Head of IT Security

Details

Reference number

Salary

£76,374 – £76,374

GBP

Job grade

Grade 7

Contract type

Permanent

Type of role

Information Technology

Working pattern

Flexible working, Full-time

Number of jobs available

1

Contents

• Location
• About the job
• Benefits
• Things you need to know
• Apply and further information

Location

AB10 1BK or SW1H 0DB

About the job

Job summary

As a senior member of the IT and Digital team this role is responsible for safeguarding NSTA\’s digital assets, systems, and data against evolving cyber threats, providing strategic leadership in developing and ensuring compliance with security policies, proactive risk management, continuous monitoring of security posture, and rapid response to incidents to minimize operational disruption.

The role acts as the primary authority on cybersecurity within the organisation, advising senior leadership on emerging risks, regulatory changes, and resilience strategies. In addition, the role champions a culture of security awareness, ensuring that employees and contractors understand their responsibilities in protecting sensitive information.

Job description

The IT Security Manager plays a pivotal role within the organisation, actively engaging with the wider business to monitor, report, and evaluate the security of its digital services. In addition, they provide essential support to the Chief Digital Officer in implementing and delivering the Digital/Data and IT Strategies, ensuring alignment with business objectives and maintaining robust security standards.
Key responsibilities include:
•
Transform access to information

o Deliver secure and resilient IT and information security services, safeguarding networks, infrastructure, and systems through robust configurations and compliance with recognised standards.
o Embed security by design in all new systems, APIs, and datasets, ensuring alignment with legislation and frameworks such as GDPR, Data Protection Act 2018, NCSC guidance, and ISO27001.
o Implement and maintain data protection practices, including applying retention and classification labels to support compliance and effective records management.
o Collaborate across IT, digital, and business teams to integrate security principles into projects and change initiatives, providing expert input throughout the lifecycle.

• Analytics and Intelligence
o Implement advanced security monitoring and risk management capabilities—including Third Party Risk Management (TPRM), vulnerability scanning, Dark Web monitoring, and annual health checks (penetration testing, vulnerability assessments)—to proactively identify and mitigate threats.
o Lead incident response and security operations, acting as the primary authority for IT security events, ensuring effective investigation, containment, recovery, and forensic analysis, and coordinating resolution of breaches and vulnerabilities.
o Provide clear visibility of security posture through regular reporting on risks, incidents, and remediation progress to senior leadership, supporting informed decision-making and continuous improvement of cyber resilience.

• Collaborate, partner and assure
o Develop and maintain cyber and IT strategies in collaboration with the Chief Digital Officer, including systematic reviews of legacy systems and securing leadership approval for a comprehensive five-year security plan.
o Oversee delivery of IT security services and operations, including Security Operations Centre (SOC) capabilities, ensuring alignment with strategic goals, compliance with frameworks (Cyber Essentials Plus, GovAssure/CAF), and continuous improvement through regular assessments and remediation.
o Embed security standards and architecture across projects and systems, collaborating with IT, PMO, service providers, and directorates to ensure security-by-design and adherence to NCSC guidance, GDPR, and ISO27001.
o Manage organisational cyber risk and governance, including monitoring risk registers, enforcing policies and standards, managing budgets, and providing recommendations to strengthen security posture and resilience.

• Influence

o Represent NSTA in industry and government forums, including serving as Co-Chair of the SOCS forum, participating in cross-industry cyber working groups, and promoting the organisation\’s approach to cyber security and digital resilience at external events.
o Act as a subject matter expert (SME) for IT, cyber security, and digital enquiries, maintaining strong liaison with security networks to share best practices and enhance collaborative security initiatives.
o Provide governance and compliance oversight, preparing reports for Security Advisory Board (SAB), Audit Risk Committee (ARC), and leadership teams, maintaining a register of legal and regulatory obligations, and raising awareness of changes and their organisational impact.

• People, culture and skills

o Lead and manage a high-performing records management team, ensuring compliance with regulatory requirements and organisational standards.
o Lead and deliver cyber security awareness initiatives—including phishing simulations, mandatory training, and information security sessions—while monitoring compliance and completion rates across the organisation and service partners.
o Champion a robust security culture by embedding emerging security requirements into practices and continuously improving training programmes through gap analysis and targeted interventions to strengthen cyber resilience.

Person specification

Specialist Skills, Qualifications, Experience, Licenses, Memberships or Language
Essential:
•

Professional Certifications: CISM (Certified Information Security Manager) and/or CISSP (Certified Information Systems Security Professional).
• Leadership & Communication: Strong ability to lead teams, communicate effectively, and manage diverse stakeholders.
• Technical Expertise: Comprehensive knowledge of IT environments, including Windows servers and desktops, cloud platforms, networking, applications, security, and virtualised systems.
• Security Framework Implementation: Demonstrated experience in designing, developing, and implementing information security frameworks, tools, and processes at a technical level.
• Supplier & Contract Management: Proven track record in managing outsourced service contracts and procurement activities.
• IT Security Operations: experience overseeing and managing IT security operations.
• Risk & Compliance Awareness: In-depth understanding of IT security risks and cyber security challenges, particularly within the public sector.
• Change & Transformation: Experience driving change management and implementing transformational IT security initiatives.
• Network & Firewall Expertise: Skilled in network and firewall design, configuration, and applying security principles, including IT auditing practices.
• Access Control Systems: Familiarity with tools and systems for access security control (e.g., ACF2) to prevent unauthorized system access.
• Risk Management & Resilience: Knowledge of risk management methodologies, business impact analysis, and contingency planning for IT service disruptions, including resilience strategies, fallback locations, backups, and diversity measures.
Desirable:
•
Experience of public sector / government regulatory environment / energy sector
• ISO27001 Lead Implementor

Benefits

Mandatory text:
– This advertised role is not within the Civil Service or an accredited Non Departmental Public Body, as such your continuity of service may be affected if you apply and are successful.

• This role does not include an option to apply for a Civil Service Pension.

Things you need to know

Selection process details

Competence based sift and interview process against the competencies detailed in the job description.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check .

See our vetting charter .

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements

Working for the Civil Service

Please note this Post is NOT regulated by the Civil Service Commission.

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service Diversity and Inclusion Strategy .

Apply and further information

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name :
• Email :
• Telephone :

Recruitment team

• Email :

Further information

North Sea Transition Authority )

Follow link to apply

Careers )