About us

The ICO has always had cyber security at the heart of what it does, and the skills and capabilities have existed in the areas that require them. As the ICO grows, and has done considerably over the past four years, there is a clear need to establish a centre of excellent focussing on our regulatory approach to cyber security. The ICO is looking to recruit a team of experts into this newly established Cyber Security Directorate.

​

The work of the Cyber security Directorate will have a prime focus on the contested / downstream investigations environment. It will also focus outwardly to Government and Industry concentrating on all aspects of cyber security relating to regulation, best practice, compliance and audit. The members of the team will be highly knowledgeable in their specialised areas of cyber security and will be able to provide expert witness testimony when required.

​

The team will work closely with colleagues in the National Cyber Security Centre (NCSC), the Department of Digital, Culture, Media & Sport (DCMS) and National Crime Agency (NCA). There is a compelling agenda of providing complimentary and synchronised advice and guidance for all associated bodies. The Cyber Security Directorate will act as a leader in this area to promote good practice to all industry.

​

The ICO has responsibilities under the General Data Protection Regulations (GDPR), which place legal obligations on most companies and organisations to protect data.

​

The ICO has responsibilities under the Network and Information Systems (NIS) Regulations, which place legal obligations on providers to protect UK critical services. Under NIS, the ICO regulates companies in the “Relevant Digital Service Providers” (RDSP) subsector. There are a range of powers that the ICO can use to enforce NIS, including issuing fines of up to £17 million in the most serious cases. This is an area of growth in terms of regulation and the scope will soon increase to include Managed Service Providers.

​

The Cyber Security Directorate has a three year plan to raise the technical profile of the ICO within Government and Industry in Cyber Security. Developing strategies to provide best practice and guidance and also policy amendment, working with external communications and stakeholders to get the best penetration of key advice into Government and Industry.

​

The team will provide technical advice and guidance on some of our biggest and highest profile investigations, technology and innovation, and assurance. Having this deep cyber security capability within the ICO will be critical to the successful regulation of Cyber Security related to the protection of information.

​

The new Directorate will for a strategic plan for the ICO to develop the following work:

​

• A Cyber Assurance Framework for the NIS Regulations

• Continuous development of existing relationships with key stakeholders, such as NCSC, DCMS and NCA.

• A communications strategy for good practice and guidance advice to Government and Industry, influencing ways of working within cyber security

• Embed a Cyber Security Profession within the ICO, to ensure development pathways, opportunities for progression and resilience in our structure.

• Take ownership for high profile legal issues and cases related to Cyber Security matters in investigations

• Providing cross cutting expert advice to support the ICO’s Regulatory Assurance, Investigations, Intel and HPI directorates.

 

There is a deep commitment to training and development within the ICO and the Cyber Security Regulation Directorate represents a dynamic opportunity to build your Cyber Security career. There is a strong route of growth, and we would welcome applications from people interested in taking the Cyber Security agenda to the next level.

​

​