Senior Information Security Officer

We are excited to be recruiting a Chief Information Security Officer to join our fantastic team based at Woodhatch Place in Reigate. We offer a hybrid working model with a minimum of two office days per week. 26 days’ holiday, rising to 28 days after 2 years’ service and 31 days after 5 years’ service (prorated for part time staff)~ Option to buy up to 10 days of additional annual leave~ A generous local government salary related pension~ An Employee Assistance Programme (EAP) to support health and wellbeing~ Learning and development hub where you can access a wealth of resources~ Wellbeing and lifestyle discounts including gym, travel, and shopping~ In this senior leadership role, you will own and drive cyber security strategy, governance and operational resilience across Surrey County Council’s complex hybrid environment. Leading cyber risk management, governance forums and assurance activity across IT&D, ensuring risks are identified, assessed and clearly reported to senior stakeholders. Overseeing incident preparedness and live response, including coordination with suppliers, IT operations and information governance. Providing expert direction on security technologies, control effectiveness, logging/monitoring, and vulnerability management priorities. Developing and maintaining cyber policies, standards and evidence based reporting. You will hold line management responsibility for the cyber security function, including analysts or virtual team members through matrix management, and provide leadership and direction across IT&D and supplier teams. Delivery of a refreshed cyber security strategy and multi year improvement roadmap Establishment of strengthened cyber governance, including improved reporting, risk tracking and decision making structures Implementation of a formal cyber exercising programme (tabletop and technical) across IT&D, information governance and key suppliers Measurable improvements in vulnerability management, logging/monitoring coverage and supplier assurance You will directly shape the council’s ability to manage and reduce cyber risk, influence technology and service design decisions, and embed a cyber aware culture across one of the UK’s largest local government environments. With a dedicated investment programme to drive security improvements, you will have a significant opportunity to transform how the organisation protects its people, data and systems. Significant senior cyber security leadership experience in a complex organisation Deep understanding of cyber risk management, governance and assurance frameworks What steps would you take in your first few months to understand our cyber risks and priorities?# Can you describe a complex cyber incident you have led, including how you coordinated the response and what improvements were implemented afterwards?# How do you balance strategic cyber security planning with hands on delivery to ensure both long term resilience and quick, tactical gains?# Which cyber security governance or risk management frameworks (e.g., Local Government Reorganisation (LGR) Surrey County Council is undergoing Local Government Reorganisation, moving from a two-tier system to two new unitary councils in April 2027. If you are employed by Surrey on 1st April 2027, your role will transfer with current terms and conditions to one of the new organisations, supporting local devolution and greater powers for our communities. Join our dynamic team and shape the future of local government. Make a lasting impact with innovative solutions and improved services for our community. Help us build a brighter future for our residents! We are a disability confident employer which means if you have shared a disability on your application form and have evidenced you meet the minimum criteria, we guarantee you an interview. From application to your first day, we’re committed to supporting you with any adjustments you need, we value inclusion and warmly welcome you to join and help build a workplace where everyone be…