This is a new role within the UKCloud business the role will the responsible for creating, owning and overseeing the implementation of a holistic Cyber Security and Information Assurance Strategy, providing guidance and assurance to the UKCloud Board. The CISO will also have ownership for the security architecture across all UKCloud platforms, solutions and services, ensuring that they comply with international, national, customer and UKCloud policies, standards, guidelines and design patterns.
Assess and understand the company's current security posture and future architecture, providing recommendations for improvement and risk reduction
Provide robust direction across UKCloud’s suppliers and business partners on cyber security standards, requirements and defining acceptable risk positions.
As subject matter expert for operational security, you'll provide advice and guidance to other teams within the business on good practice and maintain relevant and current industry knowledge through publications, events and training.
Working collaboratively with other technology architects to ensure that security is adopted and properly embedded in their respective technology domains
Design and specification of new security technologies that the organisation may wish to adopt or productise for customers which support business strategies & goals
Ensuring effective monitoring and reporting is present across all business areas to manage security incidents and information security vulnerabilities and threats.
Set direction for technical activity in support of cyber investigations.
Supporting the framework of risk assessments and audit activities managed by the UKCloud Compliance Team, conduct assessments of current IT security practices and systems, identifying areas for improvement.
Manage external technical security assessments (e.g.ITSHC/CHECK) and remedial-activities.
Strong experience with security strategy, with a passion to make security realistic and achievable
Experience of producing strategy documents and security architecture design documents.
Extensive experience in the development and implementation of security strategy, policies, standards and procedures.
Broad security experience, with a relevant general security qualification (e.g. CISSP, CRISC, CISM).
Highly experienced in interpreting & implementing HMG security policy.
Experience developing security architecture, with a relevant senior security architecture qualification (e.g. CCP Senior Security Architect).
Experience in risk assessment and risk management, with a relevant risk management qualification (e.g. CCP SIRA).
Extensive experience in working on or with high assurance systems across HMG.
Experience in providing board-level representation of security.
Extensive experience in security incident response.
Extensive experience in managing the conduct of Security IT Health Checks (ITHC) and remedial activities.
A solid understanding of securely handling sensitive data, including data valuation and interpretation of GDPR, DPA and other relevant legal instruments.
Experience with leading cloud platforms and provider ecosystems.
Experience with multivendor solutions across a broad portfolio of technologies and products.
About the Company
UKCloud provides an unbeatable, secure UK public cloud. Focused solely on serving the UK Public Sector. We are committed to assurance and security while delivering flexible, agile and value-based cloud hosting to our customers.
Formed in 2012, UKCloud is based in Farnborough (Hampshire) and Corsham (Wiltshire). We have a team of 250 people and we continue to grow! We are looking for people who want a rewarding career in a business who truly invest in you as an individual.
Competitive salary and bonus scheme
25 days' holiday increasing to 30 days over length of service, half a day birthday leave, charity day
Access to free parking
Active social and charity events
Cycle to work scheme
Onsite facilities - Friday breakfasts, fruit and soft drinks
UKCloud is an equal opportunities employer and positively encourages applications from suitably qualified and eligible applicants. Applicants must be eligible to work and live in the UK and will be required to undergo and maintain appropriate UK government security clearance.