Search
Header navigation
Head of Cyber Security Operations and Governance

Head of Cyber Security Operations and Governance

remoteHybrid
ExpiresExpires: Expiring in less than 2 weeks
IT
Full time
£59,870 - £66,592 per year

Job summary

The purpose of this role is to:

  • Lead the organisation’s cyber security operations and governance function, ensuring that cyber security risks are identified, assessed, managed and reported in a clear, proportionate and effective way.
  • Provide leadership for cyber governance, operational security oversight, assurance activity, incident readiness, supplier assurance and secure-by-design practices across digital services and business operations.
  • Support the organisation in protecting its data, systems and services by aligning cyber security arrangements to government requirements, NCSC guidance, recognised standards, regulatory obligations and organisational risk appetite.
  • Provide clear, risk-based advice to senior leaders and governance forums, enabling informed decision-making, improved resilience and continual improvement in cyber security capability and assurance maturity.
  • Act as the functional lead for cyber security operations and governance, working through direct team leadership and wider matrix relationships across DDaT, assurance, delivery and supplier-facing teams.

This role requires strong cyber leadership, governance and assurance expertise. Deep technical specialism is not expected in every area, but the postholder must be able to provide credible leadership, oversight, and challenge across cyber security operations and governance.

Job description

The post holder will be responsible for the following:

  • Leading and developing the cyber security operations and governance function, ensuring that security activities, governance arrangements and assurance outputs support business objectives and reduce risk.
  • Defining, implementing and continually improving the cyber security operations and governance approach, aligned to government requirements, NCSC guidance, organisational priorities and secure-by-design principles.
  • Leading the organisation’s cyber governance arrangements, including policies, standards, procedures, guidance, risk management, exception handling and assurance reporting.
  • Overseeing cyber security operational processes, ensuring effective arrangements are in place for monitoring, incident coordination, vulnerability management, access governance, control oversight and service improvement.
  • Leading cyber assurance activity across the organisation, including second line assurance, control reviews, thematic reviews, support to audit activity and follow-up of improvement actions.
  • Ensuring that cyber security requirements are embedded across the lifecycle of products and services, from design and procurement through to deployment, operation, change and decommissioning.
  • Leading supplier and third-party cyber assurance activity, including security due diligence, proportionate control requirements, ongoing oversight and management of identified risks.
  • Maintaining alignment between cyber governance, risk management, assurance activity and wider organisational resilience arrangements, including business continuity and major incident processes.
  • Ensuring effective cyber incident readiness and response arrangements are maintained, tested and aligned to wider operational and organisational response processes.
  • Developing and maintaining meaningful cyber metrics, dashboards and reporting for senior leaders and governance forums, translating technical and assurance information into clear business risk and improvement priorities.
  • Advising senior leaders on cyber risk, assurance findings, control effectiveness, resilience and governance priorities, ensuring decisions are informed, proportionate and evidence-based.
  • Building effective relationships across digital, operational, commercial, legal, assurance and business teams to ensure cyber security is understood as a practical enabler of trusted service delivery.
  • Leading, coaching and developing cyber professionals, setting direction, building capability and driving a culture of accountability, collaboration and continual improvement.
  • Maintaining awareness of emerging threats, relevant technology developments, regulatory change and good practice across government and the wider cyber security profession, using this knowledge to strengthen the organisation’s approach.

Who we are

Acas exists to make working life better for everyone in Britain. We are the experts in workplace matters, we’re impartial, so we’re not on anyone’s side. That means we’re working for everyone to help prevent, manage and resolve workplace issues.

Acas helps employers and employees by providing information, advice, training, conciliation and other services that prevent, manage or resolve workplace problems.

Acas: Britain’s Workplace Experts

Acas has been recognised for its Diversity and Inclusion in the workplace from the Employers Network for Equality and Inclusion awards; it has been Disability Confident Highly Commended, a Pay Gap award winner, and an Overall winner for public sector organisations. Acas is committed to providing services and developing policies which embrace diversity, promote equality of opportunity and eliminate unlawful discrimination.

Person specification

Essential Experience criteria:

  • Strong senior cyber security leadership experience, spanning cyber operations, governance, assurance, risk management, control oversight and operational resilience in a large or complex organisation (Lead criterion).
  • Ability to design, implement and continually improve cyber security policies, standards, processes, operating models, governance arrangements and risk management processes aligned to organisational risk, government expectations, NCSC guidance, recognised frameworks, secure-by-design principles and assurance expectations (Lead criterion).
  • Experience of leading, overseeing and improving cyber security operations and assurance activity, including incident readiness and response, vulnerability management, access governance, monitoring, control effectiveness, control reviews, audit support, thematic assurance, measurable improvement actions and service improvement.
  • Experience of embedding secure-by-design principles into products, services, projects or technology change, leading supplier and third-party cyber assurance, and applying recognised cyber frameworks and good practice to strengthen governance, assurance, resilience and risk-based decision-making.
  • Ability to provide clear, practical and risk-based advice to senior stakeholders and governance forums; translate technical, assurance and operational findings into recommendations, prioritised actions, risk papers, dashboards and senior-level reporting; develop meaningful metrics and risk insight; lead, mentor and develop cyber professionals; work across technical and non-technical teams; and understand governance and risk considerations for emerging technologies, including AI-enabled services.

Desirable Criteria:

  • Knowledge of Cyber Assessment Framework (CAF), GovAssure and wider government assurance approaches.
  • Knowledge of ISO 27001, NIST CSF, Cyber Essentials and Zero Trust principles Awareness of AI governance concepts and frameworks such as ISO 42001 and NIST AI RMF.
  • Familiarity with security operations tooling and practices including SIEM, SOAR, EDR/XDR, vulnerability management, cloud security and identity security Experience.

Qualifications

Candidates must hold CISSP, CISM, CCSP or an equivalent senior cyber security qualification, ISO 27001 Lead Auditor, Lead Implementer or equivalent experience, and demonstrate senior leadership experience in cyber security, cyber governance, cyber assurance or cyber operations.

Behaviours

We'll assess you against these behaviours during the selection process:

  • Making Effective Decisions
  • Delivering at Pace

Benefits

Alongside your salary of £59,870, Advisory, Conciliation and Arbitration Service contributes £17,344 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides (opens in a new window).

We’re big believers in rewarding people for the amazing work they do. Take a look at some of the fantastic benefits we offer:

  • Learning and Development
  • Health and wellbeing
  • Pension scheme
  • Cycle to work scheme
  • Interest free season ticket loans
  • Volunteering opportunities

Could you ask for any more?

You’ll have access to a Lifestyle website where you’ll be able to grab savings on a wide range of products, from holidays to your weekly shop.

To find out more, check out: Working for Acas

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience.

How to apply

Please click on the 'Apply now' button.

As part of the application process, you will be asked to complete:

  • An evidence-based Personal Statement and CV reflecting the essential and Experience requirements, as listed in the Person Specification section of this advert. Your Personal Statement should be no longer than 1,250 words. It should avoid generalised assertions, instead including specific examples of achievements, explaining the degree of challenge, what you did and the outcomes.
  • A separate 250-word Statement reflecting the Desirable criteria. Desirable criteria will only be assessed in the event of a tie-breaker scenario at sift or interview.

Should a large number of applications be received, an initial sift may be conducted using the following Lead Criteria:

  • Strong senior cyber security leadership experience, spanning cyber operations, governance, assurance, risk management, control oversight and operational resilience in a large or complex organisation.
  • Ability to design, implement and continually improve cyber security policies, standards, processes, operating models, governance arrangements and risk management processes aligned to organisational risk, government expectations, NCSC guidance, recognised frameworks, secure-by-design principles and assurance expectations.

Candidates who pass the initial sift may be progressed to a full sift of all the above requirements or progressed straight to assessment/interview.

If a large number of applications meet the minimum standard an interview wait list may be created for this position. This means that if you have met the minimum requirements at sift you may be placed at a ‘Hold’ status for up to 12 months and if we are able to invite you to an interview we will be in touch.

Interview Details

If you have successfully passed sift at the application stage, you will be invited to an interview which will take place via Microsoft Teams, and which will take place from the week commencing 27 July 2026.

It will be a Behaviour and Experience based interview.

The following Behaviours will be assessed at Interview:

  • Making Effective Decisions
  • Delivering at Pace

The following Essential Experience criteria will be assessed at Interview:

  • Strong senior cyber security leadership experience, spanning cyber operations, governance, assurance, risk management, control oversight and operational resilience in a large or complex organisation.
  • Ability to design, implement and continually improve cyber security policies, standards, processes, operating models, governance arrangements and risk management processes aligned to organisational risk, government expectations, NCSC guidance, recognised frameworks, secure-by-design principles and assurance expectations.

A reserve list will be created for this position; this means that if you have passed the interview, but we cannot immediately offer you this position, you will be placed on a reserve list for 12 months and may be considered for similar positions during that time.

Reasonable Adjustments

As a Disability Confident Leader, Acas is committed to creating an inclusive recruitment process. If you have a disability and feel that any part of the recruitment process puts you at a disadvantage, we will work with you to make Reasonable Adjustments that support your needs. If you require any changes to help you apply:

  • Please contact the Acas Recruitment Team via HRrecruitment@acas.org.uk as soon as possible before the closing date to discuss your needs.
  • Please complete the “Assistance Required” section on the “Additional Requirements” page of your application form to let us know about any adjustments or support you may need during the recruitment process. For example, this might include accessibility arrangements for entering a building or interview room, communication support, modifications to assessment methods, etc.
  • You can find out more about the Disability Confident Scheme and Reasonable Adjustments by clicking these links.

Want to learn more about Civil Service recruitment? You can find out more on Civil Service Careers, including information on Success Profiles, writing a Personal Statement, acceptable use of Artificial Intelligence, and what to expect at Interview.

For applicants requiring a visa to work in the UK

Please be advised that Acas does not hold a UKVI Sponsorship Licence, so we cannot consider sponsoring a visa applicant or issuing a Certificate of Sponsorship.



Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Further information

If you feel your application has not been treated in accordance with the Code and you wish to make a complaint, you should contact us on HRRecruitment@acas.org.uk in the first instance. If you are not satisfied with the response you receive from us, you can contact the Civil Service Commission.

Attachments

Job Description - Head of Cyber Security Operations and Governance Opens in new window (docx, 47kB)

Salary range

  • £59,870 - £66,592 per year