Technical Security Lead

Technical Security Lead

Full time / Flexible Working

Salary:          £42,593pa-£48,245pa, with potential for further progression to £54,317pa with our pay progression scheme. 

Location:       Hybrid 

Contracted to our Wilmslow, London, Edinburgh, Cardiff or Belfast office, however, we offer flexible home and office-based working opportunities. There will be times when you will be expected to attend the office to collaborate with colleagues or travel due to business need.  

Why work for the ICO? 

• Pay progression scheme.
• Hybrid and flexible working options.  
• 25 days paid holiday per year, plus privilege and public holidays. 
• Flexi leave (up to 26 additional days leave per year). 
• Pension (employer contribution around 28.9%). 
• Online discount scheme to save money at major supermarkets, retailers, gyms, restaurants, insurance providers and many more. 
• Health Cash Plan. 
• Fantastic development opportunities to learn and progress. 

Further details can be found on the benefits section of our website . 

Job summary

The ICO Cyber security team is expanding. This represents an exciting time to join the team, bringing your experience and capabilities as well as potential to learn and develop, in a high profile and dynamic environment. The Cyber Security team is part of our wider Digital, Data and Technology (DDaT) directorate, and ensures that we support the objectives of secure by design.

The Information Commissioner’s Office (ICO) is the independent regulator of information rights. In a data-driven world, we provide advice, guidance, and support to organisations enabling compliance with their obligations, as well as protecting individuals and their personal data. 

As an employer, we are passionate about making a positive difference to the lives and careers of our people, and we empower you to be curious, impactful, collaborative and respectful. 

Job description

This post is responsible for leading technical security delivery for the ICO linked to our obligations of the UK Government Cyber Security Strategy and based on the outcomes defined in Functional Standard “GovS 007 – Security”.

Focused on key areas of technical controls, Security by Design, security engagement for new development and system changes, staff education and ensuring the adherence to corporate policies, controls, and industry best practices.

You will lead and deliver technical security engagements across the ICO providing Security requirements, Advice and Guidance, technical leadership and oversight of security controls for all new developments, or technical changes to existing systems or services.

In collaboration with the wider Cyber Security team, the ICO Digital, Data and Technology product owners; you will review all areas of technical security and best practices, including ensuring our high value assets are secured and controlled in line with the corporate, business and technical risk appetites, and the production of security opinion reports on gaps, risks and mitigation recommendations.

You will also lead the delivery of secure by design, through the production, review and publishing of baseline security requirements aligned to relevant security frameworks and other guidance. e.g. NCSC CAF, NIST CSF, CSA CCM and Gov Functional Standards. Which will include providing technical security advice guidance and oversight to Technical Design Authority, Change Advisory Board and Data Protection Impact Assessment forums.

As part of the Cyber Security Team, you will provide technical expertise and practical experience to drive ICO processes, policies and education, and to deliver appropriate and proportionate direction, on technical security issues and challenges.

You will be cognisant of the threat landscape across the regulatory sector and at national levels; and that our technical controls for our key systems and assets are appropriately secured, assessed and monitored.

Supporting the creation and updating of technical baseline security requirements, for the core ICO services, will be a key delivery of the role.

Key responsibilities:

• Lead the delivery of secure by design principles and guidance
• Delivery of technical security requirements in collaboration with the wider DDaT and Cyber Security team.
• Align Project and change security governance with the relevant security frameworks
• Lead the delivery of security opinion reports providing specialist advice and technical leadership
• Technical security collaboration both internally to the ICO and with external partners

Person specification 

Essential criteria assessed at application stage:

• Experience relevant to the role requirements, as described in the role responsibilities and person specification, and accumulated through any combination of academic or vocational qualifications or experience
• Desirable: CISSP in good standing or equivalent proven level of experience. CCSP, CISM, CEH
• Minimum of 2 years’ experience in a similar role
• Experience of defining and refining security controls and standards
• Proven experience of implementing or reviewing technical security controls
• Cloud technical security knowledge & experience relating to the CSA-CCM Security Domains and controls objectives
• Strong knowledge of the Cloud shared responsibility security model
• Desirable: Experience in working in a public sector or highly regulated organisation.
• Track vulnerabilities in software, systems and networks
• Identify and assess cyber threats and cyber security risks, and recommend measures to manage them
• Design security controls, including those affecting the selection and development of systems
• Test and report on the security of an organisation’s systems and networks
• Brief and train non-cyber staff on cyber security awareness and safe practice
• Work with managers in other teams to ensure effective cyber security across the organisation
• Self-motivated and dynamic with the skills to identify issues and willingness to own remediations 

Essential criteria assessed during interview:

• Minimum of 2 years’ experience in a similar role
• Experience of defining and refining security controls and standards
• Proven experience of implementing or reviewing technical security controls
• Cloud technical security knowledge & experience relating to the CSA-CCM Security Domains and controls objectives
• Strong knowledge of the Cloud shared responsibility security model
• Desirable: Experience in working in a public sector or highly regulated organisation.
• Track vulnerabilities in software, systems and networks
• Identify and assess cyber threats and cyber security risks, and recommend measures to manage them
• Design security controls, including those affecting the selection and development of systems
• Test and report on the security of an organisation’s systems and networks
• Brief and train non-cyber staff on cyber security awareness and safe practice
• Work with managers in other teams to ensure effective cyber security across the organisation
• Self-motivated and dynamic with the skills to identify issues and willingness to own remediations 
• Excellent verbal, communication and interpersonal skills, with people at all levels.

Equality, diversity, and inclusion 

The ICO is committed to promoting and enhancing equality, diversity, and inclusion. We are focused on developing a workforce that is representative of the communities we serve and together we are building an inclusive workplace where all of our colleagues have the opportunity to make a real difference. We are championing this through our Equality Diversity and Inclusion Board together with a number of staff networks. Read more about our commitment on our website.  

Candidates with a disability who meet the minimum criteria for this vacancy will be invited to interview as part of the ICO’s commitment to the Disability Confident Scheme. 

If you are disabled or have an impairment and require an alternative application method, please email the HR team at recruitment@ico.org.uk

Closing Date 

Please submit your CV detailing your suitability to the role by 23:59, Friday 2nd May

We reserve the right to close this vacancy before this date should we receive sufficient applications. Please apply as soon as possible to ensure your application is considered.