top of page

Director of Cybersecurity Regulation

Reports to: Chief Regulatory Officer
Salary: Level G2
Hours: 37 per week

Purpose of post

Reporting to the Deputy Commissioner, this role will be the subject matter expert who will act as the focal point for all information and cyber security related regulatory activity across the ICO.

​

The role will coordinate information and cybersecurity activity performed across the ICO’s regulatory remit, ensuring that objectives are met, and regulatory obligations are delivered.

​

Providing senior level support to the CRO and leadership of a small team or regulatory project specialists, the post holder directs the activities of their directorate to achieve the ICO’s strategic objectives.

​

The Director of Cybersecurity will develop and own a strategic plan for information and cybersecurity. The strategy will define appropriate expected standards of cybersecurity within regulated organisations and be used to enhance the ICO’s regulatory activity.

​

Leading the continuous development and uplift in cybersecurity capability across the ICO, through an appropriate operating model, to ensure that it has the resources and skills in place to perform its regulatory function and is prepared for future developments in this discipline.

​

The role will sponsor and be responsible for change programmes within the ICO related to cybersecurity activity.

​

​

Key responsibilities

Oversees the work of the ICO’s regulatory Cybersecurity directorate, leading and coordinating regulatory cybersecurity activity across the ICO

​

Taking responsibility and accountability for the development and delivery of a cybersecurity strategy and operating model supporting the strategic priorities of the Regulatory Supervision Service.

​

Oversee the delivery of Cybersecurity regulation  and the delivery of cybersecurity guidance, advice and external messaging, ensuring a clear and collaborative approach across the organisation.

​

Maximise resource efficiency across the directorates in the division and deliver value for money. This will involve the continual review of activities and their contribution to the ICO’s strategic priorities, and deciding when change is necessary to re-align activity to meet the ICO’s objectives.

​

Develop strong working relationships with national and international stakeholders, engaging with high profile stakeholders on key strategic issues for the ICO.

​

Support the CRO in managing strategic regulatory relationships, both within and external to the ICO, in particular negotiating and influencing others to achieve desired outcomes in relation to the Cybersecurity strategy.

​

Make effective, confident and timely decisions, involving relevant Heads of Department, technical experts and consulting others where needed, articulating options and making recommendations for preferred courses of action.

​

Champion the development of staff, creating an inclusive environment which values diversity, encourages learning and development and identifies and acts where capabilities need to be improved.

​

Working collaboratively with colleagues across the ICO and other relevant stakeholders to build Cybersecurity career pathways and a Cybersecurity profession within the ICO.

​

Lead and inspire teams across multiple disciplines, communicating effectively to achieve staff engagement and being a visible and credible leader.

​

Undertake corporate responsibilities as a senior manager such as leading or participating in steering groups and committees, and leading or chairing internal investigations or panels.

​

​

Person specification

Key: Application Form (A), Certificate (C), Interview (I), Test (T), Presentation (P)

Education & Qualifications

  • A relevant degree, post graduate degree or associated information and cybersecurity qualifications (MSc, CISSP, ISEB, CISM) (A, C)

  • Member of  relevant professional body (for example, CIISec, ISC2, ISEB) (A, C)

​

​

Working experience

  • Substantial experience in a cybersecurity leadership role (A, I)

  • Substantial relevant experience working with or within regulatory environments (A, I)

  • Experience of engaging and negotiating with senior external stakeholders (A, I)

  • Experience of interpreting and applying complex legislation (I)

  • Experience of leading and implementing improvements to process (I)

  • Experience of the management and deployment of resources, including budgets (I)

​

​

Knowledge, skills and abilities

  • In depth knowledge of cybersecurity legislation, best practice and process (I, T)

  • Excellent written and verbal communication, negotiation and presentation skills (I)

  • Inclusive and supportive staff leadership skills (I)

  • Personally Effective – excellent organisational skills, ability to prioritise and delegate (A, I)

  • Ability to seek out, manage and influence opportunities for continuous improvement and change (A, I, P)

​

​

Please note that post holders for this role will be required to receive security clearance to DV level. This requires the disclosure of spent and unspent convictions. Although convictions will be taken into account, any such information will not necessarily prevent you from obtaining a security clearance.

​

​

bottom of page