Chief Information Security Officer (CISO)

Government Digital Service

Apply before 11:55 pm on Sunday 2nd June 2024

 
Return to search results

Details

Reference number

351718

Salary

£75,000 - £117,800
Based on experience. This is a Senior Civil Service Pay Band SCS 1 role. Existing Civil Servants will be appointed in line with the Civil Service pay rules in place on the date of their appointment.

Job grade

SCS Pay Band 1

Contract type

Permanent

Type of role

Digital
Engineering
Information Technology
Security
Senior leadership

Working pattern

Flexible working, Full-time, Job share, Part-time, Compressed hours

Number of jobs available

1

Contents

Bristol, London, Manchester

Job summary

We're looking for an exceptional (CISO) to transform government services to make them radically easier and safer to use. Reporting to the CEO, this new CISO role will be tasked with making our in-house built digital products more secure and resilient from attack. This is likely to be achieved by building an in-house AppSec function to integrate security seamlessly into the software development lifecycle. They will also be tasked with building out and maturing our security governance and operations capability.

Job description

In this highly influential role, you will:

  • establish a small Application Security team comprised of deep technical specialists, with experience of building security into modern, cloud-based software products
  • build a Cyber Operations team who will create a body of standards, ways of working and tooling for the whole of GDS, as well as a robust approach to critical incident response
  • build a small team of Ethical Hackers (Red team) who will seek vulnerabilities across our services from the perspective of an attacker, then work in partnership with teams to prioritise and remediate them
  • establish a strong culture of strong information security, including establishing a “Security Champions” programme across GDS, using the best practice model adopted by many cloud organisations
  • develop a positive, inclusive and diverse team of professionals with a collaborative culture: success in this role depends on building a strong partnership with the dev teams
  • maintain close and productive relationships with relevant government agencies such as NCSC in order to anticipate emerging threats to the GDS
  • develop a more mature operating model in partnership with the central Cabinet Office cyber security team to ensure we are complying with internal controls
  • engage fully with the new Cyber Assessment Framework (similar to NIST) to ensure GDS is following published government best practices
  • oversee our hosting and infrastructure security strategy using technologies like AWS, Docker, Kubernetes, Lambda, and AWS EKS, ensuring robust security controls and measures
  • developing a clear risk profile and security strategy for our internal CI/CD and other tooling, as well as leading on ensuring we have the right security tooling
  • overseeing incident response and disaster recovery planning
  • leading on incident preparedness, including development of playbooks, incident response plans and game days
  • development of out of hours capability for cyber, ensuring there is expertise available to support on incidents
  • managing vendor relationships, alongside the CTO and delivery leaders

You'll enjoy a great deal of freedom in this role, along with excellent technology and a collaborative, supportive culture all focused on profoundly transforming outcomes for citizens. 

Person specification

You will:

  • have significant experience of embedding cyber security approaches within the software development life cycle
  • be an inclusive leader with an active interest in building safe, diverse and high performing teams
  • have an understanding of best practice for Governance, Risk and Compliance (GRC) within Information Security and risk management, which could include knowledge of relevant standards such as ISO/IEC 27001, PCI-DSS and NIST CSF. However the primary reference point for GDS will be the NCSC’s Cyber Assessment Framework
  • be up to date with, and current experience of, the security aspects of digitisation initiatives such as remote working and cloud migration
  • be able to demonstrate organisation wide influence and changes in attitudes towards information risk and cyber security, including at the most senior levels.
  • be well networked in the cyber security space eg with other CISO peers as well as relevant industry or government qualifications and institutional memberships
  • hold professional certifications and qualifications demonstrating managerial and technical competence within Cyber Security.  Aligned to professional standards defined by the UK Cyber Security Council

The benefits of working at GDS

There are many benefits of working at GDS, including:

  • flexible hybrid working with flexi-time and the option to work part-time or condensed hours
  • a Civil Service Pension with an average employer contribution of 27%
  • 25 days of annual leave, increasing by a day each year up to a maximum of 30 days
  • an extra day off for The King’s birthday
  • an in-year bonus scheme to recognise high performance
  • career progression and coaching, including a training budget for personal development
  • paid volunteering leave
  • a focus on wellbeing with access to an employee assistance programme
  • job satisfaction from making government services easier to use and more inclusive for people across the UK
  • advances on pay, including for travel season tickets
  • death in service benefits
  • cycle to work scheme and facilities
  • access to children's holiday play schemes across different locations in central London
  • access to an employee discounts scheme
  • 10 learning days per year
  • volunteering opportunities (5 special leave days per year)
  • access to a suite of learning activities through Civil Service learning

GDS offers hybrid working for all employees. This means that everyone does some working from home and also spends some time in their local office. You’ll agree to your hybrid working arrangement with your line manager in line with your preferences and business needs.

Any move to Government Digital Service from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk

Selection process details

There are three stages to the selection process.

  1. Application
  2. Informal (virtual) conversation with the leadership team
  3. An in-person final panel interview 

 Application

As part of your application, you’ll be asked to submit a CV demonstrating your previous work history. It is essential your CV meets the skills and experience listed in the person specification above. You will also need to answer one application question based on the person's specification.  

Application question

Tell us about your approach to embedding good security practice in mature digital product teams, touching on the balance between enforcing process and empowering engineers.

You are expected to answer the application question using a maximum of 500 words ( a standard A4 page, 12-point font size). Failure to submit your CV and complete the application question may result in your application being unsuccessful.

Informal (virtual) conversation with the leadership team 

To learn more about the role and GDS culture you’ll have an opportunity to speak to members of the leadership team prior to the panel interview. Please note these are informal discussions and are not part of the assessment process.

In-person panel interview 

Shortlisted candidates will be asked to attend a panel interview to have a more in-depth discussion of your previous experience and professional competence. Interviews will be held in person at an agreed location.

  1. Chair: Tom Read, CEO GDS
  2. Erin Robinson: Chief Operating Officer  
  3. Gaynor Francis: Senior Civil Servant and Specialist Digital Recruitment Lead

Recruitment timelines

Every effort will be made to keep to the timeline but where this is not possible dates and panel members are subject to change

Advert closes

2nd June 2024

Informal (virtual) leadership conversations

Week commencing 1st July 2024

Panel interview 

Week commencing 15th July 2024

How to apply

Odgers berndtson an executive search agency are assisting with this recruitment campaign. The preferred method of application is online at https://berwickpartners.co.uk/opportunities/assignment/90133/

If you are unable to apply online please email your application by no later than 23.59 on 2nd June 2024 to: alex.richardson@berwickpartners.co.uk  

Before submitting your application we recommend you review the candidate pack attached under the application section at the bottom of this advert for further information about the position and selection process.

In the Civil Service, we use Success Profiles to evaluate your skills and ability. This gives us the best possible chance of finding the right person for the job, increases performance and improves diversity and inclusivity. We’ll be assessing your technical abilities, skills, experience and behaviours that are relevant to this role.

For this role we’ll be assessing you against the following Civil Service Behaviours

  • working together
  • making effective decisions
  • leadership
  • managing a quality service
  • delivering at pace

Candidates that do not pass the interview but have demonstrated an acceptable standard may be considered for similar roles at a lower grade.

A reserve list will be held for a period of 12 months, from which further appointments can be made.

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service D&I Strategy.



Feedback will only be provided if you attend an interview or assessment.
This role has a minimum assignment duration of 3 years. An assignment duration is the period of time a Senior Civil Servant is expected to remain in the same post to enable them to deliver on the agreed key business outcomes. The assignment duration also supports your career through building your depth of expertise.

As part of accepting this role you will be agreeing to the expected assignment duration set out above. This will not result in a contractual change to your terms and conditions. Please note this is an expectation only, it is not something which is written into your terms and conditions or indeed which the employing organisation or you are bound by. It will depend on your personal circumstances at a particular time and business needs, for example, would not preclude any absence like family friendly leave. It is nonetheless an important expectation, which is why we ask you to confirm you agree to the assignment duration set out above.

Security

Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).

See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).
This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.
The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

  • Name : Alex.Richardson@berwickpartners.co.uk
  • Email : Alex.Richardson@berwickpartners.co.uk

Recruitment team

  • Email : Alex.Richardson@berwickpartners.co.uk

Further information

If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, you should contact gds-recruitment-complaints@digital.cabinet-office.gov.uk in the first instance.
If you are not satisfied with the response you receive you can contact the Civil Service Commission by email: info@csc.gov.uk Or in writing: Civil Service Commission, Room G/8 1 Horse Guards Road, London, SW1A 2HQ.

Attachments

90133_GDS_Chief_Information_Security_Officer_10th Opens in new window (pdf, 2953kB)

Share this page