At a Glance
- Tasks: Lead security and compliance initiatives to protect sensitive information and drive organisational change.
- Company: Join the Tony Blair Institute, a global team of changemakers making a real impact.
- Benefits: Competitive salary, diverse work culture, and opportunities for professional growth.
- Other info: Work in a dynamic environment with a focus on diversity and inclusion.
- Why this job: Be at the forefront of security in a politically impactful organisation and shape the future.
- Qualifications: Extensive experience in security leadership and expertise in ISO 27001 and AI governance.
The predicted salary is between 80000 - 100000 £ per year.
We don’t just talk, we do. Lead the change with us. At the Tony Blair Institute for Global Change, we work with political leaders around the world to drive change. We help governments turn bold ideas into reality so they can deliver for their people. We do it by advising on strategy, policy and delivery, unlocking the power of technology across all three. And by sharing what we learn on the ground, so everyone can benefit. We do it to build more open, inclusive and prosperous countries for people everywhere.
We are a global team of over 800 changemakers, operating in more than 40 countries, across five continents. We are political strategists, policy experts, delivery practitioners, technology specialists and more. We speak more than 45 languages. We are working on over 100 projects, tackling some of the world’s biggest challenges. We’re all here at TBI to make a difference.
In a world of ever more complex challenges, we believe diversity of background and perspective is a strength. We pride ourselves on a culture that values and nurtures difference. We are dedicated to unlocking potential, not only for the countries we work in but also for each of our team members. No matter where you’re from or who you are, if you’re passionate about the transformative power of progressive politics, we invite you to build a better future with us.
Role Summary
TBI operates globally in politically sensitive environments, handling sensitive policy, advisory and donor information across multiple jurisdictions. Following the establishment of Cyber Essentials+ certification, a live outsourced SOC and a 24/7 monitoring posture, Digital is now entering a phase of security and compliance maturity that includes ISO 27001 ambition, AI security and governance across a rapidly expanding AI estate, and a deepened compliance posture across the regulatory regimes in which TBI operates.
The Director of Security & Compliance is a new, senior role accountable for the security, governance, risk, compliance, continuity and data protection posture of TBI. Reporting to the CTO, this role leads the Security & Compliance function - the IT Security Engineer and the outsourced SOC - and provides authoritative leadership on cyber, AI and information security across the Institute. It is the named accountable owner for our certifications, our risk register, our continuity arrangements and the security and governance of our AI estate.
You will be an experienced security and compliance leader with deep expertise in modern cyber operations, governance frameworks (ISO 27001 in particular), risk management and the security and governance of AI in an enterprise context. You will work closely with Legal & Risk, the Director of Applications, the Enterprise Architect and the CTO to ensure our security posture enables rather than constrains TBI's mission.
Key Responsibilities
- Security Operations
- Accountable for security monitoring, incident response, remediation and security tooling/platform management across TBI (both internal and external).
- Own the relationship with the outsourced SOC and line manage the IT Security Engineer.
- Own the firm-wide security awareness programme - phishing simulation, user training and security culture (delivered through a vCISO arrangement where appropriate).
- Own the design of identity, access (RBAC) and authentication (MFA/SSO) standards, partnering with the Global Service Desk Manager who owns day-to-day operation.
- Governance, Risk & Compliance
- Own TBI's IT governance framework adoption and maintenance, including the supporting RAPID and accountability mapping.
- Own the regulatory and standards compliance posture - GDPR, ISO 27001, Cyber Essentials+, and others - including certification maintenance, control evidence, audit readiness and statutory reporting.
- Lead TBI's path to ISO 27001 certification as a strategic programme, including the definition of certification scope across emerging functions and capabilities.
- Own the central Digital & Data Security risk register - identification, assessment, mitigation and ongoing maintenance - in partnership with Legal & Risk.
- Data Protection & Privacy
- Own the data classification framework (design and operation), data retention policies and the GDPR/data subject rights operating model.
- Partner with Legal on the firm-wide data protection programme and breach notification process.
- Continuity
- Own disaster recovery and business continuity planning, testing and recovery - including RTO/RPO definition for critical systems and the incident communications plan.
- AI Security & Governance
- Own the security posture of TBI's AI estate - access and authentication for AI platforms, prompt and output data protection, prompt injection and jailbreak defence, and third-party AI vendor risk assessment (Anthropic, OpenAI, Salesforce Einstein, and others).
- Own TBI's Responsible Use Policy for AI tools across the firm.
- Partner with the Director of Applications, the Enterprise Architect and the CTO to ensure all AI initiatives across TBI - including AI capability developed outside of Digital - sit within an appropriate security and governance envelope.
- DevSecOps
- Own DevSecOps practice: secret management, vulnerability scanning (SAST/DAST/dependency scanning), pipeline security gates, container and workload security and code-level vulnerability management.
- Partner with the Director of Applications to embed security controls into the engineering practice without becoming a delivery blocker.
- Third-Party Risk
- Own third-party security risk assessment and ongoing vendor security monitoring, in partnership with the Head of Digital Transformation & Performance, who owns the vendor relationship and performance lifecycle.
Person Specification
- Significant senior leadership experience in security and compliance roles within a mid-to-large global organisation.
- Deep, demonstrable expertise in ISO 27001 - ideally as named lead on a successful certification programme - together with working knowledge of SOC 2, NIST CSF and other relevant frameworks.
- Strong technical credibility across modern security operations: SIEM, EDR, IAM, vulnerability management and DevSecOps tooling.
- Demonstrable expertise in GDPR and data protection in a global, multi-jurisdiction context.
- Demonstrable understanding of AI security and AI governance - prompt injection, model risk, third-party AI vendor risk and the operational realities of running an AI estate at scale.
- Experience designing and running risk registers and risk processes at organisational level.
- Strong stakeholder credibility at executive level; able to articulate security posture in business terms and influence non-technical audiences.
- Pragmatic, proportionate and able to balance security rigour with delivery velocity.
- Experience managing technical security staff and outsourced security partners.
- Comfortable operating in politically sensitive contexts and exercising judgement on disclosure, escalation and risk acceptance.
Qualifications & Certifications
- One or more of these certifications: CISSP (ISC), CISM (ISACA), ISO 27001 Lead Implementer, CIPP/E or CIPM (IAPP), CRISC or CGEIT (ISACA), CCSP.
Candidates must have the legal right to work in the UK to apply for this role. We reserve the right to close this role early if we receive a sufficient number of applications.
Closing Date: 2026-08-09
Director of Security & Compliance in London employer: Tony Blair Institute
At the Tony Blair Institute for Global Change, we are committed to fostering a dynamic and inclusive work environment where every team member can thrive. As a leader in security and compliance, you will have the opportunity to shape our global strategy while benefiting from a culture that values diversity and encourages professional growth. With access to cutting-edge technology and a mission-driven approach, you will play a pivotal role in driving meaningful change across the world.
StudySmarter Expert Advice🤫
We think this is how you could land Director of Security & Compliance in London
✨Join Compliance Communities
Get involved in compliance and risk communities — both online and offline. Look for forums, LinkedIn groups, or even local meetups where compliance pros hang out. You never know who might drop a job opportunity your way!
✨Attend Industry Conferences
Keep an eye out for compliance and risk management conferences and workshops in your area. These events are a goldmine for networking, and they often have job boards or recruiters on-site looking for new talent. Plus, it’s a chance to learn what's trending in the field.
✨Leverage Your University Career Services
If you’ve recently graduated or are still studying, head over to your university's career services. Many companies, including those in compliance, actively recruit fresh talent through these services, so make sure you tap into that resource.
✨Showcase Your Knowledge Online
Start writing articles or blog posts about compliance topics that interest you. Share them on platforms like LinkedIn to demonstrate your knowledge and passion. This not only builds your presence in the field but can also catch the attention of companies like Tony Blair Institute looking for candidates who are engaged and informed.
We think you need these skills to ace Director of Security & Compliance in London
Some tips for your application 🫡
Show Your Understanding of Compliance:In the compliance-risk field, it's super important to showcase your understanding of regulations and risk management frameworks. Highlight any relevant coursework, certifications (like ICA or AML), or even projects that demonstrate your knowledge and commitment to this area. We want to see how you can navigate this complex landscape!
Quantify Your Achievements:When detailing your experience, try to quantify your achievements. For example, if you've previously worked on a project that improved compliance metrics or reduced risk exposure, give us the numbers! This data-driven approach really stands out to hiring managers in compliance-risk roles.
Tailor Your CV to Reflect Relevant Skills:Make sure your CV highlights skills that are particularly relevant to compliance, like attention to detail, analytical thinking, and report writing. Ensure these are easy to spot – consider using bullet points to break down your responsibilities and achievements for maximum impact!
Craft a Motivating Cover Letter:In your cover letter, let us know why you’re excited about the compliance-risk role at Tony Blair Institute. Share what motivates you about compliance, and how you believe you can contribute to our mission. This is your chance to showcase not only your skills but also your passion for this important field!
How to prepare for a job interview at Tony Blair Institute
✨Master the Regulations
Brush up on key compliance regulations relevant to the industry you're applying to. Familiarising yourself with specific laws and frameworks used in your field will give you an edge during technical questions. Show that you’re not just aware of them but can also apply them—think real-life scenarios!
✨Show Your Analytical Skills
Compliance roles really focus on analytical skills, so be prepared for case studies or situational questions during the interview. We've got to demonstrate how we approach risk assessments or compliance audits, possibly drawing on examples from past experiences or university projects. Bring some thoughtful case scenarios to discuss!
✨Know Your Tools
Get comfortable with commonly used compliance software and tools. Familiarity with platforms like RSA or MetricStream can really impress during your interview, as it shows you're ready to hit the ground running. If you’ve had any experience with them, make sure to highlight that!
✨Align with Company Culture
Since it's a full-time position, show your long-term commitment and interest in the company’s mission and values. Dive into how your ethics and professional philosophy align with Tony Blair Institute’s stance on compliance. A shared vision can really resonate with interviewers looking for fit as much as skill!