Location:
UK-based, Hybrid (Remote WFH / Milton Keynes, Buckinghamshire)
Expected Start Date:
20 November 2025
Contract:
12 months
Reporting To:
CEO / COO / Board of Directors
About the Role
Wolf & Oak is seeking an experienced
Chief Information Security Officer (CISO)
to join our team and provide independent assurance and expert guidance to a leading client undergoing a complex, multi-year transformation programme with national impact.
This is a
greenfield opportunity
to shape and oversee the information security strategy for a major digital and operational change initiative, embedding the highest standards of cyber and information security throughout its lifecycle.
Key Responsibilities
Strategy & Leadership
* Develop and deliver a comprehensive security assurance strategy aligned to transformation objectives and the UK regulatory landscape.
* Establish governance frameworks (policies, standards, procedures) aligned with ISO 27001, NIST CSF, and other relevant standards.
* Provide regular, independent assurance to executive and programme boards on security posture, risks, and KPIs.
* Act as a trusted adviser to Wolf & Oak and client leadership, balancing risk with digital innovation.
* Work collaboratively across multidisciplinary teams to embed security in all workstreams.
Security Operations & Risk Management
* Design and oversee the security operating model, leveraging in-house and managed services.
* Establish robust processes for threat detection, incident response, crisis management, and business continuity.
* Conduct regular risk assessments and maintain the cyber risk register.
* Define vendor security standards and manage third-party and supply chain assurance.
* Lead security incident response and regulatory engagement where required.
Architecture, Privacy & Secure by Design
* Champion security and privacy by design across all initiatives, ensuring compliance with UK GDPR and relevant data protection laws.
* Oversee secure adoption of cloud platforms, digital infrastructure, and enterprise applications.
* Implement standards for IAM, data protection, endpoint security, vulnerability management, and incident response.
Culture, Awareness & Training
* Launch and continuously improve security awareness and training programmes.
* Drive cultural change, embedding security and privacy across all levels of the transformation.
* Partner with business leaders to support secure digital innovation.
Performance & Assurance
* Define, track, and report on security KPIs and metrics to demonstrate progress and value.
* Drive continuous improvement through reviews, audits, and lessons learned.
Key Skills & Competencies
* Proven track record delivering security assurance in large, complex transformation programmes.
* Strong knowledge of security frameworks, UK/EU regulations, and programme risk.
* Experience working with UK regulators (e.g., ICO, FCA), including compliance and reporting.
* Excellent communication skills with both technical and non-technical stakeholders.
* Collaborative leadership style with the ability to balance risk and innovation.
* Demonstrated crisis management and public trust experience.
Qualifications & Experience
* 10+ years in senior IT/security leadership, with at least 5 in a CISO or equivalent assurance role.
* Demonstrated experience establishing security governance and operational models from scratch.
* Degree in Information Security, Computer Science, or equivalent experience.
* Relevant certifications preferred (e.g., CISSP, CISM, CISA, ISO 27001 Lead Implementer).
* Experience in cloud-first, data-driven, and digital service environments is an advantage.