Chief Information Security Officer (CISO)

Chief Information Security Officer (CISO)

Contract Term: 3 Months (Possible extension)

Contracting Authority: Companies House

Location: Hybrid working, Occasional travel to Cardiff

Companies House is an executive agency of the Department for Business, Energy and Industrial Strategy (BEIS). Our role is to drive confidence in the UK economy by being the most innovative, open and trusted register in the world. We provide corporate transparency, combat economic crime using analysis and intelligence and make the public register available online, free of charge. Using the trusted data on the register allows individuals and businesses to make effective decisions about engaging with a company, as well as supporting industries such as credit reference agencies.

This role will lead the cyber security function and have responsibility for cyber security strategy, operations and assurance, so that Companies House remains ahead of changes to best practice or emerging threats. You will need to be able to build and maintain an effective network of peers across other Government departments to share best practice and learning.

As a Chief Information Security Officer (CISO) your main responsibilities would be: 

• Shaping the Companies House cyber security policy, processes and improvement programme Leading the creation and implementation of an effective cyber security strategy.  Ensuring a framework for regular information & cyber risk assessments and reporting on ways to minimise threats and vulnerabilities Working to continuously embed security across the whole organisation, and supporting a delivery approach that ensures our service improvements comply with the relevant, current security standards and protocols, without reducing the pace of delivery. Horizon scanning and providing thought leadership on the latest Cybersecurity innovations. Ensuring effective monitoring and reporting is present across all business areas to manage cyber security vulnerabilities and threats Working closely with the National Cyber Security Centre (NCSC) and BEIS Security groups. Managing the security relationship with key suppliers as part of Commercial activity, to ensure that contracts with suppliers are structured such that they are held accountable for having the dependent security in place. Managing and holding the suppliers to account during delivery for their security policies and practises which could impact our security performance and so minimise the risk on Companies House.  Implementing an effective approach for the reporting and management of security incidents. Conducting a continuous assessment of current cybersecurity practices and systems and identifying areas for improvement.

You’ll have relevant experience in:

• Experienced and comfortable working at board / executive levels to contribute and influence organisational activities to effectively meet cyber security obligations  Experienced in driving and delivering first-class information & cyber security solutions. Establish effective reporting and assurance methods to demonstrate compliance with the cybersecurity strategy. Have led the definition of effective strategy and been responsible for its collaborative delivery. Proven experience and success in stakeholder/relationship management. A passion for technology and security safeguarding with a desire to deliver. Thrives on change, showing an impressive ability to drive the cyber strategy forward. Strong understanding and experience applying, one or more security industry frameworks (E.g. ISO27001, NIST).

Must hold active SC Clearance