Details Reference number Salary £96,981 - £130,000 You will receive a salary between £96,981 - £130,000 dependant on skills and experience plus a non-concessionary payment of £3030 (subject to security compliance) and London Pay Addition of £6250 if contracted to a London work location. The skills payment will be discussed and assessed at interview. GBP Job grade SCS Pay Band 1 Contract type Permanent Type of role Information Technology
Security Working pattern Full-time Number of jobs available 1 Contents
Location
About the job
Benefits
Things you need to know
Apply and further information
Location Cheltenham, London, Manchester About the job Job summary
About Us
GCHQ is the nation?s intelligence, cyber and security agency. We work to make the UK the safest place to live and work online; connect the national security community securely; and provide insights and counter threats through SIGINT and effects. Our people work closely with MI5 and MI6 as well as defence, international, and industry partners across a variety of locations, with major hubs in Cheltenham, London and Manchester as well as other sites in the UK and overseas. We live by the values of ingenuity, integrity, impact and teamwork as we work to keep the UK safe, resilient and prosperous in an uncertain world. A role with us means you will do unique and challenging work in a supportive environment, making a meaningful difference to national security.
Job Description
About the Role
The UK Intelligence Community (UKIC) is seeking an outstanding Chief Information Security Officer (CISO) to lead cyber security and information governance across some of the nation?s most sensitive missions. Accountable to the UKIC Infosec Director, this is one of the most high-profile technical leadership roles in government, shaping the strategic direction of information security to protect the UK against the most capable and persistent adversaries. The successful candidate will ensure operational resilience and secure innovation in support of national intelligence objectives, delivering results in a highly complex and rapidly evolving environment.
As CISO, you will work with colleagues to set and implement the organisation?s cyber and information security strategy, striking the right balance between capability, acceptable risk and technological progress. You will integrate security governance into a complex set of cross agency organisational decision-making, forums ensuring that information risks are managed effectively and proportionately, and that security is embedded at every level. This includes advising executive boards and senior leaders on the potential implications of major programmes, and guiding the organisations in safely embracing innovation and digital transformation.
You will be responsible for designing and leading the UKIC?s end-to-end risk management framework. This includes defining and tracking cybersecurity KPIs, producing regular reports for senior stakeholders, conducting organisation-wide risk assessments and overseeing vulnerability management to ensure compliance with relevant frameworks. You will be responsible for designing incident response and business continuity strategies and ensuring they are implemented by business areas. Your leadership will be central to developing sustainable security budgets and resourcing strategies that ensure capabilities remain strong in the face of emerging threats.
This role demands exceptional communication skills and the ability to influence at the highest levels of government. You must be confident presenting complex security concepts to both technical and non-technical audiences, including boards, ministers and cross-government stakeholders. You will draw on significant experience delivering robust security strategies in complex organisations and demonstrate deep knowledge of cyber threat landscapes, risk management practices and modern security technologies. International relationships are a critical element of this role, so familiarity working with key allied governments would be valuable.
You should bring expertise in securing cloud environments and emerging technologies within digital transformation programmes, alongside a strong understanding of regulatory compliance frameworks such as NIST, ISO 27001, GDPR and GovS 007. Professional certifications such as CISSP, CISM or CCISO are highly desirable. A proven track record in embedding a positive security culture, mentoring high-performing teams and managing supplier security will be critical to your success.
This is a unique opportunity to take on one of the most influential cyber security leadership roles in the UK. Protecting the nation?s intelligence capabilities requires vision, strategic acumen and operational excellence. If you are ready to take on this challenge, and have the skills, integrity and commitment to safeguard national security, we invite you to join us in delivering a secure future for UK intelligence.
The role can be based in Cheltenham, Manchester or London, with a regular presence required in those locations. The ability to undertake occasional international travel is desirable.
Key Responsibilities
Develop, maintain and articulate a clear understanding of the cyber and information security risks inherent across the whole organisation in order to provide assurance to the UKIC Group Senior information risk owner (SIRO).
Create and implement information security strategy which supports the organisation in determining the right balance between the organisation's cyber and information security capabilities, acceptable level of risk and speed of technology progress.
Ensure an effective cyber and information security governance framework that is integrated with overall organisational governance.
Define and track cybersecurity KPIs, producing regular executive and board level reports on security posture.
Enable the organisation to innovate safely by advising senior leadership on the potential risks and implications of major decisions that impact information security.
Oversee the creation and implementation of relevant policies and standards which ensure effective information risk management.
Identify and deliver opportunities for improvement of the security operations function to ensure timely detection and response to security incidents.
Lead and mentor high performing information security professionals, fostering a culture of professional development.
Play a leading role in multiple Technical and programme boards.
Work closely with stakeholders from across the UK Intelligence Community to ensure an end-to-end approach to cyber security and ensure that cyber security is embedded at all levels.
Person specification
Person Specification
Essential Criteria, Qualifications And Experience
Exceptional communication skills, with the ability to present complex security concepts to both technical and non-technical stakeholders at all levels.
Proven experience developing and implementing information security strategies and policies within a complex organisation.
In-depth understanding of cybersecurity threats, technologies and risk management practices.
One or more professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or Certified Chief Information Security Officer (CCISO).
Deep understanding of cloud security.
Experience leading an operational cyber security function, or the delivery of cyber security capabilities.
Extensive knowledge of relevant public and private sector cyber security practice.
Benefits
Rewards And Benefits
A range of benefits will be available to you, including the following:
25 Days Annual Leave automatically rising to 30 days after 5 years' service, and an additional 10.5 days public and privilege holidays
Opportunities to be recognised through our employee performance scheme
Interest-free season ticket loan
Excellent pension scheme
Cycle to work scheme
Facilities such as a gym, restaurant and on-site coffee bars (at some locations)
Paid parental and adoption leave
Things you need to know Artificial intelligence Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use. Selection process details
SCS Competency Framework
The role is broad and varied in scope, but particularly focused on the following SCS2 Behaviours (Level 5):
Customer Value
Effective Decisions
Innovation & Change
Seeing the Big Picture
We would expect all applicants to be leading inclusively.
How To Apply
To apply, you will need to copy and paste the following into the relevant sections of the application form:
a statement of suitability outlining how your personal skills, qualities and experiences demonstrate your suitability for the role. We ask that you structure your statement with a sub-heading for each of the essential criteria listed above and, below each, include evidence of how you meet that criterion.
a CV setting out your career history, with key responsibilities and achievements. Please ensure you have provided reasons for any gaps within the last two years.
It is important that through your CV and supporting statement, you give evidence and examples of proven experience of each of the elements of the essential criteria.
Please note ? the application form consists of two stages; an initial eligibility check, followed by a full application form. It is at the full application form stage that you will have the opportunity to input your suitability statement and CV information.
If you have any questions about the role and/or would like to discuss the role in more detail, please email who will direct your enquiry appropriately.
What To Expect
Our recruitment process is fair, transparent, and based on merit. Here is a brief overview of each stage, in order:
Your application will be sifted to assess your evidence against the essential criteria above.
If shortlisted, you will be invited to participate in a Staff Engagement Session with a small group of GCHQ staff. Full details of the assessment process will be made available to shortlisted candidates.
You will be invited to attend a panel interview, where your motivational fit, values, competency evidence and technical experience will be assessed.
Please note, your application may take around 6 - 9 months to process including vetting, so we advise you continue any current employment until you have received your final job offer. For secondees/transfers these timescales may be reduced, dependant on any currently held level of clearance.
Terms & Conditions
This role is open on transfer of employment to GCHQ from another agency if you are already part of the Civil Service.
You will receive a minimum salary of £96,981 plus a non-concessionary payment of £3030 (subject to security compliance) and London Pay Addition of £6250 if contracted to a London work location. The skills payment will be discussed at interview
Posting allowance and relocation package will not be included.
The role requires UK Intelligence Community Developed Vetting which includes validation checks, induction, and drug and alcohol tests.
This post may be subject to ministerial approval.
Equal Opportunities
At GCHQ, diversity and inclusion are critical to our mission. To protect the UK, we need a truly diverse workforce that reflects the society we serve. This includes diversity in every sense of the word: those with different backgrounds, ages, ethnicities, gender identities, sexual orientations, ways of thinking and those with disabilities or neurodivergent conditions. We therefore welcome and encourage applications from everyone, including those from groups that are under-represented in our workforce such as women, those from an ethnic minority background, people with disabilities and those from low socio-economic backgrounds.
Find out more about our culture, working environment and diversity on our website:
https://www. GCHQ - GCHQ /diversity-
We?re Disability Confident
About
GCHQ are proud to have achieved Leader status within the DWP?s Disability Confident scheme. This is aimed at encouraging employers to think differently about disability and take action to improve how they recruit, retain and develop disabled people. Being Disability Confident, we aim to offer a fair and proportionate number of person-to-person interviews to any candidate who self-identifies as disabled and meets the essential criteria for the role. This is our ?Offer of Interview? (OOI). To secure an interview for this vacancy, the criteria (in order of application process) are:
Meet the eligibility criteria
Meet the criteria set out as essential to the role
There is a wide range of extra support available throughout the recruitment process to enable you to do your best. See our website for information on the reasonable adjustments we can offer.
https://www. GCHQ -
Before You Apply
To work at GCHQ, you need to be a British citizen or hold dual British nationality. You can read our full eligibility criteria at the link below.
This role requires the highest security clearance, known as Developed Vetting (DV). It?s something everyone in the UK Intelligence Community undertakes. You can find out more about the vetting process at the link below.
https://www. GCHQ -
Please note we have a strict drugs policy, so once you start your application, you can?t take any recreational drugs and you?ll need to declare your previous drug usage at the relevant stage.
Before you apply, we advise you to consider setting up a separate email address for your contact with us, to ensure your personal and application correspondence remain separate. Try to avoid having identifying features in your email address, such as your first and/or surname and date of birth. This is good practice and will help you to manage your application with us more securely.
The role can be based in Cheltenham, London or Manchester, but the successful candidate would be expected to spend time in each of the three locations. Please consider any financial implications and practicalities associated with the location and travel require for the role before submitting an application, as we do not offer relocation costs.
Please note, you should only launch your application from within the UK. If you are based overseas, you should wait until you visit the UK to launch an application. Applying from outside the UK will impact on our ability to progress your application. You should not discuss your application, other than with your partner or a close family member.
Right To Withdraw Statement
Please be aware that we withhold the right to bring forward the closing date for this role from the original closing date once a certain number of applications have been received. Please be mindful of this and submit your application at your earliest convenience to avoid disappointment.
Feedback will only be provided if you attend an interview or assessment. This role has a minimum assignment duration of 3 years. An assignment duration is the period of time a Senior Civil Servant is expected to remain in the same post to enable them to deliver on the agreed key business outcomes. The assignment duration also supports your career through building your depth of expertise.
As part of accepting this role you will be agreeing to the expected assignment duration set out above. This will not result in a contractual change to your terms and conditions. Please note this is an expectation only, it is not something which is written into your terms and conditions or indeed which the employing organisation or you are bound by. It will depend on your personal circumstances at a particular time and business needs, for example, would not preclude any absence like family friendly leave. It is nonetheless an important expectation, which is why we ask you to confirm you agree to the assignment duration set out above. Security Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting .
Requirements
See our vetting charter. People working with government assets must complete baseline personnel security standard (opens in new window) checks. Nationality requirements Open to UK nationals only. Working for the Civil Service Please note this Post is NOT regulated by the Civil Service Commission. The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. Diversity and Inclusion The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service Diversity and Inclusion Strategy. Apply and further information Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records. Contact point for applicants Job contact :
Name :
Email :
Recruitment team
Email :
LNKD1_UKTJ