About Us:We're Nominet - a world-leading domain name registry operating at the heart of the UK internet. While we're best known for running .UK domains, our DNS expertise also underpins critical internet infrastructure that government services, including the NHS, rely on.As a public benefit company, our work has a positive impact on society. We've donated millions to projects that use technology to improve people's lives and have committed to delivering £60m worth of support over the next three years.The Role:We are looking for a Chief Information Security Officer to deliver an industry leading security posture at Nominet. This is a critical role with responsibility for all aspects of Information Security.The role will ensure Nominet remains at the forefront of regulatory compliance and standards while delivering exceptional operational performance across the business. You will work with our engineering teams to help underpin and realise our ambition to become a world class software company. Protecting the Nominet from security threats and cyber risk is of paramount importance for a company running critical national infrastructure and this role is pivotal to upholding security standards through a period of business change.Reporting to the CTO, the CISO is a key member of the extended leadership team whose purpose is to be an advocate for Nominet's total information security needs. The CISO is responsible for the development, direction, management and delivery of information security across the business both internally and externally. The role will encompass communications, applications and infrastructure, including the policies and procedures which apply across the company.As CISO you will lead the on-going development and implementation of a security program that involves all business teams. Leading information security governance to advise the senior leadership team and the executive team on security direction while ensuring risk management is managed effectively with appropriate policies and controls.What You'll Be Doing:Support and drive Nominet's ambition to become a 'World Class Software Company'Functional LeadershipDeliver a Secure and Resilient businessEnsure security and resilience remains a priority in the delivery of Nominet's group operationsMaintain a current understanding of the IT threat landscape for the industryEnhance, develop and maintain key operational procedures with a standards-based approach for all security work, ensuring effective development and operational compliance to applicable recognised standardsLead the security requirement inputs for key transformation projectsOperate as Nominet's Security Ambassador both Internally & Externally - championing Nominet's role in the industryDevelop and embed a security focused culture across the organisation. Communicate best practices and risks to all parts of the business. Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforcedBrief the Board, Executive Team, senior management team and other key stakeholders on status and risksBe a key partner to the CTO in helping to create strategy and process that will further the work of the organisation and ensure Nominet has the highest possible operational and technical security procedures in line with expectations of an operator of Critical National InfrastructureEnsure Business ContinuitySupport New Business DevelopmentContribute to the development of key internet and security standardsDevelop relationships with existing CERT and responder community, looking to proactively develop new ideasAbout You:The criticality of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders and external partners. There is a balance to be found between security strategy, good practice and other priorities at an organisation wide level, e.g., project delivery with clear security guardrails. This position needs a proactive and enthusiastic team lead who is excited by managing technology to deliver world-class data support to the Nominet business.Must Haves:10 years+ experience working in an IT-Security role5 years+ in lead or management positionsA good understanding of Internet, DNS, threat analytics, networking and infrastructure technologiesIn-depth knowledge of current security threats and issues as well as mitigation techniquesSkilled in policy debate and discussionExperience working on committees and working groups with an ability to drive decisions through consensusDigital leadership skills - capable of empowering and leading a security team to meet business and security goalsSolid people management skills - providing direction, monitoring performance, motivating staff and building a positive working environmentAbility to adapt to a fast-moving threat landscape and keep pace with latest thinking and new security technologiesAnalytical mind capable of managing numerous information sources and providing data analysis reports to senior managementStrong customer focus - able to meet the demands of internal and external customersExcellent communication skills - providing verbal and written communication that is outstanding to both direct reports and senior management as well as other stakeholdersFlexible and adaptable - capable of changing direction where required and showing flexibility to meet new demandsCreative thinking - able to look at alternatives and consider new ways of thinking to problem solveProven experience with:Developing and delivering security strategies ideally in the environment of critical national infrastructureWorking with Board and Executive level managementDeveloping compelling and impactful business cases and presentationsCISSP, CISP, CISM or equivalent qualification highly desirableExperience with Cyber Essentials, ISO 27001/2 (or BSI equivalent) standards desirablePrevious government security clearance, e.g., SC/DVWorking at Nominet:Our people make things happen, but our values are our compass as a company, guiding our day-to-day work and building our culture. They reflect that we're strongest when we're proactive and pull together, while underlining the importance of a "glass half full" mindset and aiming to keep things simple for success.What We Offer:Early Finish Friday - Working week of 34 hours with full-time pay. (Finish at midday on Friday)30 days of annual leave plus bank holidays, with the ability to purchase an additional 5 daysBupa private healthcare + Employee Assistance ProgrammeElectric vehicle scheme with on-site charging pointsRewards platform with access to discounts at hundreds of shops, restaurants etc.Medicash discounts on routine healthcare including optical, dental and much moreCompany and individual performance-based annual bonusDiversity Statement:We're passionate about creating a workplace where every individual is valued, respected, and empowered. Somewhere we can benefit from all forms of diversity and discover the true value in our differences. If there are any adjustments we could make to the recruitment and selection process to support you, please let us knowSecurity Statement:Nominet is committed to the safeguarding and welfare of the internet and expects all employees and volunteers to share this commitment by participating in the relevant security and screening processes. All roles working for Nominet will be subject to a Baseline Personnel Security Standard (BPSS) check. Some roles due to the nature of their work, will require additional security clearance.
