Chief Information Security Officer - Core Services

Salary £72,840 The base salary for this grade is £72,840. Offers above this will be made up of a Digital Skills Allowance of up to £18,000 per annum for exceptional candidates. London locations may attract an allowance of up to £3,300 per annum. Location MOD Main Building, Whitehall, London, SW1A 2HB (please note regular travel will be required) About the job

Job summary The MOD's digital teams ensure we remain among the most technologically advanced Armed Forces in the world. We develop and lead in cutting-edge data science, automation, and cybersecurity solutions to protect the UK and its interests, at home and abroad. Our mission also goes beyond the battlefield by leading humanitarian efforts and driving innovation that impacts lives across the globe. From the 1st April 2026 Defence Digital has changed its name to National Armaments – Digital & Data. Watch our video to see what we do!

Job description This high impact role is accountable for strengthening the Cyber Risk position of digital capabilities delivered by the Core Services team within National Armaments Digital & Data. You’ll work closely with senior leaders, driving innovation, ensuring risks are suitably mitigated and embedding secure-by-design principles into everything we do. Your expertise will make a real difference, helping to safeguard national security and ensuring our digital future is resilient, secure and ready for tomorrow’s challenges. Ensuring robust governance, risk management and compliance frameworks are in place, you’ll champion a positive security culture across the organisation, improving cyber security and information security awareness, knowledge and skills. Responsibilities Act as the primary point of contact for Cyber and Information Security, ensuring strong governance and clear accountability across the organisation and supply chain. Deliver and maintain the Cyber and Information Risk Management Framework, identifying, assessing and mitigating risks effectively. Drive secure-by-design principles and digital resilience into all programmes and services from the outset. Oversee audits, incident management and adherence to Defence standards and regulations. Champion awareness and training, so everyone understands their role in maintaining security. Ensure Data Protection Advisors and Information Asset (DPIA) Owners manage personal data responsibly, with DPIAs in place for systems and services. Ensure all cyber and information security incidents, breaches and near misses are appropriately managed, reported and investigated appropriately, to ensure that risk is mitigated and lessons identified, recorded and learnt. Line management of a small team and matrix management within a larger organisation.

Person specification We would expect to see experience in Cyber and Information Security leadership and demonstrable ability to develop and maintain governance and risk management frameworks. You’ll have a thorough understanding of secure-by-design principles, digital resilience and compliance requirements, with experience of managing security incidents, audits and remediation activities. This position may be suitable for individuals with relevant skills and experience in information security governance & management, risk assessment & information risk management, technical security architecture or with appropriate skills gained in an ICT assurance or compliance environment. When submitting your CV, please highlight your career history, qualifications and experience that align with the essential criteria. You’ll need to meet the following Essential Criteria: Excellent stakeholder engagement and influencing skills at senior levels. Strong analytical and problem-solving abilities with a risk-based approach. Ability to lead cultural change and promote security awareness across diverse teams. Experience in Cyber and Information Security leadership, and demonstrable ability to develop and maintain governance and risk management frameworks. Additionally, refer to the "Things You Need to Know" section of the advert and provide a statement of suitability (max. 1250 words) answering these questions: Describe your experience of managing cyber security governance, risk and compliance aspects within an organisation. Provide an example of when you have managed a Cyber Security incident, the approach used and the outcome. Describe your experience of leading, managing and developing a team and of resources not owned by the organisation. Regular travel will be required to other MOD locations in the UK. If not already held, successful candidates will be required to undergo DV clearance. Please note this position is open to sole UK Nationals only.

Artificial intelligence Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use. Selection process details This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills. At sift, you will be assessed against your CV and statement of suitability (1250 words) Please upload your CV in the relevant section on the Civil Service Jobs dashboard, ensuring it includes job history, qualification details and clearly demonstrates how you meet the essential criteria outlined in the person specification. You must also submit a statement of suitability (maximum 1250 words) answering the 3 questions listed in the person specification. Here is a link to a video offering helpful tips and guidance on the Civil Service Jobs application process: Watch: How to apply on CS Jobs: Guide and Tips At interview, you will be assessed against your experience and the following: Behaviours: Leadership Communicating and Influencing Technical Skills: Information risk assessment and risk management Applied security capability Protective security Threat understanding Presentation: You will be asked to prepare and deliver a 5 minute (max) presentation on a role-related subject. You will be contacted with further details prior to interview. The Government Security Profession Career Framework and the Cyber Security - Head of Cyber Security role used in this vacancy can be found at: Government Security Profession career framework.

Feedback will only be provided if you attend an interview or assessment. Security Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window). Nationality requirements Open to UK nationals only.

Contact point for applicants Job contact : Name :NA D&D Talent Acquisition Team Email :ukstratcomdd-hr-talentacqdel@mod.gov.uk Recruitment team Email :DBSCivPers-Resourcingteam3@mod.gov.uk