GDS creates CISO role to make services ‘radically easier and safer to use’

The Cabinet Office unit is establishing a senior managerial position for a security leader who will be tasked with making government’s digital products more resilient and responding to cyber incidents

The Government Digital Service has created a chief information security officer role which comes with potential £100,000-plus salary and a remit to “transform government services to make them radically easier and safer to use”.

In a role that will report to chief executive Tom Read, the CISO will “enjoy a great deal of freedom”, according to the job advert.

Duties of the position will include creating and then leading a “a small application security team comprised of deep technical specialists”. The postholder will also be tasked with cultivating a “cyber operations team [to] create a body of standards, ways of working and tooling for the whole of GDS”, as well as a red team of ethical hackers to “seek vulnerabilities across our services from the perspective of an attacker, then work in partnership with teams to prioritise and remediate them”.

The CISO will assume overall responsibility for “leading on incident preparedness” and “overseeing incident response and disaster recovery planning”. This will also include the “development of out of hours capability for cyber, ensuring there is expertise available to support on incidents” at any time.

Related content

The successful candidate will be expected to “maintain close and productive relationships with relevant government agencies such as NCSC in order to anticipate emerging threats to the GDS”. The new security leader will also work closely with the wider Cabinet Office to “develop a more mature operating model” for cyber issues.

“We’re looking for an exceptional CISO to transform government services to make them radically easier and safer to use,” the advert added. “This new CISO role will be tasked with making our in-house built digital products more secure and resilient from attack. This is likely to be achieved by building an in-house AppSec (application security) function to integrate security seamlessly into the software development lifecycle. They will also be tasked with building out and maturing our security governance and operations capability.”

Applications for the role are open until 11.55pm on 2 June. To apply for the post, candidates must submit a CV and a response of 500 words to the following enquiry: “Tell us about your approach to embedding good security practice in mature digital product teams, touching on the balance between enforcing process and empowering engineers.”

The recruitment process will also include an informal virtual discussion with GDS senior managers, followed by a final in-person panel interview. The chosen applicant will earn an annual salary of between £75,000 and £117,800.

Sam Trendall

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *

Thank you! Your subscription has been confirmed. You'll hear from us soon.
Subscribe to our newsletter