Cookie Notice Chief Information Security Officer Title: Chief Information Security Officer Company: Ipsen Pharma (SAS) About Ipsen: Ipsen is a mid-sized global biopharmaceutical company with a focus on transformative medicines in three therapeutic areas: Oncology, Rare Disease and Neuroscience. Supported by nearly 100 years of development experience, with global hubs in the U.S., France and the U.K, we tackle areas of high unmet medical need through research and innovation. Our passionate teams in more than 40 countries are focused on what matters and endeavor every day to bring medicines to patients in 88 countries. We build a workplace that champions human-centric leadership and fosters a culture of collaboration, excellence and impact. At Ipsen, every individual is empowered to be their true selves, grow and thrive alongside the company's success. Join us on our journey towards sustainable growth, creating real impact on patients and society!For more information, visit us at and follow our latest news on and . Job Description: The Chief Information Security Officer (CISO) is a strategic executive responsible for protecting the company's physical, digital, and intellectual assets. In a pharmaceutical context, this includes safeguarding sensitive R&D data, clinical trial information, patient privacy, and proprietary technologies. The CISO leads the development and execution of a comprehensive security strategy encompassing cybersecurity, regulatory compliance, physical security, and internal investigations. This role includes building and managing a multidisciplinary security and investigations team, ensuring alignment with business goals and regulatory requirements. WHAT - Main Responsibilities & Technical Competencies Strategic Leadership Develop and execute a forward-looking security strategy aligned with corporate objectives and industry trends. Advise executive leadership and the board on risk posture, threat landscape, and investment priorities. Lead cross-functional initiatives to embed security into digital transformation, innovation, and operational excellence. Establish KPIs and performance metrics to measure and improve security effectiveness. Cybersecurity & IT Security Oversee the design and implementation of cybersecurity architecture and controls. Ensure protection of IT infrastructure, cloud environments, and sensitive data. Lead incident response, threat intelligence, and vulnerability management programs. Maintain compliance with global standards (e.g., ISO 27001, NIST, GDPR, HIPAA). Governance, Risk & Compliance Develop and enforce enterprise-wide security policies and procedures. In alignment with the business ethics team, ensure compliance with pharmaceutical regulations (e.g., FDA, EMA, GxP). Conduct risk assessments, internal audits, and third-party security evaluations. Report regularly to senior leadership on risk mitigation and compliance status. Investigations & Incident Management Establish and lead an internal investigations function to address security breaches, misconduct, and regulatory violations. Build and manage a team of investigators and analysts with expertise in digital forensics, compliance, and legal coordination. Collaborate with HR, Legal, and external agencies on sensitive investigations and disciplinary actions. Ensure thorough documentation, reporting, and resolution of incidents in line with legal and regulatory standards. Fraud Management Develop and implement a fraud prevention and detection framework across the organization. Lead investigations into suspected fraud, misconduct, and financial irregularities. Collaborate with Finance, Legal, and Compliance to ensure timely resolution and reporting of fraud cases. Maintain a whistleblower program and ensure confidentiality and integrity in handling reports. Monitor fraud trends and proactively adjust controls and training programs. Team Management & Development Build and lead a multidisciplinary security team (cybersecurity, physical security, investigations, risk management). Define roles, responsibilities, and career development paths for team members. Foster a culture of accountability, agility, and continuous learning. Manage vendor relationships and external consultants as needed. Physical & Operational Security Oversee facility security, access control, and surveillance systems. Coordinate with facilities and operations on emergency preparedness and response. Develop and test business continuity and disaster recovery plans. Stakeholder Engagement Partner with various functions & business leaders including Legal, Regulatory Affairs, R&D, and Medical Affairs to align security with business needs. Lead security awareness and training programs across the organization. Represent the company in external forums, industry groups, and regulatory engagements. HOW - Knowledge & Experience Skills: Technical depth in cybersecurity and investigations Leadership and team development Fraud detection and prevention expertise Regulatory and compliance acumen Communication and stakeholder management Crisis and incident responseKnowledge & Experience: 15+ years of experience in security leadership, preferably in pharma or life sciences. Proven track record in strategic planning, investigations, fraud management, and team leadership. Certifications such as CISSP, CISM, CISA, CRISC, or CFE (Certified Fraud Examiner) are highly desirable. Strong understanding of regulatory environments and risk management frameworks.Education / Certifications : Bachelor's or Master's degree in Information Security, Computer Science, or related field.Language(s) : Fluency in English. Knowledge of European language is a plus for global roles.Nous nous engageons à créer un lieu de travail où chacun se sent écouté, valorisé et soutenu, où nous incarnons " The Real Us ". La valeur que nous accordons aux différentes perspectives et expériences motive notre engagement en faveur de l'inclusion et de l'égalité des chances. Lorsque nous intégrons des modes de pensée diversifiés, nous prenons des décisions plus réfléchies et découvrons des solutions plus innovantes. Ensemble, nous nous efforçons de mieux comprendre les communautés que nous servons. Cela signifie que nous voulons également vous aider à donner le meilleur de vous-même lorsque vous postulez à un poste chez nous. Si vous avez besoin d'aménagements ou d'aide pendant le processus de candidature, veuillez en informer l'équipe de recrutement. Ces informations seront traitées avec soin et n'auront aucune incidence sur le résultat de votre candidature. Soyons nous-même Get In TouchIntroduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match.
Mar 01, 2026
Full time
Cookie Notice Chief Information Security Officer Title: Chief Information Security Officer Company: Ipsen Pharma (SAS) About Ipsen: Ipsen is a mid-sized global biopharmaceutical company with a focus on transformative medicines in three therapeutic areas: Oncology, Rare Disease and Neuroscience. Supported by nearly 100 years of development experience, with global hubs in the U.S., France and the U.K, we tackle areas of high unmet medical need through research and innovation. Our passionate teams in more than 40 countries are focused on what matters and endeavor every day to bring medicines to patients in 88 countries. We build a workplace that champions human-centric leadership and fosters a culture of collaboration, excellence and impact. At Ipsen, every individual is empowered to be their true selves, grow and thrive alongside the company's success. Join us on our journey towards sustainable growth, creating real impact on patients and society!For more information, visit us at and follow our latest news on and . Job Description: The Chief Information Security Officer (CISO) is a strategic executive responsible for protecting the company's physical, digital, and intellectual assets. In a pharmaceutical context, this includes safeguarding sensitive R&D data, clinical trial information, patient privacy, and proprietary technologies. The CISO leads the development and execution of a comprehensive security strategy encompassing cybersecurity, regulatory compliance, physical security, and internal investigations. This role includes building and managing a multidisciplinary security and investigations team, ensuring alignment with business goals and regulatory requirements. WHAT - Main Responsibilities & Technical Competencies Strategic Leadership Develop and execute a forward-looking security strategy aligned with corporate objectives and industry trends. Advise executive leadership and the board on risk posture, threat landscape, and investment priorities. Lead cross-functional initiatives to embed security into digital transformation, innovation, and operational excellence. Establish KPIs and performance metrics to measure and improve security effectiveness. Cybersecurity & IT Security Oversee the design and implementation of cybersecurity architecture and controls. Ensure protection of IT infrastructure, cloud environments, and sensitive data. Lead incident response, threat intelligence, and vulnerability management programs. Maintain compliance with global standards (e.g., ISO 27001, NIST, GDPR, HIPAA). Governance, Risk & Compliance Develop and enforce enterprise-wide security policies and procedures. In alignment with the business ethics team, ensure compliance with pharmaceutical regulations (e.g., FDA, EMA, GxP). Conduct risk assessments, internal audits, and third-party security evaluations. Report regularly to senior leadership on risk mitigation and compliance status. Investigations & Incident Management Establish and lead an internal investigations function to address security breaches, misconduct, and regulatory violations. Build and manage a team of investigators and analysts with expertise in digital forensics, compliance, and legal coordination. Collaborate with HR, Legal, and external agencies on sensitive investigations and disciplinary actions. Ensure thorough documentation, reporting, and resolution of incidents in line with legal and regulatory standards. Fraud Management Develop and implement a fraud prevention and detection framework across the organization. Lead investigations into suspected fraud, misconduct, and financial irregularities. Collaborate with Finance, Legal, and Compliance to ensure timely resolution and reporting of fraud cases. Maintain a whistleblower program and ensure confidentiality and integrity in handling reports. Monitor fraud trends and proactively adjust controls and training programs. Team Management & Development Build and lead a multidisciplinary security team (cybersecurity, physical security, investigations, risk management). Define roles, responsibilities, and career development paths for team members. Foster a culture of accountability, agility, and continuous learning. Manage vendor relationships and external consultants as needed. Physical & Operational Security Oversee facility security, access control, and surveillance systems. Coordinate with facilities and operations on emergency preparedness and response. Develop and test business continuity and disaster recovery plans. Stakeholder Engagement Partner with various functions & business leaders including Legal, Regulatory Affairs, R&D, and Medical Affairs to align security with business needs. Lead security awareness and training programs across the organization. Represent the company in external forums, industry groups, and regulatory engagements. HOW - Knowledge & Experience Skills: Technical depth in cybersecurity and investigations Leadership and team development Fraud detection and prevention expertise Regulatory and compliance acumen Communication and stakeholder management Crisis and incident responseKnowledge & Experience: 15+ years of experience in security leadership, preferably in pharma or life sciences. Proven track record in strategic planning, investigations, fraud management, and team leadership. Certifications such as CISSP, CISM, CISA, CRISC, or CFE (Certified Fraud Examiner) are highly desirable. Strong understanding of regulatory environments and risk management frameworks.Education / Certifications : Bachelor's or Master's degree in Information Security, Computer Science, or related field.Language(s) : Fluency in English. Knowledge of European language is a plus for global roles.Nous nous engageons à créer un lieu de travail où chacun se sent écouté, valorisé et soutenu, où nous incarnons " The Real Us ". La valeur que nous accordons aux différentes perspectives et expériences motive notre engagement en faveur de l'inclusion et de l'égalité des chances. Lorsque nous intégrons des modes de pensée diversifiés, nous prenons des décisions plus réfléchies et découvrons des solutions plus innovantes. Ensemble, nous nous efforçons de mieux comprendre les communautés que nous servons. Cela signifie que nous voulons également vous aider à donner le meilleur de vous-même lorsque vous postulez à un poste chez nous. Si vous avez besoin d'aménagements ou d'aide pendant le processus de candidature, veuillez en informer l'équipe de recrutement. Ces informations seront traitées avec soin et n'auront aucune incidence sur le résultat de votre candidature. Soyons nous-même Get In TouchIntroduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match.
Deputy Director Chief Information Security Officer - GCHQ - SCS1 Full-time (Permanent) £96,981 - £130,000 plus additional allowance. Published on 26 February 2026, Deadline 16 March 2026. Location The role can be based in Cheltenham, Manchester or London, with a regular presence required in those locations. International travel may be required. About the job GCHQ is the nation's intelligence, cyber and security agency. We work to make the UK the safest place to live and work online; connect the national security community securely; and provide insights and counter threats through SIGINT and effects. Our people work closely with MI5 and MI6 as well as defence, international, and industry partners across a variety of locations, with major hubs in Cheltenham, London and Manchester as well as other sites in the UK and overseas. We live by the values of ingenuity, integrity, impact and teamwork as we work to keep the UK safe, resilient and prosperous in an uncertain world. A role with us means you will do unique and challenging work in a supportive environment, making a meaningful difference to national security. About the Role The UK Intelligence Community (UKIC) is seeking an outstanding Chief Information Security Officer (CISO) to lead cyber security and information governance across some of the nation's most sensitive missions. Accountable to the UKIC Infosec Director, this is one of the most high profile technical leadership roles in government, shaping the strategic direction of information security to protect the UK against the most capable and persistent adversaries. The successful candidate will ensure operational resilience and secure innovation in support of national intelligence objectives, delivering results in a highly complex and rapidly evolving environment. As CISO, you will work with colleagues to set and implement the organisation's cyber and information security strategy, striking the right balance between capability, acceptable risk and technological progress. You will integrate security governance into a complex set of cross agency organisational decision making, forums ensuring that information risks are managed effectively and proportionately, and that security is embedded at every level. This includes advising executive boards and senior leaders on the potential implications of major programmes, and guiding the organisations in safely embracing innovation and digital transformation. You will be responsible for designing and leading the UKIC's end to end risk management framework. This includes defining and tracking cybersecurity KPIs, producing regular reports for senior stakeholders, conducting organisation wide risk assessments and overseeing vulnerability management to ensure compliance with relevant frameworks. You will be responsible for designing incident response and business continuity strategies and ensuring they are implemented by business areas. Your leadership will be central to developing sustainable security budgets and resourcing strategies that ensure capabilities remain strong in the face of emerging threats. This role demands exceptional communication skills and the ability to influence at the highest levels of government. You must be confident presenting complex security concepts to both technical and non technical audiences, including boards, ministers and cross government stakeholders. You will draw on significant experience delivering robust security strategies in complex organisations and demonstrate deep knowledge of cyber threat landscapes, risk management practices and modern security technologies. International relationships are a critical element of this role, so familiarity working with key allied governments would be valuable. You should bring expertise in securing cloud environments and emerging technologies within digital transformation programmes, alongside a strong understanding of regulatory compliance frameworks such as NIST, ISO27001, GDPR and GovS007. Professional certifications such as CISSP, CISM or CCISO are highly desirable. A proven track record in embedding a positive security culture, mentoring high performing teams and managing supplier security will be critical to your success. This is a unique opportunity to take on one of the most influential cyber security leadership roles in the UK. Protecting the nation's intelligence capabilities requires vision, strategic acumen and operational excellence. If you are ready to take on this challenge, and have the skills, integrity and commitment to safeguard national security, we invite you to join us in delivering a secure future for UK intelligence. Key Responsibilities Develop, maintain and articulate a clear understanding of the cyber and information security risks inherent across the whole organisation in order to provide assurance to the UKIC Group Senior information risk owner (SIRO). Create and implement information security strategy which supports the organisation in determining the right balance between its cyber and information security capabilities, acceptable level of risk and speed of technology progress. Ensure an effective cyber and information security governance framework that is integrated with overall organisational governance. Define and track cybersecurity KPIs, producing regular executive and board level reports on security posture. Enable the organisation to innovate safely by advising senior leadership on the potential risks and implications of major decisions that impact information security. Oversee the creation and implementation of relevant policies and standards which ensure effective information risk management. Identify and deliver opportunities for improvement of the security operations function to ensure timely detection and response to security incidents. Lead and mentor high performing information security professionals, fostering a culture of professional development. Play a leading role in multiple technical and programme boards. Work closely with stakeholders from across the UK Intelligence Community to ensure an end to end approach to cyber security and ensure that cyber security is embedded at all levels. Person specification Essential Criteria, qualifications and experience Exceptional communication skills, with the ability to present complex security concepts to both technical and non technical stakeholders at all levels. Proven experience developing and implementing information security strategies and policies within a complex organisation. In depth understanding of cybersecurity threats, technologies and risk management practices. One or more professional certifications such as CISSP, CISM or CCISO. Deep understanding of cloud security. Experience leading an operational cyber security function, or the delivery of cyber security capabilities. Extensive knowledge of relevant public and private sector cyber security practice.
Feb 28, 2026
Full time
Deputy Director Chief Information Security Officer - GCHQ - SCS1 Full-time (Permanent) £96,981 - £130,000 plus additional allowance. Published on 26 February 2026, Deadline 16 March 2026. Location The role can be based in Cheltenham, Manchester or London, with a regular presence required in those locations. International travel may be required. About the job GCHQ is the nation's intelligence, cyber and security agency. We work to make the UK the safest place to live and work online; connect the national security community securely; and provide insights and counter threats through SIGINT and effects. Our people work closely with MI5 and MI6 as well as defence, international, and industry partners across a variety of locations, with major hubs in Cheltenham, London and Manchester as well as other sites in the UK and overseas. We live by the values of ingenuity, integrity, impact and teamwork as we work to keep the UK safe, resilient and prosperous in an uncertain world. A role with us means you will do unique and challenging work in a supportive environment, making a meaningful difference to national security. About the Role The UK Intelligence Community (UKIC) is seeking an outstanding Chief Information Security Officer (CISO) to lead cyber security and information governance across some of the nation's most sensitive missions. Accountable to the UKIC Infosec Director, this is one of the most high profile technical leadership roles in government, shaping the strategic direction of information security to protect the UK against the most capable and persistent adversaries. The successful candidate will ensure operational resilience and secure innovation in support of national intelligence objectives, delivering results in a highly complex and rapidly evolving environment. As CISO, you will work with colleagues to set and implement the organisation's cyber and information security strategy, striking the right balance between capability, acceptable risk and technological progress. You will integrate security governance into a complex set of cross agency organisational decision making, forums ensuring that information risks are managed effectively and proportionately, and that security is embedded at every level. This includes advising executive boards and senior leaders on the potential implications of major programmes, and guiding the organisations in safely embracing innovation and digital transformation. You will be responsible for designing and leading the UKIC's end to end risk management framework. This includes defining and tracking cybersecurity KPIs, producing regular reports for senior stakeholders, conducting organisation wide risk assessments and overseeing vulnerability management to ensure compliance with relevant frameworks. You will be responsible for designing incident response and business continuity strategies and ensuring they are implemented by business areas. Your leadership will be central to developing sustainable security budgets and resourcing strategies that ensure capabilities remain strong in the face of emerging threats. This role demands exceptional communication skills and the ability to influence at the highest levels of government. You must be confident presenting complex security concepts to both technical and non technical audiences, including boards, ministers and cross government stakeholders. You will draw on significant experience delivering robust security strategies in complex organisations and demonstrate deep knowledge of cyber threat landscapes, risk management practices and modern security technologies. International relationships are a critical element of this role, so familiarity working with key allied governments would be valuable. You should bring expertise in securing cloud environments and emerging technologies within digital transformation programmes, alongside a strong understanding of regulatory compliance frameworks such as NIST, ISO27001, GDPR and GovS007. Professional certifications such as CISSP, CISM or CCISO are highly desirable. A proven track record in embedding a positive security culture, mentoring high performing teams and managing supplier security will be critical to your success. This is a unique opportunity to take on one of the most influential cyber security leadership roles in the UK. Protecting the nation's intelligence capabilities requires vision, strategic acumen and operational excellence. If you are ready to take on this challenge, and have the skills, integrity and commitment to safeguard national security, we invite you to join us in delivering a secure future for UK intelligence. Key Responsibilities Develop, maintain and articulate a clear understanding of the cyber and information security risks inherent across the whole organisation in order to provide assurance to the UKIC Group Senior information risk owner (SIRO). Create and implement information security strategy which supports the organisation in determining the right balance between its cyber and information security capabilities, acceptable level of risk and speed of technology progress. Ensure an effective cyber and information security governance framework that is integrated with overall organisational governance. Define and track cybersecurity KPIs, producing regular executive and board level reports on security posture. Enable the organisation to innovate safely by advising senior leadership on the potential risks and implications of major decisions that impact information security. Oversee the creation and implementation of relevant policies and standards which ensure effective information risk management. Identify and deliver opportunities for improvement of the security operations function to ensure timely detection and response to security incidents. Lead and mentor high performing information security professionals, fostering a culture of professional development. Play a leading role in multiple technical and programme boards. Work closely with stakeholders from across the UK Intelligence Community to ensure an end to end approach to cyber security and ensure that cyber security is embedded at all levels. Person specification Essential Criteria, qualifications and experience Exceptional communication skills, with the ability to present complex security concepts to both technical and non technical stakeholders at all levels. Proven experience developing and implementing information security strategies and policies within a complex organisation. In depth understanding of cybersecurity threats, technologies and risk management practices. One or more professional certifications such as CISSP, CISM or CCISO. Deep understanding of cloud security. Experience leading an operational cyber security function, or the delivery of cyber security capabilities. Extensive knowledge of relevant public and private sector cyber security practice.
Job Description Grade: SCS 1 - Open to applicants on promotion Working Pattern: Requests for flexible working patterns will be considered and should be discussed with the Hiring Manager upon application. A small amount of home working is possible but there is an expectation that most of this role will be office based. Location: The role can be based in Cheltenham, London or Manchester, but the successful candidate would be expected to spend time in each of the three locations. Salary: You will receive a salary between £96,981 - £130,000 which includes any applicable skills payment, depending on skills and experience. In addition, the role attracts a non-concessionary payment of £3030 (subject to security compliance) and London Pay Addition of £6250 if contracted to a London work location. The skills payment will be discussed and assessed at interview. Clearance: DV clearance required. About Us GCHQ is the nation's intelligence, cyber and security agency. We work to make the UK the safest place to live and work online; connect the national security community securely; and provide insights and counter threats through SIGINT and effects. Our people work closely with MI5 and MI6 as well as defence, international, and industry partners across a variety of locations, with major hubs in Cheltenham, London and Manchester as well as other sites in the UK and overseas. We live by the values of ingenuity, integrity, impact and teamwork as we work to keep the UK safe, resilient and prosperous in an uncertain world. A role with us means you will do unique and challenging work in a supportive environment, making a meaningful difference to national security. About the Role The UK Intelligence Community (UKIC) is seeking an outstanding Chief Information Security Officer (CISO) to lead cyber security and information governance across some of the nation's most sensitive missions. Accountable to the UKIC Infosec Director, this is one of the most high-profile technical leadership roles in government, shaping the strategic direction of information security to protect the UK against the most capable and persistent adversaries. The successful candidate will ensure operational resilience and secure innovation in support of national intelligence objectives, delivering results in a highly complex and rapidly evolving environment. As CISO, you will work with colleagues to set and implement the organisation's cyber and information security strategy, striking the right balance between capability, acceptable risk and technological progress. You will integrate security governance into a complex set of cross agency organisational decision-making, forums ensuring that information risks are managed effectively and proportionately, and that security is embedded at every level. This includes advising executive boards and senior leaders on the potential implications of major programmes, and guiding the organisations in safely embracing innovation and digital transformation. You will be responsible for designing and leading the UKIC's end-to-end risk management framework. This includes defining and tracking cybersecurity KPIs, producing regular reports for senior stakeholders, conducting organisation-wide risk assessments and overseeing vulnerability management to ensure compliance with relevant frameworks. You will be responsible for designing incident response and business continuity strategies and ensuring they are implemented by business areas. Your leadership will be central to developing sustainable security budgets and resourcing strategies that ensure capabilities remain strong in the face of emerging threats. This role demands exceptional communication skills and the ability to influence at the highest levels of government. You must be confident presenting complex security concepts to both technical and non-technical audiences, including boards, ministers and cross-government stakeholders. You will draw on significant experience delivering robust security strategies in complex organisations and demonstrate deep knowledge of cyber threat landscapes, risk management practices and modern security technologies. International relationships are a critical element of this role, so familiarity working with key allied governments would be valuable. You should bring expertise in securing cloud environments and emerging technologies within digital transformation programmes, alongside a strong understanding of regulatory compliance frameworks such as NIST, ISO27001, GDPR and GovS007. Professional certifications such as CISSP, CISM or CCISO are highly desirable. A proven track record in embedding a positive security culture, mentoring high-performing teams and managing supplier security will be critical to your success. This is a unique opportunity to take on one of the most influential cyber security leadership roles in the UK. Protecting the nation's intelligence capabilities requires vision, strategic acumen and operational excellence. If you are ready to take on this challenge, and have the skills, integrity and commitment to safeguard national security, we invite you to join us in delivering a secure future for UK intelligence. The role can be based in Cheltenham, Manchester or London, with a regular presence required in those locations. The ability to undertake occasional international travel is desirable. Key Responsibilities Develop, maintain and articulate a clear understanding of the cyber and information security risks inherent across the whole organisation in order to provide assurance to the UKIC Group Senior information risk owner (SIRO). Create and implement information security strategy which supports the organisation in determining the right balance between the organisation's cyber and information security capabilities, acceptable level of risk and speed of technology progress. Ensure an effective cyber and information security governance framework that is integrated with overall organisational governance. Define and track cybersecurity KPIs, producing regular executive and board level reports on security posture. Enable the organisation to innovate safely by advising senior leadership on the potential risks and implications of major decisions that impact information security. Oversee the creation and implementation of relevant policies and standards which ensure effective information risk management. Identify and deliver opportunities for improvement of the security operations function to ensure timely detection and response to security incidents. Lead and mentor high performing information security professionals, fostering a culture of professional development. Play a leading role in multiple Technical and programme boards. Work closely with stakeholders from across the UK Intelligence Community to ensure an end-to-end approach to cyber security and ensure that cyber security is embedded at all levels. Person Specification Exceptional communication skills, with the ability to present complex security concepts to both technical and non-technical stakeholders at all levels. Proven experience developing and implementing information security strategies and policies within a complex organisation. In-depth understanding of cybersecurity threats, technologies and risk management practices. Professional certifications such as CISSP, CISM or CCISO are highly desirable. Deep understanding of cloud security. Experience leading an operational cyber security function, or the delivery of cyber security capabilities. Extensive knowledge of relevant public and private sector cyber security practice. SCS Competency Framework Seeing the Big Picture Making Effective Decisions Driving Innovation and Change Providing Customer Value How to apply Copy and paste a statement of suitability outlining how your personal skills, qualities and experiences demonstrate your suitability for the role. Structure your statement with a sub-heading for each of the essential criteria listed above and, below each, include evidence of how you meet that criterion. Provide a CV setting out your career history, with key responsibilities and achievements. Include reasons for any gaps within the last two years. It is important that through your CV and supporting statement, you give evidence and examples of proven experience of each of the elements of the essential criteria. Please note - the application form consists of two stages; an initial eligibility check, followed by a full application form. It is at the full application form stage that you will have the opportunity to input your suitability statement and CV information. For questions about the role or to discuss the role in more detail, email who will direct your enquiry appropriately. What to expect Your application will be sifted to assess your evidence against the essential criteria above. If shortlisted, you will be invited to participate in a Staff Engagement Session with a small group of GCHQ staff. Full details of the assessment process will be made available to shortlisted candidates. You will be invited to attend a panel interview, where your motivational fit, values, competency evidence and technical experience will be assessed. The application process may take around 6 - 9 months to process including vetting, so we advise you continue any current employment until you have received your final job offer . click apply for full job details
Feb 28, 2026
Full time
Job Description Grade: SCS 1 - Open to applicants on promotion Working Pattern: Requests for flexible working patterns will be considered and should be discussed with the Hiring Manager upon application. A small amount of home working is possible but there is an expectation that most of this role will be office based. Location: The role can be based in Cheltenham, London or Manchester, but the successful candidate would be expected to spend time in each of the three locations. Salary: You will receive a salary between £96,981 - £130,000 which includes any applicable skills payment, depending on skills and experience. In addition, the role attracts a non-concessionary payment of £3030 (subject to security compliance) and London Pay Addition of £6250 if contracted to a London work location. The skills payment will be discussed and assessed at interview. Clearance: DV clearance required. About Us GCHQ is the nation's intelligence, cyber and security agency. We work to make the UK the safest place to live and work online; connect the national security community securely; and provide insights and counter threats through SIGINT and effects. Our people work closely with MI5 and MI6 as well as defence, international, and industry partners across a variety of locations, with major hubs in Cheltenham, London and Manchester as well as other sites in the UK and overseas. We live by the values of ingenuity, integrity, impact and teamwork as we work to keep the UK safe, resilient and prosperous in an uncertain world. A role with us means you will do unique and challenging work in a supportive environment, making a meaningful difference to national security. About the Role The UK Intelligence Community (UKIC) is seeking an outstanding Chief Information Security Officer (CISO) to lead cyber security and information governance across some of the nation's most sensitive missions. Accountable to the UKIC Infosec Director, this is one of the most high-profile technical leadership roles in government, shaping the strategic direction of information security to protect the UK against the most capable and persistent adversaries. The successful candidate will ensure operational resilience and secure innovation in support of national intelligence objectives, delivering results in a highly complex and rapidly evolving environment. As CISO, you will work with colleagues to set and implement the organisation's cyber and information security strategy, striking the right balance between capability, acceptable risk and technological progress. You will integrate security governance into a complex set of cross agency organisational decision-making, forums ensuring that information risks are managed effectively and proportionately, and that security is embedded at every level. This includes advising executive boards and senior leaders on the potential implications of major programmes, and guiding the organisations in safely embracing innovation and digital transformation. You will be responsible for designing and leading the UKIC's end-to-end risk management framework. This includes defining and tracking cybersecurity KPIs, producing regular reports for senior stakeholders, conducting organisation-wide risk assessments and overseeing vulnerability management to ensure compliance with relevant frameworks. You will be responsible for designing incident response and business continuity strategies and ensuring they are implemented by business areas. Your leadership will be central to developing sustainable security budgets and resourcing strategies that ensure capabilities remain strong in the face of emerging threats. This role demands exceptional communication skills and the ability to influence at the highest levels of government. You must be confident presenting complex security concepts to both technical and non-technical audiences, including boards, ministers and cross-government stakeholders. You will draw on significant experience delivering robust security strategies in complex organisations and demonstrate deep knowledge of cyber threat landscapes, risk management practices and modern security technologies. International relationships are a critical element of this role, so familiarity working with key allied governments would be valuable. You should bring expertise in securing cloud environments and emerging technologies within digital transformation programmes, alongside a strong understanding of regulatory compliance frameworks such as NIST, ISO27001, GDPR and GovS007. Professional certifications such as CISSP, CISM or CCISO are highly desirable. A proven track record in embedding a positive security culture, mentoring high-performing teams and managing supplier security will be critical to your success. This is a unique opportunity to take on one of the most influential cyber security leadership roles in the UK. Protecting the nation's intelligence capabilities requires vision, strategic acumen and operational excellence. If you are ready to take on this challenge, and have the skills, integrity and commitment to safeguard national security, we invite you to join us in delivering a secure future for UK intelligence. The role can be based in Cheltenham, Manchester or London, with a regular presence required in those locations. The ability to undertake occasional international travel is desirable. Key Responsibilities Develop, maintain and articulate a clear understanding of the cyber and information security risks inherent across the whole organisation in order to provide assurance to the UKIC Group Senior information risk owner (SIRO). Create and implement information security strategy which supports the organisation in determining the right balance between the organisation's cyber and information security capabilities, acceptable level of risk and speed of technology progress. Ensure an effective cyber and information security governance framework that is integrated with overall organisational governance. Define and track cybersecurity KPIs, producing regular executive and board level reports on security posture. Enable the organisation to innovate safely by advising senior leadership on the potential risks and implications of major decisions that impact information security. Oversee the creation and implementation of relevant policies and standards which ensure effective information risk management. Identify and deliver opportunities for improvement of the security operations function to ensure timely detection and response to security incidents. Lead and mentor high performing information security professionals, fostering a culture of professional development. Play a leading role in multiple Technical and programme boards. Work closely with stakeholders from across the UK Intelligence Community to ensure an end-to-end approach to cyber security and ensure that cyber security is embedded at all levels. Person Specification Exceptional communication skills, with the ability to present complex security concepts to both technical and non-technical stakeholders at all levels. Proven experience developing and implementing information security strategies and policies within a complex organisation. In-depth understanding of cybersecurity threats, technologies and risk management practices. Professional certifications such as CISSP, CISM or CCISO are highly desirable. Deep understanding of cloud security. Experience leading an operational cyber security function, or the delivery of cyber security capabilities. Extensive knowledge of relevant public and private sector cyber security practice. SCS Competency Framework Seeing the Big Picture Making Effective Decisions Driving Innovation and Change Providing Customer Value How to apply Copy and paste a statement of suitability outlining how your personal skills, qualities and experiences demonstrate your suitability for the role. Structure your statement with a sub-heading for each of the essential criteria listed above and, below each, include evidence of how you meet that criterion. Provide a CV setting out your career history, with key responsibilities and achievements. Include reasons for any gaps within the last two years. It is important that through your CV and supporting statement, you give evidence and examples of proven experience of each of the elements of the essential criteria. Please note - the application form consists of two stages; an initial eligibility check, followed by a full application form. It is at the full application form stage that you will have the opportunity to input your suitability statement and CV information. For questions about the role or to discuss the role in more detail, email who will direct your enquiry appropriately. What to expect Your application will be sifted to assess your evidence against the essential criteria above. If shortlisted, you will be invited to participate in a Staff Engagement Session with a small group of GCHQ staff. Full details of the assessment process will be made available to shortlisted candidates. You will be invited to attend a panel interview, where your motivational fit, values, competency evidence and technical experience will be assessed. The application process may take around 6 - 9 months to process including vetting, so we advise you continue any current employment until you have received your final job offer . click apply for full job details
A key government security agency in the UK is seeking a Chief Information Security Officer (CISO) to lead its cyber security and information governance efforts. This role demands exceptional communication skills and the ability to influence stakeholders at all levels. Responsibilities include designing a risk management framework and advising on security implications for strategic decisions. The ideal candidate will have significant experience in cyber security and regulatory compliance, along with relevant certifications, making this a challenging yet rewarding opportunity to safeguard national security.
Feb 28, 2026
Full time
A key government security agency in the UK is seeking a Chief Information Security Officer (CISO) to lead its cyber security and information governance efforts. This role demands exceptional communication skills and the ability to influence stakeholders at all levels. Responsibilities include designing a risk management framework and advising on security implications for strategic decisions. The ideal candidate will have significant experience in cyber security and regulatory compliance, along with relevant certifications, making this a challenging yet rewarding opportunity to safeguard national security.
