We are excited to be recruiting a Chief Information Security Officer to join our fantastic team based at Woodhatch Place in Reigate. We offer a hybrid working model with a minimum of two office days per week.
Our Offer to You
26 days' holiday, rising to 28 days after 2 years' service and 31 days after 5 years' service (prorated for part time staff)
Option to buy up to 10 days of additional annual leave
A generous local government salary related pension
Up to 5 days of carer's leave and 2 paid volunteering days per year
Paternity, adoption and dependents leave
An Employee Assistance Programme (EAP) to support health and wellbeing
Learning and development hub where you can access a wealth of resources
Wellbeing and lifestyle discounts including gym, travel, and shopping
A chance to make a real difference to the lives of our residents. About the Role
In this senior leadership role, you will own and drive cyber security strategy, governance and operational resilience across Surrey County Council's complex hybrid environment. Your typical week will include:
Leading cyber risk management, governance forums and assurance activity across IT&D, ensuring risks are identified, assessed and clearly reported to senior stakeholders.
Overseeing incident preparedness and live response, including coordination with suppliers, IT operations and information governance.
Providing expert direction on security technologies, control effectiveness, logging/monitoring, and vulnerability management priorities.
Setting clear security expectations and driving cultural change across service owners, technical teams and leadership groups.
Developing and maintaining cyber policies, standards and evidence based reporting.This is a hands-on leadership role where strategic thinking and operational decision-making are equally important. You will hold line management responsibility for the cyber security function, including analysts or virtual team members through matrix management, and provide leadership and direction across IT&D and supplier teams.
Within your first 12-18 months, you will be expected to lead or significantly contribute to:
Delivery of a refreshed cyber security strategy and multi year improvement roadmap
Establishment of strengthened cyber governance, including improved reporting, risk tracking and decision making structures
Implementation of a formal cyber exercising programme (tabletop and technical) across IT&D, information governance and key suppliers
Measurable improvements in vulnerability management, logging/monitoring coverage and supplier assurance
Significant uplift in incident response maturity, including documentation of playbooks, interfaces and recovery expectations.This role is central to strengthening the resilience of essential public services. You will directly shape the council's ability to manage and reduce cyber risk, influence technology and service design decisions, and embed a cyber aware culture across one of the UK's largest local government environments. With a dedicated investment programme to drive security improvements, you will have a significant opportunity to transform how the organisation protects its people, data and systems.
Your Application
In order to be considered for shortlisting, your application will clearly evidence the following skills and align with our behaviours:
Significant senior cyber security leadership experience in a complex organisation
Strong capability to operate strategically and hands on, delivering measurable security improvements
Deep understanding of cyber risk management, governance and assurance frameworks
Proven experience leading cyber incidents, including response coordination and exercising
Excellent communication and stakeholder influence skills across technical and non technical groups
Familiarity with NCSC aligned approaches and/or frameworks such as NIST CSF
Relevant professional qualifications such as CISSP or CISMTo apply, we request that you submit a CV and you will be asked the following 4 questions:
What steps would you take in your first few months to understand our cyber risks and priorities?
Can you describe a complex cyber incident you have led, including how you coordinated the response and what improvements were implemented afterwards?
How do you balance strategic cyber security planning with hands on delivery to ensure both long term resilience and quick, tactical gains?
Which cyber security governance or risk management frameworks (e.g., NCSC CAF, NIST CSF) have you implemented, and how have they influenced decision making and assurance in your previous organisations?
The job advert closes at 23:59 on 12/04/2026 with interviews planned shortly afterwards.
Local Government Reorganisation (LGR)
Surrey County Council is undergoing Local Government Reorganisation, moving from a two-tier system to two new unitary councils in April 2027. If you are employed by Surrey on 1st April 2027, your role will transfer with current terms and conditions to one of the new organisations, supporting local devolution and greater powers for our communities.
Join our dynamic team and shape the future of local government. Make a lasting impact with innovative solutions and improved services for our community. Help us build a brighter future for our residents!
Our Commitment
We are a disability confident employer which means if you have shared a disability on your application form and have evidenced you meet the minimum criteria, we guarantee you an interview.
Your skills and experience truly matter to us. From application to your first day, we're committed to supporting you with any adjustments you need, we value inclusion and warmly welcome you to join and help build a workplace where everyone be
Salary description
£70975.00 - £78002.00 per year