Chief Information Security Officer (CISO)

Duration : 6 month initial contract

Inside IR35

You will be responsible for:

• Team, collective and professional leadership, including supporting the development of specialist skills;
• Establishing governance, building knowledge and networks;
• Leading and communicating on information security with senior stakeholders, helping to inform and enable risk owners to fulfil their role;
• Developing and deploying role-appropriate advice and risk-mitigation guidance for all staff and partners on our platform;
• Setting policy direction and developing information and cyber security strategy;
• Developing and enhancing our information security management framework and working with colleagues to develop and agree technology standards;
• Leading continuous assessment of vulnerabilities to ensure policies are deployed, revised and overseen effectively.

Essential Criteria

Experience

• Demonstrable and practical experience at a senior level, in public or private sector, of working in a combination of risk management, information security and IT roles;
• Experience of leading and motivating large teams against a challenging resource background;
• Proven ability to understand complex user and technology needs and provide contextualised security advice or direction to allow those needs to be met securely through operational security arrangements;
• Demonstrable experience of setting standards and the development of procedures that deliver end-to-end, tightly monitored environments including in complex organisations;
• Experience of leading transformation programmes inside/outside government, ideally featuring an international dimension;
• Awareness and understanding of modern, industry standard security issues and processes, HMG security frameworks and knowledge of common information security management frameworks;
• Understanding of supply chain risks and implications e.g. awareness of software supply chain challenges;
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to both technical and non-technical audiences at all levels, ranging from Ministers to board members and technical specialists.

Technical Skills

• Specific security technology and understanding. Knowledge of system architectures. Threat awareness. Ability to understand the risk impact of vulnerabilities on existing and future designs and systems and to identify how easy or difficult it will be to exploit these vulnerabilities.
• Strong and effective communication with both technical and non-technical teams (security architect). Understand security concepts to be credible and comfortable when engaging with security technologists. Communicating in a language that is appropriate to audience. Ability to respond to challenge.
• Analysis – Ability to visualise, articulate and solve complex problems and concepts by interrogating and using data or intelligence to formulate and influence plans; to interpret complex business and technical issues; to identify and recognise a viable solution or control; to understand and link complex and diverse sets of information to inform the response and approach, for example identifying vulnerabilities and their impact.

The successful candidate would be expected to build and maintain effective working relationships and networks and to represent the UK with like-minded international Government partners to foster cooperation on Cyber Security.

Desirable Criteria

• Prior experience as Head of Security/CISO;
• Experience of managing tight resource constraints, conflicting priorities and a dynamic programme;
• Professional security management certification, such as, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.

If you feel you have the skills and experience needed for this role; please do apply now.