AMS PSR

We are looking for a Chief Information Security Officer (Inside IR35) for a 6 month contract. Hybrid working with 3 days per week in London.

We are seeking an experienced Interim Chief Information Security Officer to provide executive leadership of cyber security across critical services. 

The role will lead the operational delivery of cyber security risk management across a modern cloud-first estate operating within a multi-supplier and in-house engineering model.

Working alongside the SIRO and senior leadership, the postholder will:

• Provide clear and practical advice on cyber risk to senior leaders.
• Drive prioritised risk reduction across essential services.
• Assure alignment with NCSC guidance and the Cyber Assessment Framework (CAF).
• Strengthen identity, privileged access, resilience and monitoring foundations.
• Embed proportionate security within modern software engineering and DevSecOps practices.
• Oversee delivery of cyber services through the managed cyber supplier.

This is a delivery-focused executive leadership role in a complex, high-profile operational environment.

As a Chief Information Security Officer  your main responsibilities will be:

• Lead cyber risk posture for essential services, working alongside the SIRO and senior governance.
• Translate technical risk into clear choices and trade-offs for senior leaders.
• Provide structured reporting aligned to NCSC CAF, government security standards and organisational risk appetite.
• Lead improvement of identity and access management across multiple IDAM services.
• Drive removal of unnecessary standing privilege and strengthen role-based access control.
• Embed security effectively within agile delivery squads and platform teams.
• Strengthen secure-by-design principles in a way that supports delivery pace.
• Ensure appropriate log onboarding, detection coverage and response playbooks for essential services.
• Directly manage and oversee the contracted cyber managed service provider, including performance, delivery quality and adherence to agreed outcomes. 
• Set security standards and expectations across a multi-supplier delivery environment. 
• Advise senior leadership on cyber-related commercial and supplier risk.

Essential:

• An active SC Clearance is an essential requirement for this role, as a minimum you must be willing & eligible to undergo checks. (Please note, due to the exceptional requirements of this position (short-term nature of this role and speed at which we require a postholder in situ) preference may be given to candidates who meet all of the essential criteria and hold active security clearance.) 
• Operated at CISO or Director level within a large, complex organisation delivering critical services.
• Strong experience working alongside a SIRO and senior governance structures.
• Demonstrable ability to explain complex cyber risks clearly to senior leaders.
• Experience in Identity & Access Management, Privileged Access Management and access governance at scale.
• Strong working knowledge of NCSC guidance, Government Functional Standards and the Cyber Assessment Framework (CAF).
• Proven experience embedding security into modern agile and DevSecOps environments.
• Strong understanding of cloud security (Azure and/or AWS), infrastructure-as-code and automated security controls.
• Experience driving security automation and tooling rationalisation across fragmented estates.
• Experience operating within a multi-supplier delivery model.
• Experience managing outsourced or managed cyber service providers.
• Comfortable operating under scrutiny in a high-profile public service environment.

Please be aware that this role can only be worked within the UK and not Overseas.

In applying for this role, you acknowledge the following "this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different".