INDEPENDENT FOOTBALL REGULATOR

The Independent Football Regulator The Independent Football Regulator (IFR) has been established to protect and promote the sustainability of English football, for the benefit of fans and the local communities football clubs serve. The IFR will help improve financial sustainability of clubs, ensure resilience across the leagues, and safeguard the heritage of English football. It will operate a licensing regime; set corporate governance standards and monitor, protect, and promote financial resilience. It will also enforce compliance with requirements on financial regulation, club ownership and directors, fan engagement, and heritage protection. The IFR will also have powers to prohibit clubs from joining competitions that are not fair or meritocratic, or that threaten the heritage or sustainability of English football. About the role This role provides strategic leadership and operational ownership of cyber security across the IFR, a small but high profile organisation. You will be responsible for developing, embedding and maturing a robust, proportionate cyber security and broader organisational security framework that protects the organisation's people, data, systems and services. Responsibilities will include: Developing, embedding, maturing and leading the organisation's cyber security strategy, governance, resilience and assurance activity. Overseeing all aspects of cyber security operations, including incident response, threat monitoring, vulnerability management and security operations Owning the wider organisational security framework, including physical security, information governance, data protection and resilience planning. Setting clear security management expectations and embedding a strong, resilient and effective security awareness culture across a small but high profile organisation. Ensuring compliance with relevant legislation, regulatory requirements and government security standards, including Government Functional Standard GovS 007: Security. Providing authoritative advice to the CEO, COO, CDDO, ExCo and Board on emerging threats, risks and mitigations. Implementing a formal cyber exercising and incident response programme; driving security and operational resilience. Embedding secure by design principles across digital services, data platforms and operational processes. Ensuring the cyber security framework aligns with the regulator's digital and data roadmap. Establishing ambitious and effective cyber maturity credentials; leading on assurance, penetration testing, risk assessments and audit readiness. Implementing audit recommendations and ensuring timely remediation of identified risks. Overseeing identity and access management, cloud security and supplier assurance. Essential Requirements: Significant experience of operating effectively in cyber security leadership roles. Extensive knowledge of cyber risk management, governance and assurance frameworks including: NCSC guidance, ISO 27001, Cyber Essentials Plus and NIST frameworks. Strong understanding of data protection, privacy and information governance. Proven experience managing security operations, incident response and threat intelligence. Ability to oversee supplier risk and ensure robust third party assurance. Experience driving measurable security improvements. Experience leading cyber incidents, including response co-ordination and exercising. Excellent communication skills, including briefing senior leadership and boards. Eligibility for appropriate government security clearance. Desirable Skills: Experience working with or within regulators, sports bodies or government organisations. Relevant professional certifications such as CISSP, CISM, CCSP or equivalent. Understanding of AI related security risks and model assurance. Knowledge of DevSecOps and secure software development practices. Experience maturing a security function. Familiarity with physical security, operational resilience and business continuity. If successful you will join a Non Departmental Public Body and will be employed as a Public Servant. If you are an existing Civil Servant or a DCMS employee you will no longer have access to Civil Service benefits including the Civil Service pension. The terms and conditions of employment include: Pension 12% An employee contribution of 5%, with an employer contribution of 7%. Flexible Benefit 8% Employees can choose to invest 8% of their base salary into their pension, or take as cash (post tax) Reward we will have a performance based reward programme. 31.5 days annual leave Flexible and hybrid working, 40% in office attendance Occupational sick pay 9 months paid Maternity Leave + generous paternity and adoption leave. A bespoke L&D programme to help you achieve your personal CPD, including paid membership fees Cycle-to-work scheme and much more! The Interview The interview process will assess experience through competency questions and potentially a presentation. Full details of this, including the topic, length of time, and whether or not you will need to use visual aids, will be sent to you prior to your interview. Prior to the interview you will be sent the competency questions in advance. The questions will be based on the essential criteria listed on slide 7. Your interview will take place remotely via Teams. Further Information A reserve list may be held for a period of 12 months from which further appointments can be made. The IFR has a location neutral pay scale. For more information on this, please see the 'Candidate Information Pack' attached Reasonable Adjustments We are committed to supporting candidates so they can perform at their best throughout the recruitment process. This includes making reasonable adjustments to our process. To request an adjustment, please email Accessibility If you are experiencing accessibility difficulties with any of the attachments, please contact us. Contact details can be found in the 'contact point for applicants' section of the job advert. Feedback Feedback will only be provided if you attend an interview or assessment. Security Successful candidates must undergo a criminal record check and complete baseline personnel security standard (opens in new window) checks. Nationality requirements This job is broadly open to the following groups: UK nationals nationals of the Republic of Ireland nationals of Commonwealth countries who have the right to work in the UK nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window) nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS) individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020 Diversity and Inclusion The IFR is committed to attract, retain and invest in talent wherever it is found. Contact point for applicants Email: