The National Physical Laboratory is wholly owned by the Department for Science, Innovation and Technology (DSIT) and as such we are challenged to maximise our impact for the security, resilience, and prosperity of the UK. In particular (but not limited to) we research the emerging technologies in Quantum, AI, Engineering Biology, Telecommunications, Semiconductors and Green Technologies, and in many cases the combination of many of these as they advance.
The Cyber Security and Assurance team within NPL’s Chief Information Officer’s Office is the team responsible for monitoring, analysing and responding to threats to NPL’s unique Information Technology estate.
NPL faces a growing challenge in the Cyber Security space. Whilst some areas of the organisation are part of the UK’s critical national infrastructure and are therefore exemplars of the best in modern cyber security other, longer standing functions and operations of NPL’s 125-year-old operating lifespan, need the attention of a pragmatic and broadly experienced cyber security professional to help lift the organisation up to modern security standards. The ideal individual will have a pragmatic and organised approach to take NPL on the journey to become an exemplar of modern security practice and a sensible risk based cyber posture. The desired outcome is a harmonisation of the approach to Cyber Security across the whole organisation.
As the Head of Cyber Security & Assurance, reporting directly into NPL’s Chief Information Officer and a key member of the CIO’s Senior Leadership Team, you will act as NPL’s Chief Information Security Officer (CISO). You will lead our response to the rapidly evolving cyber security threat and shape our continuing investment in cyber security to support the needs of our customers. You will be advising at the most senior levels of the organisation on cyber security risks and strategic response.
You will also be able to fulfil an assurance role, ensuring that NPL adopts the most relevant and appropriate standards and certifications such as ISO:27001 and NCSC’s Cyber Assurance Framework certification.
This role will be based at the NPL’s Head Office in Teddington.

You will:

• Act as the Chief Information Security Officer (CISO) for NPL providing strategic oversight of information, cyber and technology security, reporting directly to the Chief Information Officer.
• Provide leadership to NPL’s growing investment in the Cyber Security function, building a highly motivated, customer focused and performing teams that can support the breadth of NPL’s customers.
• Define, develop and deliver the Information Security Strategy across the organisation including NPL’s role in resilient national infrastructure ensuring engagement with the NPL Executive and Board.
• Identify changing threat models and vulnerabilities, implementing appropriate risk-based responses where required.
• Harden our systems and protect our people, information and technologies. Think big picture about organizational risk based on mission objectives and a calibrated understanding of existing and potential attacks.
• Develop, implement and maintain our internal IT & security program and drive high leverage initiatives in corporate IT, infrastructure and strategic cyber physical security interests.
• Develop, exercise, and lead incident response plans and processes. Work with existing government security functions to monitor for and respond to immediate threats, data breaches, and security incidents.
• Develop, implement and maintain information security policies for sharing commercially sensitive information. Develop access controls and information protection systems to implement said policies
• Coordinate external security consultants, services, and vendors

We actively recruit citizens of all backgrounds, but the nature of our work in this specific area means that nationality, residency and security requirements are more tightly defined than others. To work in this role, you will need to have a minimum of SC clearance with no restrictions or be willing to apply for and obtain SC clearance.

Longer term the role may require DV clearance and you must be willing to undertake the process necessary to obtain this level of clearance if required.

• Significant Cyber Security / CISO level experience including information security, business management, risk management, cyber security strategy, technologies and best practices alongside practical experience of securing relevant organisational relevant security and information standards certifications.
• Strong communication and influencing skills at operational and leadership levels.
• Leading and managing a team of security and information risk professionals effectively.
• Developing and implementing security policies, procedures, and standards.
• Security Clearance, and Professional certification such as CCISO (Certified Chief Information Security Officer), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC).
• Stakeholder Management to C-level and Board members.
• Change Management - business change and technology change and strong project management skills to oversee security initiatives and ensure their timely completion.
• Budgeting and resource allocation
• Coaching and Mentoring.

Please note: Applications will be reviewed, and interviews conducted throughout the duration of this advert therefore we may at any time bring the closing date forward. We encourage all interested applicants to apply as soon as practical.
The National Physical Laboratory (NPL) is a world-leading centre of excellence that provides cutting-edge measurement science, engineering and technology to underpin prosperity and quality of life in the UK. Find out more about what it is like working here - The measure of us - Overview
NPL and DSIT have strong commitments to diversity and equality of opportunity, and welcome applications from candidates irrespective of their background, gender, race, sexual orientation, religion, or age, providing they meet the required criteria. Applications from women, disabled and black, Asian and minority ethnic candidates in particular are encouraged. All disabled candidates (as defined by the Equality Act 2010) who satisfy the minimum criteria for the role will be guaranteed an interview under the Disability Confident Scheme.
At NPL, we believe our success is a result of the diversity and talent of our people. We strive to nurture and respect individuals to ensure everyone feels valued by treating everyone on the basis of their own individual merits and abilities regardless of their own or perceived identity, as part of our commitment to diversity & inclusion, we ensure we’re creating an environment where all our colleagues feel supported and welcome. More about this on our Diversity & Inclusion page.
We are committed to the health and well-being of our employees. Flexible working and social activities are embedded in our culture to create a positive work-life balance, along with a broad range of rewards, benefits and recognition. Our values are at the heart of what we do, and they shape the way we interact, develop our people and celebrate success. To ensure everyone has an equal chance, we’re always willing to make reasonable adjustments to the recruitment process. If you would like to discuss, please contact us

• Significant Cyber Security / CISO level experience including information security, business management, risk management, cyber security strategy, technologies and best practices alongside practical experience of securing relevant organisational relevant security and information standards certifications.
• Strong communication and influencing skills at operational and leadership levels.
• Leading and managing a team of security and information risk professionals effectively.
• Developing and implementing security policies, procedures, and standards.
• Security Clearance, and Professional certification such as CCISO (Certified Chief Information Security Officer), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC).
• Stakeholder Management to C-level and Board members.
• Change Management - business change and technology change and strong project management skills to oversee security initiatives and ensure their timely completion.
• Budgeting and resource allocation
• Coaching and Mentoring