Head of Information and Cyber Security in England

Location: Hybrid. 1 day per week in London. Flexibility where needed.

Salary: £84,500 plus benefits

Job Overview: This is a deliberate search for a rare blend of skills. The organisation is looking for someone who can still think and act technically, while also owning and shaping the entire Information and Cyber Security vision moving forward. This is not a purely strategic or advisory role, and equally it is not a hands-on engineering post. It sits firmly in the middle. You will be trusted to set direction, define priorities and build a long-term security roadmap, while also being close enough to the detail to review designs, interpret diagrams, challenge suppliers and make confident technical decisions when it matters. The organisation has already established strong foundations, including a dedicated cyber function and a managed SOC. The focus now is on maturity, clarity of vision and leadership that balances pragmatism with ambition.

Job Responsibilities:

• Own and evolve the organisation’s Information and Cyber Security strategy and roadmap, aligned to NIST.
• Act as the senior technical authority for cyber security, able to engage deeply with architecture, designs and risk trade-offs.
• Talk audit and risk – talk at board and committee level.
• Lead incident response, risk management and disaster recovery with both strategic oversight and technical understanding.
• Line-manage two Data Protection Officers (DPOs), ensuring privacy, governance and cyber security operate together.
• Own and actively manage third-party security partners including SOC, vulnerability management, patching and firewall services.
• Work closely with Heads of Infrastructure and Heads of Programmes, influencing secure design, delivery and change across the organisation.
• Drive Cyber Essentials Plus accreditation and continuous improvement across security controls.
• Translate technical risk into clear, practical insight for risk, audit and board stakeholders.
• Build a security culture that is proportionate, pragmatic and embedded into everyday ways of working.

Technology Environment: This role will suit someone who no longer configures tools day to day but still enjoys engaging with the technical detail and expects to remain technically credible. You should be comfortable reviewing and challenging across areas such as:

• Network and firewall architecture.
• Identity and access management and MFA.
• Vulnerability management and patching strategies.
• Phishing, endpoint protection and incident response workflows.

You will be expected to make technical decisions, not simply approve recommendations.

Qualifications:

• Senior Manager, Lead or Head level experience in Information and Cyber Security.
• Evidence of balancing hands-on technical understanding with ownership of broader security strategy and vision.
• Strong experience managing SOCs and external security service providers.
• Experience working at board level with audit and risk committees.
• Practical working knowledge of NIST and experience supporting Cyber Essentials Plus or similar frameworks.
• Confidence engaging with engineers, architects, Heads of Infrastructure, programme leaders, executives and non-technical stakeholders.

Nice to Have:

• Background in infrastructure, networks or security engineering earlier in your career.
• Experience operating in complex or regulated environments such as public sector, charity or enterprise.
• Experience leading security through a phase of maturity rather than initial set-up.

Why Join: You will have the space and trust to shape the long-term security vision, while remaining close enough to the technical detail to ensure decisions are grounded, credible and effective. It is a chance to build something lasting in a third-sector organisation where its people and security are valued and the mission genuinely matters.

Seniority level: Director

Employment type: Full-time

Job function: Information Technology

Industry: Civic and Social Organizations