Key skills
Cyber SecurityLeadershipCommunication
About this role
Role Overview
- Own and be accountable for the organisation’s overall security posture, ensuring alignment with business objectives and public sector expectations.
- Lead the implementation, maintenance, and continuous improvement of the ISMS in line with ISO/IEC 27001.
- Maintain Cyber Essentials Plus certification, ensuring ongoing compliance with technical controls.
- Develop and maintain the Security Management Plan, with a focus on resilience, availability, and service continuity.
- Provide regular assurance reporting to senior leadership and stakeholders.
- Own and maintain the Security Risk Register, ensuring risks are identified, assessed, and managed in line with organisational risk appetite.
- Conduct and support risk assessments, internal audits, and external certification activities.
- Ensure compliance with relevant UK regulatory and security requirements, including GDPR and guidance from the National Cyber Security Centre.
- Work with internal teams and suppliers to implement proportionate and effective security controls.
- Act as the primary point of contact for security incidents, leading or coordinating response activities.
- Take a hands-on role in incident investigation, root cause analysis, and remediation.
- Ensure that incident response processes are aligned to the operational needs of emergency service environments, including timely escalation and communication.
- Oversee vulnerability management, security testing, and remediation activities, engaging third parties where required (e.g., CHECK providers).
- Ensure security is embedded in the design and operation of services supporting emergency response.
- Work closely with operational and technical teams to maintain high levels of system availability and resilience.
- Support business continuity and disaster recovery planning, testing, and continuous improvement.
- Develop and deliver targeted security awareness and training programmes.
- Promote a strong security culture, ensuring all staff understand their responsibilities in protecting critical services.
- Act as a trusted advisor to senior leadership, operational teams, and external stakeholders.
- Support engagement with public sector customers, providing assurance on security controls and practices.
- Collaborate with suppliers and partners to ensure security requirements are met across the supply chain.
Requirements
- Proven experience in an information security role within a UK-based organisation, ideally supporting public sector or critical services.
- Practical experience with security monitoring and incident response tooling (SIEM/XDR)
- Strong working knowledge of ISO/IEC 27001 and experience maintaining an ISMS.
- Practical experience with Cyber Essentials / Cyber Essentials Plus certification.
- Experience managing security risks, incidents, audits, and compliance activities in operational environments.
- Ability to balance strategic leadership with hands-on delivery in a small organisation.
- Strong understanding of service resilience, availability, and risk in mission-critical systems.
- Excellent communication skills, with the ability to engage both technical and non-technical stakeholders.
Tech Stack
- Cyber Security
Benefits
- No specified benefits mentioned