity to build and lead something lasting.

Youll inherit a capable foundation, a clear roadmap, and the autonomy to shape how security evolves, from partnerships and tooling to policy and culture.

Youll also play a part in an organisation with a strong social mission, making a real impact on the communities it serves.