Chief Information Security Officer - Home Office - SCS2
Location
Croydon, London, Manchester, Sheffield
About the job
Job summary
Home Office Digital designs, builds, and operates technology and services that underpin some of the UK’s most critical public services at scale. The Chief Information Security Officer (CISO) is responsible for setting the conditions and culture that protect information and services, enabling the Home Office to deliver its objectives safely and securely. The role is integral to the delivery of the Department’s mission, spanning everything from securing the border and managing immigration to issuing passports and preventing crime, supporting services that affect millions of people each year.
The Home Office Digital estate consists of more than 600 systems, enabling critical services such as:
- 13 million Electronic Travel Authorisations since launch
- 3 million visa applications annually
- 130 million border checks each year
- 7 million passport applications annually
- 140 million police checks on people, vehicles, and property
This role offers the opportunity to lead cyber resilience at scale across a complex and high-profile digital estate. You will lead Home Office Cyber Security, sponsor major cyber programmes, and provide authoritative advice to senior leaders and Ministers. You will also provide strategic leadership during major cyber incidents, working with partners across government to protect and recover critical services.
Reporting to the Chief Digital, Data and Technology Officer, you will provide the strategic direction and vision for all cyber security and resilience activities undertaken across the Home Office, simultaneously championing innovation and best practice. With a budget of c.£30M and around 200 personnel, the CISO is a leadership role of exceptional criticality and complexity, requiring strategic digital leadership experience at scale, and the ability to collaborate across government and industry.
As part of the Home Office Digital Senior Management Team, you will play a pivotal role in delivering the Home Office 2030 Digital Strategy, ensuring technology underpins national security and public trust as we continue to deliver across our missions. You will play a key role in embedding the Home Office approach to designing, building, and operating digital services. As the organisation continues its shift towards multi‑disciplinary teams and devolved decision‑making, you will ensure cyber security culture and controls are embedded across the organisation and throughout the full digital product lifecycle.
You will represent the Home Office on cross‑government cyber initiatives and forums, including work to deliver the Home Office contribution to the Government Cyber Action Plan (GCAP).
Job description
Key responsibilities:
The Chief Information Security Officer (CISO) is a senior technical and strategic leader, responsible for shaping and delivering the department’s cyber security function and wider technology delivery strategy. Providing strategic leadership, direction, and specialist expertise on cyber security for the Home Office and partners, including policing and arm’s length bodies. You will implement enterprise strategy, approach, and processes to reduce information security risks across the system and enable services to be delivered safely and effectively.
As CISO, you will set the department’s cyber security strategy, standards, and controls, and oversee the policies and assurance regimes that protect its information assets, services, and technologies. You will act as the department’s senior strategic adviser on cyber risk, including providing advice and briefings to Ministers, the Executive Committee, and Audit and Risk Committees.
As CISO, your main responsibilities are to:
- Set and drive a strategic vision for cyber security and resilience across the Home Office including the development and delivery of the Home Office Cyber Security Strategy and Operating Model
- Drive cross-government digital and cyber transformation in support of organisational and public interests
- Develop and maintain strategic relationships including engaging with Ministers on their personal cyber security, departmental cyber risk and cyber strategy.
- Provide authoritative advice and regular briefings on cyber risk to the Executive Committee (ExCo), the Audit and Risk Assurance Committee (ARAC), and Ministers, ensuring timely escalation and clear decision points.
- Bring thought leadership on emerging threats and technology trends, actively supporting the organisation to be prepared for digital change and new cyber challenges
- Provide strategic leadership for Home Office Cyber Security (HOCS), with accountability for cyber operations and second-line governance, risk, and assurance.
- Direct risk‑based cyber investment and intervention, ensuring resources are targeted at the most critical threats to national and departmental outcomes, including supply‑chain resilience.
Serve as Senior Responsible Owner (SRO) for major cyber programmes, delivering measurable improvements in capability, maturity, and outcomes.
- Set the conditions for a strong cyber security culture across the organisation, ensuring security is integral to the design, build, and operation of Digital services.
- Exercise financial, commercial, and supplier leadership over a £30m+ portfolio, ensuring strong stewardship, value for money, and effective contract and performance management.
- Lead the Home Office response to major and nationally significant cyber incidents, acting as Incident Director where required, coordinating with central government partners, Ministers, and COBR, and ensuring effective recovery of critical services.
- Lead and develop a team: Professional leadership and capability development. Provide professional leadership, mentoring and providing direction to the group, building organisational capability and high performance.
As cyber threats escalate, the Government and the Home Office are strengthening their approach to cyber resilience. The Government Cyber Action Plan (GCAP) introduces new mandatory expectations for departments, and the Home Office Digital First programme has placed cyber security at the heart of digital transformation.
This role will deliver a step change in cyber resilience, delivering an embedded, enterprise‑wide and professionally governed cyber operating model. As part of this transformation the role holder will be responsible for:
- Establishing and leading new cyber teams embedded across all Digital First platforms and product family groups, ensuring cyber risk management and resilience are integrated throughout the full product and service lifecycle.
- Creating a new enterprise cyber practice, overseen by a new PB1 Deputy Director, to coordinate cyber activity across the Home Office and to professionalise cyber recruitment, career pathways, workforce planning, training and development.
- Building a new cyber operations platform, overseen by a new PB1 Deputy Director, bringing together Security Operations Centre capability with enhanced cyber exercising, security testing, incident readiness, and attack surface management, aligned to the evolving threat.
- Developing and implementing a refreshed Home Office cyber security strategy, aligned to the Government Cyber Action Plan and wider cross‑government cyber priorities, and translating this into clear delivery plans, metrics, and assurance for senior leaders and Ministers.
- Strengthening cross‑government and external engagement, including with NCSC and other departments, to ensure the Home Office both meets its obligations and plays a leading role in improving cyber resilience across government.
Person specification
Essential Criteria:
The role requires a senior leader with the credibility and influence to lead a sizeable workforce, engage senior stakeholders, and build consensus across the department. Strong and confident communication skills are vital, with the ability to simplify complexity and inspire change. You will combine strategic vision with attention to detail, commercial acumen, and resilience under pressure, providing inclusive leadership to build and develop high‑performing teams.
Senior Cyber and Digital Leadership
Extensive experience providing strategic cyber security leadership in large, complex and highly regulated organisations, spanning legacy and modern digital environments.
Proven ability to translate complex technical and operational issues clearly for senior leaders, Ministers, and non‑specialist audiences.
Strategic Vision and Threat Anticipation
Knowledge of emerging technologies with a strong capability in horizon scanning and threat assessment, using insight into the evolving cyber threat landscape to set clear, risk‑based cyber security strategy and roadmaps aligned to organisational objectives.
Sound judgement in balancing opportunity, risk, and proportionate mitigation in fast‑paced and ambiguous environments.
Cyber Risk and Incident Leadership
Proven ability to lead cyber risk management across diverse, business-critical services, including setting standards, assurance regimes, and accountability frameworks.
Experience directing responses to significant cyber threats and incidents, balancing strategic oversight with effective operational decision‑making.
Programme Delivery and Operating at Scale
Experience leading large‑scale cyber programmes and portfolios, working across digital, finance, commercial, and workforce functions to deliver measurable outcomes.
Demonstrated leadership of large, dispersed teams with accountability for operational resilience, performance, and continuous improvement.
Evidence of managing significant budgets and applying innovative, highly strategic approaches to sourcing services and managing suppliers efficiently.
Transformational and Cross‑Boundary Leadership
Proven track record of leadership in driving and embedding organisational change, improving cyber maturity, operating models, and ways of working. Skilled in collaboration and with experience of influencing and delivering outcomes across technical and non-technical stakeholders.
Proven experience influencing cyber security policy, assurance, and practice beyond organisational boundaries, including across government and industry.
Inspirational Leadership
Ability to convey and embed a persuade future vision, inspiring confidence and commitment at all levels, and attracting, retaining, and developing diverse talent to create an inclusive, high-performing organisation.
Please Note:
You must either hold DV clearance or willing to obtain it before starting in the role.


