
Chief Information Security Officer
Job summary
Home Office Digital designs, builds, and operates technology and services that underpin some of the UK’s most critical public services at scale. The Chief Information Security Officer (CISO) is responsible for setting the conditions and culture that protect information and services, enabling the Home Office to deliver its objectives safely and securely. The role is integral to the delivery of the Department’s mission, spanning everything from securing the border and managing immigration to issuing passports and preventing crime, supporting services that affect millions of people each year.
The Home Office Digital estate consists of more than 600 systems, enabling critical services such as:
- 13 million Electronic Travel Authorisations since launch
- 3 million visa applications annually
- 130 million border checks each year
- 7 million passport applications annually
- 140 million police checks on people, vehicles, and property
This role offers the opportunity to lead cyber resilience at scale across a complex and high-profile digital estate. You will lead Home Office Cyber Security, sponsor major cyber programmes, and provide authoritative advice to senior leaders and Ministers. You will also provide strategic leadership during major cyber incidents, working with partners across government to protect and recover critical services.
Reporting to the Chief Digital, Data and Technology Officer, you will provide the strategic direction and vision for all cyber security and resilience activities undertaken across the Home Office, simultaneously championing innovation and best practice. With a budget of c.£30M and around 200 personnel, the CISO is a leadership role of exceptional criticality and complexity, requiring strategic digital leadership experience at scale, and the ability to collaborate across government and industry.
As part of the Home Office Digital Senior Management Team, you will play a pivotal role in delivering the Home Office 2030 Digital Strategy, ensuring technology underpins national security and public trust as we continue to deliver across our missions. You will play a key role in embedding the Home Office approach to designing, building, and operating digital services. As the organisation continues its shift towards multi‑disciplinary teams and devolved decision‑making, you will ensure cyber security culture and controls are embedded across the organisation and throughout the full digital product lifecycle.
You will represent the Home Office on cross‑government cyber initiatives and forums, including work to deliver the Home Office contribution to the Government Cyber Action Plan (GCAP).
Job description
Key responsibilities:
The Chief Information Security Officer (CISO) is a senior technical and strategic leader, responsible for shaping and delivering the department’s cyber security function and wider technology delivery strategy. Providing strategic leadership, direction, and specialist expertise on cyber security for the Home Office and partners, including policing and arm’s length bodies. You will implement enterprise strategy, approach, and processes to reduce information security risks across the system and enable services to be delivered safely and effectively.
As CISO, you will set the department’s cyber security strategy, standards, and controls, and oversee the policies and assurance regimes that protect its information assets, services, and technologies. You will act as the department’s senior strategic adviser on cyber risk, including providing advice and briefings to Ministers, the Executive Committee, and Audit and Risk Committees.
As CISO, your main responsibilities are to:
- Set and drive a strategic vision for cyber security and resilience across the Home Office including the development and delivery of the Home Office Cyber Security Strategy and Operating Model
- Drive cross-government digital and cyber transformation in support of organisational and public interests
- Develop and maintain strategic relationships including engaging with Ministers on their personal cyber security, departmental cyber risk and cyber strategy.
- Provide authoritative advice and regular briefings on cyber risk to the Executive Committee (ExCo), the Audit and Risk Assurance Committee (ARAC), and Ministers, ensuring timely escalation and clear decision points.
- Bring thought leadership on emerging threats and technology trends, actively supporting the organisation to be prepared for digital change and new cyber challenges
- Provide strategic leadership for Home Office Cyber Security (HOCS), with accountability for cyber operations and second-line governance, risk, and assurance.
- Direct risk‑based cyber investment and intervention, ensuring resources are targeted at the most critical threats to national and departmental outcomes, including supply‑chain resilience.
Serve as Senior Responsible Owner (SRO) for major cyber programmes, delivering measurable improvements in capability, maturity, and outcomes.
- Set the conditions for a strong cyber security culture across the organisation, ensuring security is integral to the design, build, and operation of Digital services.
- Exercise financial, commercial, and supplier leadership over a £30m+ portfolio, ensuring strong stewardship, value for money, and effective contract and performance management.
- Lead the Home Office response to major and nationally significant cyber incidents, acting as Incident Director where required, coordinating with central government partners, Ministers, and COBR, and ensuring effective recovery of critical services.
- Lead and develop a team: Professional leadership and capability development. Provide professional leadership, mentoring and providing direction to the group, building organisational capability and high performance.
As cyber threats escalate, the Government and the Home Office are strengthening their approach to cyber resilience. The Government Cyber Action Plan (GCAP) introduces new mandatory expectations for departments, and the Home Office Digital First programme has placed cyber security at the heart of digital transformation.
This role will deliver a step change in cyber resilience, delivering an embedded, enterprise‑wide and professionally governed cyber operating model. As part of this transformation the role holder will be responsible for:
- Establishing and leading new cyber teams embedded across all Digital First platforms and product family groups, ensuring cyber risk management and resilience are integrated throughout the full product and service lifecycle.
- Creating a new enterprise cyber practice, overseen by a new PB1 Deputy Director, to coordinate cyber activity across the Home Office and to professionalise cyber recruitment, career pathways, workforce planning, training and development.
- Building a new cyber operations platform, overseen by a new PB1 Deputy Director, bringing together Security Operations Centre capability with enhanced cyber exercising, security testing, incident readiness, and attack surface management, aligned to the evolving threat.
- Developing and implementing a refreshed Home Office cyber security strategy, aligned to the Government Cyber Action Plan and wider cross‑government cyber priorities, and translating this into clear delivery plans, metrics, and assurance for senior leaders and Ministers.
- Strengthening cross‑government and external engagement, including with NCSC and other departments, to ensure the Home Office both meets its obligations and plays a leading role in improving cyber resilience across government.
Person specification
Essential Criteria:
The role requires a senior leader with the credibility and influence to lead a sizeable workforce, engage senior stakeholders, and build consensus across the department. Strong and confident communication skills are vital, with the ability to simplify complexity and inspire change. You will combine strategic vision with attention to detail, commercial acumen, and resilience under pressure, providing inclusive leadership to build and develop high‑performing teams.
Senior Cyber and Digital Leadership
Extensive experience providing strategic cyber security leadership in large, complex and highly regulated organisations, spanning legacy and modern digital environments.
Proven ability to translate complex technical and operational issues clearly for senior leaders, Ministers, and non‑specialist audiences.
Strategic Vision and Threat Anticipation
Knowledge of emerging technologies with a strong capability in horizon scanning and threat assessment, using insight into the evolving cyber threat landscape to set clear, risk‑based cyber security strategy and roadmaps aligned to organisational objectives.
Sound judgement in balancing opportunity, risk, and proportionate mitigation in fast‑paced and ambiguous environments.
Cyber Risk and Incident Leadership
Proven ability to lead cyber risk management across diverse, business-critical services, including setting standards, assurance regimes, and accountability frameworks.
Experience directing responses to significant cyber threats and incidents, balancing strategic oversight with effective operational decision‑making.
Programme Delivery and Operating at Scale
Experience leading large‑scale cyber programmes and portfolios, working across digital, finance, commercial, and workforce functions to deliver measurable outcomes.
Demonstrated leadership of large, dispersed teams with accountability for operational resilience, performance, and continuous improvement.
Evidence of managing significant budgets and applying innovative, highly strategic approaches to sourcing services and managing suppliers efficiently.
Transformational and Cross‑Boundary Leadership
Proven track record of leadership in driving and embedding organisational change, improving cyber maturity, operating models, and ways of working. Skilled in collaboration and with experience of influencing and delivering outcomes across technical and non-technical stakeholders.
Proven experience influencing cyber security policy, assurance, and practice beyond organisational boundaries, including across government and industry.
Inspirational Leadership
Ability to convey and embed a persuade future vision, inspiring confidence and commitment at all levels, and attracting, retaining, and developing diverse talent to create an inclusive, high-performing organisation.
Please Note:
You must either hold DV clearance or willing to obtain it before starting in the role.
Benefits
Alongside your salary of £150,000, Home Office contributes £43,455 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides (opens in a new window).- Learning and development tailored to your role
- An environment with flexible working options
- A culture encouraging inclusion and diversity
- A Civil Service pension with an employer contribution of 28.97%
Things you need to know
Artificial intelligence
Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.Selection process details
You will be asked to provide:
ACV– (max 2 pages) setting out your career history, highlighting specific responsibilities and achievements that are relevant for this role. Please provide reasons for any gaps within the last two years.
A Statement of Suitability– (1250 words) providing examples of how your experience meets the essential criteria. This is your opportunity to give examples and show how your skills and experience fit the job requirements.
When writing a supporting statement, it is important that you:
- Read the job specification so you are clear about the job requirements. Structure your personal statement to reflect the essential criteria listed in the advert.
- Make sure you provide evidence against each of the listed criteria - i.e. ‘experienced in leading high performing and diverse teams and promoting inclusivity.’ When have you led a team, how large, what did you do to promote inclusivity, how did you handle diversity?
- Ensure any evidence you provide demonstrates the impact of your actions in that situation, provide statistical evidence where relevant.
For more information on how to write a personal statement, click here.
Guidance on the use of AI
Please review the guidance Artificial intelligence and recruitment to understand the acceptable use of AI for your application.
Before you submit an application, we will ask you to confirm the information you provide is true and accurate. More details about this will be provided in the application form and we may reject applications where AI is used inappropriately at any stage of the process.
Feedback will only be provided if you attend an interview or assessment.This role has a minimum assignment duration of 3 years. An assignment duration is the period of time a Senior Civil Servant is expected to remain in the same post to enable them to deliver on the agreed key business outcomes. The assignment duration also supports your career through building your depth of expertise.
As part of accepting this role you will be agreeing to the expected assignment duration set out above. This will not result in a contractual change to your terms and conditions. Please note this is an expectation only, it is not something which is written into your terms and conditions or indeed which the employing organisation or you are bound by. It will depend on your personal circumstances at a particular time and business needs, for example, would not preclude any absence like family friendly leave. It is nonetheless an important expectation, which is why we ask you to confirm you agree to the assignment duration set out above.
Security
Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Nationality requirements
This job is broadly open to the following groups:
- UK nationals
- nationals of the Republic of Ireland
- nationals of Commonwealth countries who have the right to work in the UK
- nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
- nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
- individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
- Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.
Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).Apply and further information
This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.Contact point for applicants
Job contact :
- Name : SCS Recruitment Team
- Email : SCSRecruitment@homeoffice.gov.uk
Recruitment team
- Email : SCSRecruitment@homeoffice.gov.uk
Attachments
Chief Information Security Officer Candidate Pack - Final Version Opens in new window (pdf, 2350kB)Salary range
- £150,000 per year