Chief Information Security Officer (CISO) and Head of Corporate Security and Resilience

Job summary

The Independent Football Regulator (IFR) has been established to protect and promote the sustainability of English football, for the benefit of fans and the local communities football clubs serve.

The IFR will help improve financial sustainability of clubs, ensure resilience across the leagues, and safeguard the heritage of English football. It will operate a licensing regime; set corporate governance standards and monitor, protect, and promote financial resilience. It will also enforce compliance with requirements on financial regulation, club ownership and directors, fan engagement, and heritage protection.

The IFR will also have powers to prohibit clubs from joining competitions that are not fair or meritocratic, or that threaten the heritage or sustainability of English football.

Job description

This role provides strategic leadership and operational ownership of cyber security across the IFR, a small but high‑profile organisation. You will be responsible for developing, embedding and maturing a robust, proportionate cyber security and broader organisational security framework that protects the organisation’s people, data, systems and services.Responsibilities will include:

• Developing, embedding, maturing and leading the organisation’s cyber security strategy, governance, resilience and assurance activity.​
• Overseeing all aspects of cyber security operations, including incident response, threat monitoring, vulnerability management and security operations​
• Owning the wider organisational security framework, including physical security, information governance, data protection and resilience planning.​
• Setting clear security management expectations and embedding a strong, resilient and effective security awareness culture across a small but high‑profile organisation.​
• Ensuring compliance with relevant legislation, regulatory requirements and government security standards, including Government Functional Standard GovS 007: Security.​
• Providing authoritative advice to the CEO, COO, CDDO, ExCo and Board on emerging threats, risks and mitigations.​
• Implementing a formal cyber exercising and incident response programme; driving security and operational resilience.​
• Embedding secure‑by‑design principles across digital services, data platforms and operational processes.​
• Ensuring the cyber security framework aligns with the regulator’s digital and data roadmap.​
• Establishing ambitious and effective cyber maturity credentials; leading on assurance, penetration testing, risk assessments and audit readiness.​
• Implementing audit recommendations and ensuring timely remediation of identified risks.​
• Overseeing identity and access management, cloud security and supplier assurance.

Person specification

Essential Requirements

• Significant experience of operating effectively in cyber security leadership roles.​
• Extensive knowledge of cyber risk management, governance and assurance frameworks including: NCSC guidance, ISO 27001, Cyber Essentials Plus and NIST frameworks.​
• Strong understanding of data protection, privacy and information governance.​
• Proven experience managing security operations, incident response and threat intelligence.​
• Ability to oversee supplier risk and ensure robust third‑party assurance.​
• Experience driving measurable security improvements.​
• Experience leading cyber incidents, including response co-ordination and exercising.​
• Excellent communication skills, including briefing senior leadership and boards.​
• Eligibility for appropriate government security clearance.

Desirable Skills

• Experience working with or within regulators, sports bodies or government organisations.​
• Relevant professional certifications such as CISSP, CISM, CCSP or equivalent.​
• Understanding of AI‑related security risks and model assurance.​
• Knowledge of DevSecOps and secure software development practices.​
• Experience maturing a security function.​
• Familiarity with physical security, operational resilience and business continuity

Benefits

If successful you will join a Non Departmental Public Bodyand will be employed as a Public Servant. ​

​

If you are an existing Civil Servant or a DCMS employee you will no longer have access to Civil Service benefits including the Civil Service pension. ​

​

The terms and conditions of employment include:​

​

• Pension 12% An employee contribution of 5%, with an employer contribution of 7%. ​
• Flexible Benefit 8% Employees can choose to invest 8% of their base salary into their pension, or take as cash (post tax)​
• Reward we will have a performance based reward programme. ​
• 31.5 days annual leave​
• Flexible and hybrid working, 40% in office attendance​
• Occupational sick pay​
• 9 months paid Maternity Leave + generous paternity and adoption leave.​
• A bespoke L&D programme to help you achieve your personal CPD, including paid membership fees​
• Cycle-to-work scheme and much more!

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

​

To apply for this vacancy, you will need to submit the following documents which will assessed against experience.​

• A CV setting out your career history, with key responsibilities and achievements. Please ensure you provide employment history that relates to the essential and desirable criteria, and that any gaps in employment history within the last 2 years are explained. The CV should not exceed more than 2 x A4 pages.​
• A Statement of Suitability (max 750 words) explaining how you consider your personal skills, qualities and experience provide evidence of your suitability for the role in reference to the essential requirements highlighted. You may also choose to reference the desirable skills listed however these will not be considered in the assessment of your application except in circumstances where there are a high number and calibre of candidates. ​

For the shortlist, we will select applicants demonstrating the best fit for the role by considering the evidence provided in your application.​

In the event of a large number of applicants, an initial sift will be conducted on the statement of suitability. Those who are successful in the initial sift will then be scored on all elements of the application.​

For support in writing your application and interviewing, please refer to the ‘Application and Interview Guidance’ document attached to the job advert.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is counter-terrorist check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

Please note this Post is NOT regulated by the Civil Service Commission.The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : Joe Alford
• Email : Careers@footballregulator.org.uk

Recruitment team

• Email : recruitment@footballregulator.org.uk

Attachments

Chief Information Security Officer (CISO) and Head of Corporate Security and Resilience (1) Opens in new window (pdf, 474kB)