Principal Lawyer Cyber Enforcement

Full time / Part time

Salary: 69371- 79372 pa with potential for further progression to 89369 with our pay progression scheme.

Location: Hybrid Contracted to our Wilmslow, London, Edinburgh, Cardiff or Belfast office; however we offer flexible home and office-based working opportunities. There will be times when you will be expected to attend the office to collaborate with colleagues or travel due to business. From Autumn 2026 our head office will be relocating from Wilmslow to Manchester city centre.

Why work for the ICO:

• Pay progression scheme.
• Hybrid and flexible working options.
• 25 days paid holiday per year plus public holidays.
• Flexi leave (up to 26 additional days leave per year).
• Pension (employer contribution around 28.9%).
• Online discount scheme to save money at major supermarkets, retailers, gyms, restaurants, insurance providers and many more.
• Health Cash Plan.
• Fantastic development opportunities to learn and progress.

Job summary:

The Cyber Enforcement Principal Lawyer will work within the ICO Legal Service (Enforcement) team providing legal advice to support civil regulatory enforcement action in relation to cyber security under the UK GDPR, DPA 2018 and PECR 2003, and also to support NIS enforcement activity under the NIS Regulations 2018 as well as ongoing and future legislative reforms. The post holder will provide expert legal advice and forge partnerships with other areas of the organisation to achieve consistency of approach, efficiency and the delivery of high quality timely and risk-based legal advice to the Commissioner. The post holder will work closely with the Regulatory Cyber Team to ensure we have in place robust procedures for NIS enforcement and Cyber enforcement activities.

Key Responsibilities:

• Provide expert legal advice on high-priority complex civil regulatory enforcement and NIS matters including issuing monetary penalties.
• Effectively and independently manage a caseload of complex civil enforcement and NIS matters adding value to the wider operations and influence of the ICO.
• Provide advice on the ICO’s role as the UK’s competent authority under the NIS Regulations including its responsibilities in cross-border regulatory cooperation and enforcement, particularly in the context of evolving frameworks such as the EU’s NIS2 Directive.
• Provide expert cyber security advice in areas of responsibility by being fully conversant with all relevant legislation and ICO policies as well as leading on developing strategy and thinking on novel and complex legal issues.
• Manage and develop lawyers in the Legal Service, provide supervision to other lawyers and, as appropriate, instruct external lawyers on key matters.
• Ensure that all supervised lawyers are continually developing and competent and undertaking sufficient development opportunities to maintain their practising certificate.
• Seek continuous improvement in all areas of responsibility, recommend changes and manage and lead on regulatory initiatives to ensure that implementation is successfully achieved.
• Participate and, where appropriate, lead on behalf of the ICO at meetings and events where senior representation is required; some travel, including overseas, may be required.
• Identify opportunities and risks to the ICO’s operations and reputation and make recommendations for improving the ICO’s legal risk management of its own regulatory compliance as well as that of external sectors and organisations.
• Engage with colleagues across the organisation, media and other external stakeholders on important legal issues related to civil enforcement cases.
• Contribute to the development of colleagues in the ICO by preparing or delivering in-house training as required.

Person specification:

Essential criteria assessed at application stage:

• Applicants must be qualified to practise as a Solicitor, Barrister or Chartered Legal Executive in England and Wales, or in the case of applicants qualified in a jurisdiction outside of England and Wales, must possess an appropriate equivalent professional qualification and may be required to undertake the Solicitors Qualifying Examinations (or apply and be granted an exemption of one or both parts) within a defined period.
• Experience and insight into the ICO’s enforcement powers in relation to cyber security, including its approach to investigating breaches, issuing sanctions and promoting compliance under frameworks such as the UK GDPR and the Network and Information Systems Regulations.
• Substantial experience of regulatory enforcement work or equivalent experience of complex contentious work or the ability to quickly develop skills in this area.
• Experience of providing strategic legal advice in a regulatory environment including knowledge of public law principles and/or the ability to quickly develop skills in this area.
• Experience of supervising other lawyers.
• Some experience of managing others and/or the ability to quickly develop skills in this area.

Essential criteria assessed during interview:

• Excellent legal analytical skills.
• Ability to interpret and apply complex legislation to particular situations and to engage in debate about these issues.
• Excellent written and verbal communication and presentation skills.
• Ability to draft complex legal documents including provisional and final decisions (including notices of intent, enforcement notices and monetary penalty notices).
• Understanding of the regulatory environment (including capacity to learn about NIS regulation) and the public sector generally including the democratic political and organisational framework of a regulator.
• Ability to seek out, manage and influence opportunities for continuous improvement and change.
• Personally effective, excellent organisational skills, ability to prioritise and delegate.

Equality, diversity and inclusion:

The ICO is committed to promoting and enhancing equality, diversity and inclusion. We are focused on developing a workforce that is representative of the communities we serve and together we are building an inclusive workplace where all of our colleagues have the opportunity to make a real difference. We are championing this through our Equality, Diversity and Inclusion Board together with a number of staff networks. Candidates with a disability who meet the minimum criteria for this vacancy will be invited to interview as part of the ICO’s commitment to the Disability Confident Scheme. As part of the ICO’s commitment to our EDI objectives and creating a workplace that represents the communities and societies we serve we guarantee an interview to candidates who declare they identify as belonging from an ethnic minority background and who meet the minimum criteria for this vacancy.

Closing Date:

Please submit your CV and a cover letter detailing your suitability for the role by 23:59 on Wednesday 19th November 2025. Your cover letter should be no more than 1000 words and should clearly articulate how your experience and aspirations align with the specific expectations of this role. We may close this vacancy early if we receive a high volume of applications. To ensure your application is considered we encourage you to apply as soon as possible. If you require any reasonable adjustments to support your application please contact us. In the event of a high volume of applications we may not be able to invite all candidates who meet the minimum criteria to interview. However we encourage you to stay in touch and apply for future roles that match your interests. All candidates who meet the minimum criteria and apply in-line with our guaranteed interview scheme for disabled and ethnic minority applicants will be interviewed.