Chief Information Security Officer (CISO)

at  Government Digital Service

JOB SUMMARY

We’re looking for an exceptional (CISO) to transform government services to make them radically easier and safer to use. Reporting to the CEO, this new CISO role will be tasked with making our in-house built digital products more secure and resilient from attack. This is likely to be achieved by building an in-house AppSec function to integrate security seamlessly into the software development lifecycle. They will also be tasked with building out and maturing our security governance and operations capability.

JOB DESCRIPTION

In this highly influential role, you will:

• establish a small Application Security team comprised of deep technical specialists, with experience of building security into modern, cloud-based software products
• build a Cyber Operations team who will create a body of standards, ways of working and tooling for the whole of GDS, as well as a robust approach to critical incident response
• build a small team of Ethical Hackers (Red team) who will seek vulnerabilities across our services from the perspective of an attacker, then work in partnership with teams to prioritise and remediate them
• establish a strong culture of strong information security, including establishing a “Security Champions” programme across GDS, using the best practice model adopted by many cloud organisations
• develop a positive, inclusive and diverse team of professionals with a collaborative culture: success in this role depends on building a strong partnership with the dev teams
• maintain close and productive relationships with relevant government agencies such as NCSC in order to anticipate emerging threats to the GDS
• develop a more mature operating model in partnership with the central Cabinet Office cyber security team to ensure we are complying with internal controls
• engage fully with the new Cyber Assessment Framework (similar to NIST) to ensure GDS is following published government best practices
• oversee our hosting and infrastructure security strategy using technologies like AWS, Docker, Kubernetes, Lambda, and AWS EKS, ensuring robust security controls and measures
• developing a clear risk profile and security strategy for our internal CI/CD and other tooling, as well as leading on ensuring we have the right security tooling
• overseeing incident response and disaster recovery planning
• leading on incident preparedness, including development of playbooks, incident response plans and game days
• development of out of hours capability for cyber, ensuring there is expertise available to support on incidents
• managing vendor relationships, alongside the CTO and delivery leaders

You’ll enjoy a great deal of freedom in this role, along with excellent technology and a collaborative, supportive culture all focused on profoundly transforming outcomes for citizens.

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

TYPE OF ROLE

Digital
Engineering
Information Technology
Security
Senior leadership

In this highly influential role, you will:

• establish a small Application Security team comprised of deep technical specialists, with experience of building security into modern, cloud-based software products
• build a Cyber Operations team who will create a body of standards, ways of working and tooling for the whole of GDS, as well as a robust approach to critical incident response
• build a small team of Ethical Hackers (Red team) who will seek vulnerabilities across our services from the perspective of an attacker, then work in partnership with teams to prioritise and remediate them
• establish a strong culture of strong information security, including establishing a “Security Champions” programme across GDS, using the best practice model adopted by many cloud organisations
• develop a positive, inclusive and diverse team of professionals with a collaborative culture: success in this role depends on building a strong partnership with the dev teams
• maintain close and productive relationships with relevant government agencies such as NCSC in order to anticipate emerging threats to the GDS
• develop a more mature operating model in partnership with the central Cabinet Office cyber security team to ensure we are complying with internal controls
• engage fully with the new Cyber Assessment Framework (similar to NIST) to ensure GDS is following published government best practices
• oversee our hosting and infrastructure security strategy using technologies like AWS, Docker, Kubernetes, Lambda, and AWS EKS, ensuring robust security controls and measures
• developing a clear risk profile and security strategy for our internal CI/CD and other tooling, as well as leading on ensuring we have the right security tooling
• overseeing incident response and disaster recovery planning
• leading on incident preparedness, including development of playbooks, incident response plans and game days
• development of out of hours capability for cyber, ensuring there is expertise available to support on incidents
• managing vendor relationships, alongside the CTO and delivery leader

For this role we’ll be assessing you against the following Civil Service Behaviours:

• working together
• making effective decisions
• leadership
• managing a quality service
• delivering at pac