Deputy Director Chief Information Security Officer Closing Date - 23:55 on Monday 23rd March 2026
You will receive a salary between £96,981 - £130,000 which includes any applicable skills payment, depending on skills and experience. In addition, the role attracts a non-concessionary payment of £3030 (subject to security compliance) and London Pay Addition of £6250 if contracted to a London work location. The skills payment will be discussed and assessed at interview.
Grade: SCS 1 - Open to applicants on promotion
Working Pattern:Requests for flexible working patterns will be considered and should be discussed with the Hiring Manager upon application. A small amount of home working is possible but there is an expectation that most of this role will be office based.
Clearance: DV clearance required
About Us
GCHQ is the nation's intelligence, cyber and security agency. We work to make the UK the safest place to live and work online; connect the national security community securely; and provide insights and counter threats through SIGINT and effects. Our people work closely with MI5 and MI6 as well as defence, international, and industry partners across a variety of locations, with major hubs in Cheltenham, London and Manchester as well as other sites in the UK and overseas. We live by the values of ingenuity, integrity, impact and teamwork as we work to keep the UK safe, resilient and prosperous in an uncertain world. A role with us means you will do unique and challenging work in a supportive environment, making a meaningful difference to national security.
About the Role
The UK Intelligence Community (UKIC) is seeking an outstanding Chief Information Security Officer (CISO) to lead cyber security and information governance across some of the nation's most sensitive missions. Accountable to the UKIC Infosec Director, this is one of themost high profile technical leadership roles in government, shaping the strategic direction of information security to protect the UK against the most capable and persistent adversaries. The successful candidate will ensure operational resilience and secure innovation in support of national intelligenceobjectives, delivering results ina highly complexand rapidly evolving environment.
As CISO, you willwork with colleagues to set and implement the organisation's cyber and information security strategy, striking the right balance between capability, acceptableriskand technological progress. You will integrate security governance intoa complex set of crossagencyorganisational decision making,forumsensuring that information risks are managed effectively and proportionately, and that security is embedded at every level. This includes advising executive boards and senior leaders on the potential implications of majorprogrammes, andguiding the organisations in safely embracing innovation and digital transformation.
You willbe responsible fordesigning andleading the UKIC's end-to-end risk management framework. This includes defining and tracking cybersecurity KPIs, producing regular reports for senior stakeholders, conducting organisation wide riskassessmentsand overseeing vulnerability management to ensure compliance with relevant frameworks. You willbe responsible fordesigningincident response and business continuitystrategies and ensuring they are implemented by business areas. Your leadership will be central to developing sustainable security budgets and resourcing strategies that ensure capabilitiesremainstrong in the face of emerging threats.
This role demands exceptional communication skills and the ability to influence at the highest levels of government. You must be confident presenting complex security concepts to both technical and non technical audiences, including boards,ministersand cross government stakeholders. You will draw onsignificant experiencedelivering robust security strategies in complex organisations anddemonstratedeep knowledge of cyber threat landscapes, risk managementpracticesand modern security technologies.International relationships are a critical element of this role, so familiarity working with key allied governments would be valuable.
You should bringexpertisein securing cloud environments and emerging technologies within digital transformation programmes, alongside a strong understanding of regulatory compliance frameworks such as NIST, ISO27001, GDPR andGovS007. Professional certifications such as CISSP, CISM or CCISO are highly desirable. A proventrack recordin embedding a positive security culture, mentoring high performingteamsand managing supplier security will be critical to your success.
This is a unique opportunity to take on one of the most influential cyber security leadership roles in the UK. Protecting the nation's intelligence capabilities requires vision, strategicacumenand operational excellence. If you are ready to take on this challenge, and have the skills,integrityand commitment to safeguard national security, we invite you to join us in delivering a secure future for UK intelligence.
The role can be based in Cheltenham,Manchesteror London, with a regular presencerequiredin those locations. The ability to undertake occasional international travel is desirable.
Key Responsibilities
- Develop,maintainand articulate a clear understanding of the cyber and information security risks inherent across the whole organisationin order toprovide assurance to the UKIC Group Senior information risk owner (SIRO).
- Create and implement information security strategy which supports the organisation indeterminingthe right balance between the organisation's cyber and information security capabilities, acceptable level of risk and speed of technology progress.
- Ensure an effective cyber and information security governance framework that isintegrated with overall organisational governance.
- Define and track cybersecurity KPIs, producing regular executive andboard levelreports on security posture.
- Enable the organisation to innovate safely byadvisingsenior leadership on the potential risks and implications of major decisions thatimpactinformation security.
- Oversee the creation and implementation of relevant policies and standards which ensure effective information risk management.
- Identifyand deliver opportunities for improvement of the security operations functionto ensuretimelydetection and response to security incidents.
- Lead and mentor high performing information security professionals, fostering a culture of professional development.
- Play a leading role in multiple Technical and programme boards.
- Work closely with stakeholders from across the UK Intelligence Community to ensure an end-to-end approach to cyber security and ensure that cyber security is embedded at all levels.
Person Specification
Essential Criteria, qualifications and experience
- Exceptional communication skills, with the ability to present complex security concepts to both technical and non-technical stakeholders at all levels.
- Proven experience developing and implementing information security strategies and policies within a complex organisation.
- In-depth understanding of cybersecurity threats,technologiesand risk management practices.
- One or more professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or Certified Chief Information Security Officer (CCISO) are highly desirable.
- Deep understanding of cloud security.
- Experience leading an operational cyber security function, or the delivery of cyber security capabilities.
- Extensive knowledge of relevant public and private sector cyber security practice.
SCS Competency Framework
The role is broad and varied in scope, but particularly focused on the following SCS1 Behaviours (Level 5):
- Seeing the Big Picture
- Making Effective Decisions
- Driving Innovation and Change
- Providing Customer Value
How to apply
To apply, you will need to copy and paste the following into the relevant sections of the application form:
- a statement of suitability outlining how your personal skills, qualities and experiences demonstrate your suitability for the role. We ask that you structure your statement with a sub-heading for each of the essential criteria listed above and, below each, include evidence of how you meet that criterion.
- a CV setting out your career history, with key responsibilities and achievements. Please ensure you have provided reasons for any gaps within the last two years.
It is important that through your CV and supporting statement, you give evidence and examples of proven experience of each of the elements of the essential criteria.
Please note - the application form consists of two stages; an initial eligibility check, followed by a full application form. It is at the full application form stage that you will have the opportunity to input your suitability statement and CV information.
If you have any questions about the role and/or would like to discuss the role in more detail, please email emailprotected who will direct your enquiry appropriately.
What to expect
Our recruitment process is fair, transparent, and based on merit. Here is a brief overview of each stage, in order:
- Your application will be sifted to assess your evidence against the essential criteria above.
- If shortlisted . click apply for full job details