Chief Information Security Officer - CISO

England Permanent
  • Hybrid working practices in place.
  • The business is envisaged to have significant growth over the next 3 - 4 years.

About Our Client

A leading Science and Research organisation, our client is at the forefront of innovative ways to create clean energy with locations across the country.

Job Description

The role shall ensure compliance and oversight for Cyber and Information Security, internally and externally and will work collaboratively with external authoritative stakeholders from regulators to National Authorities, vendors and specialists.

Key responsibilities will include

  • Establishing and maintaining vision and strategy, with continued maturity and evolution of Cyber Security activities, to ensure Information Assets and technologies are adequately technically and procedurally protected.
  • Work collaboratively with the Senior Information Risk Owner (SIRO) and Information Asset Owners (IAOs) to ensure a structured plan of work is in place.
  • Provide advice and assurance to the SIRO that all risk management decisions are justified and accountable in the context of the business requirement and there is a clear understanding of any potential business impact.
  • Lead and maintain an effective Cyber Security & Information Assurance capability through a small team of SMEs.
  • Lead the Cyber Security and Information Assurance process across the organisation, including Board-owned Information Security policies; selection of and adherence to standards; and the establishment and dissemination of controls, procedures and authoritative guidance.
  • Ensuring compliance and auditing Cyber and Information Security (internal and external (e.g. with suppliers); and working with external authoritative stakeholders from regulators to National Authorities, vendors and specialists.
  • Incorporating security elements within Business Continuity Planning, Disaster Recovery and Crisis.
  • Lead an improvement in Cyber Security maturity across the organisation through the use of security incident management, exercising, reporting and reviewing; and responding to incidents and events as appropriate to plans, potentially leading on remediation subject to circumstances.
  • Utilise as appropriate third party support to provide penetration testing and business continuity exercising up to and including the organisation's Board.
  • Operational Cyber and Information Security (overseeing the Security Operations Centre), protective monitoring, security software from anti-virus to web filtering; partnering with IT on the delivery of secure architecture, products and services; leading on identifying, resolving and managing security threats, vulnerabilities, non-compliance and risks specific to the organisation; and potentially leading emergency and incident response teams.
  • Ensure appropriate levels of reporting is provided to the Business leadership, Executive leadership and to the Board via the Audit Risk and Assurance Committee.
  • Identifying, developing, implementing and maintaining processes to reduce IT risks across the organisation through awareness training and communications campaigns.
  • Work collaboratively across the functions and subcommittees of the organisation to ensure external environments are clearly understood and threats suppressed as advised by the National Cyber Security Centre (NCSC) or other authoritative regulator organisations.

The Successful Applicant

Experience Essential Criteria:

  • A track record of Cyber Security Detection, Prevention and Monitoring techniques.
  • A track record of successful team leadership, driving modernisation and innovation in Cyber Security and Information Assurance.
  • Experience in understanding and effectively managing business risk through the implementation of robust, manageable solutions.
  • Familiar with developing, implementing and updating Information Security Strategies.
  • Demonstrable experience in reviewing Cyber Security risks and implementing appropriate solutions.
  • Experience in using third party outsourcing providers, reviewing and assessing value for money.

Demonstrable Behaviours:

  • Be Curious
  • Take Action
  • Add Value

Skills and Abilities:

  • Ability to think commercially and strategically.
  • Excellent team leadership skills and behaviours.
  • Commercially focused with an understanding of the operations which impact a business and how risk is managed optimally for the business, customers and other stakeholders.
  • Strong presentation, written and oral communication skills.
  • Strong numeracy and analytic skills informing evidence-based decisions.
  • Excellent interpersonal skills, able to influence, build and maintain strong working relationships with a wide range of stakeholders; collaborative and consultative.
  • Ability to work in a high-pressure environment to demanding deadlines.
  • Enthusiastic, motivated, adaptable and proactive with the ability to work flexibly in a changing environment.

What's on Offer

Competitive salary and benefits to be discussed on a one to one basis.

Rutesh Shah
Quote job ref
Phone number

Job summary

Public Sector
Contract type
Consultant name
Rutesh Shah
Consultant phone
Job reference