Search
Header navigation
Chief Information Security Officer

Chief Information Security Officer

Surrey County Council
location11 Cockshot Hill, Reigate RH2 8EF, UK
remoteHybrid
ExpiresExpires: Expiring in less than 2 weeks
Full time
£70,975 - £78,002 per year

We are committed to the development of our workforce. This position is only available to applicants who already work for Surrey County Council. We thank you for your interest in our roles and would encourage you to review our vacancies which are open to all.

This role has a starting salary of £70,975 per annum, for working 36 hours per week.

We are excited to be recruiting a Chief Information Security Officer to join our fantastic team based at Woodhatch Place in Reigate. We offer a hybrid working model with a minimum of two office days per week.

Our Offer to You

  • 26 days’ holiday, rising to 28 days after 2 years' service and 31 days after 5 years’ service (prorated for part time staff)
  • Option to buy up to 10 days of additional annual leave
  • A generous local government salary related pension
  • Up to 5 days of carer’s leave and 2 paid volunteering days per year
  • Paternity, adoption and dependents leave
  • An Employee Assistance Programme (EAP) to support health and wellbeing
  • Learning and development hub where you can access a wealth of resources
  • Wellbeing and lifestyle discounts including gym, travel, and shopping
  • A chance to make a real difference to the lives of our residents.

About the Role

In this senior leadership role, you will own and drive cyber security strategy, governance and operational resilience across Surrey County Council’s complex hybrid environment. Your typical week will include:

  • Leading cyber risk management, governance forums and assurance activity across IT&D, ensuring risks are identified, assessed and clearly reported to senior stakeholders.
  • Overseeing incident preparedness and live response, including coordination with suppliers, IT operations and information governance.
  • Providing expert direction on security technologies, control effectiveness, logging/monitoring, and vulnerability management priorities.
  • Setting clear security expectations and driving cultural change across service owners, technical teams and leadership groups.
  • Developing and maintaining cyber policies, standards and evidence based reporting.

This is a hands-on leadership role where strategic thinking and operational decision-making are equally important. You will hold line management responsibility for the cyber security function, including analysts or virtual team members through matrix management, and provide leadership and direction across IT&D and supplier teams.

Within your first 12–18 months, you will be expected to lead or significantly contribute to:

  • Delivery of a refreshed cyber security strategy and multi year improvement roadmap
  • Establishment of strengthened cyber governance, including improved reporting, risk tracking and decision making structures
  • Implementation of a formal cyber exercising programme (tabletop and technical) across IT&D, information governance and key suppliers
  • Measurable improvements in vulnerability management, logging/monitoring coverage and supplier assurance
  • Significant uplift in incident response maturity, including documentation of playbooks, interfaces and recovery expectations.

This role is central to strengthening the resilience of essential public services. You will directly shape the council’s ability to manage and reduce cyber risk, influence technology and service design decisions, and embed a cyber aware culture across one of the UK’s largest local government environments. With a dedicated investment programme to drive security improvements, you will have a significant opportunity to transform how the organisation protects its people, data and systems.

Your Application

In order to be considered for shortlisting, your application will clearly evidence the following skills and align with our behaviours:

  • Significant senior cyber security leadership experience in a complex organisation
  • Strong capability to operate strategically and hands on, delivering measurable security improvements
  • Deep understanding of cyber risk management, governance and assurance frameworks
  • Proven experience leading cyber incidents, including response coordination and exercising
  • Excellent communication and stakeholder influence skills across technical and non technical groups
  • Familiarity with NCSC aligned approaches and/or frameworks such as NIST CSF
  • Relevant professional qualifications such as CISSP or CISM

To apply, we request that you submit a CV and you will be asked the following 4 questions:

  1. What steps would you take in your first few months to understand our cyber risks and priorities?
  2. Can you describe a complex cyber incident you have led, including how you coordinated the response and what improvements were implemented afterwards?
  3. How do you balance strategic cyber security planning with hands on delivery to ensure both long term resilience and quick, tactical gains?
  4. Which cyber security governance or risk management frameworks (e.g., NCSC CAF, NIST CSF) have you implemented, and how have they influenced decision making and assurance in your previous organisations?

Before submitting your application, we recommend you read the job description and our Life at Surrey handbook to get an insight into working at Surrey

Contact Us

Please contact us for any questions relating to the role. This could be to discuss flexible working requests, transferable skills or any barriers to employment.

For an informal discussion please contact Nafis Lodhi via email at nafis.lodhi@surreycc.gov.uk.

The job advert closes at 23:59 on 24/03/2026 with interviews planned shortly afterwards.

We look forward to receiving your application, please click on the apply online button below to submit.

Local Government Reorganisation (LGR)

Surrey County Council is undergoing Local Government Reorganisation, moving from a two-tier system to two new unitary councils in April 2027. If you are employed by Surrey on 1st April 2027, your role will transfer with current terms and conditions to one of the new organisations, supporting local devolution and greater powers for our communities.

Join our dynamic team and shape the future of local government. Make a lasting impact with innovative solutions and improved services for our community. Help us build a brighter future for our residents! Please see more information here: Information for applicants on Local Government Reorganisation - Surrey County Council

Our Commitment

We are a disability confident employer which means if you have shared a disability on your application form and have evidenced you meet the minimum criteria, we guarantee you an interview.

Your skills and experience truly matter to us. From application to your first day, we’re committed to supporting you with any adjustments you need, we value inclusion and warmly welcome you to join and help build a workplace where everyone be

    Salary range

    • £70,975 - £78,002 per year