Head of Information Security Assurance

£69,141 up to c£85,000

Main purpose of the role

The NAO is granted extensive access to privileged government and personal information and must in addition to its own data preserve both the confidentiality and safety of that resource. The Information Security Team’s objective is to provide timely and robust assurance to the C&AG and Senior Information Risk Officer that our Information Security Management System is robust and successful in meeting both external and insider threats, whilst alerting them to any emerging or residual risks which require mitigating.

To support this the post holder will:

  • Design and report upon progress of our Information Security Plan.
  • Ensure the NAO designs and operates a best of breed Information Security Management System compliant with IS27001.
  • Stress tests the NAO’s Digital Plan and IT architecture to identify potential weaknesses and threats to defending the information assets we hold.
  • Engage with technology projects and provide timely input and advice.


Key tasks include:

  • Overseeing and coordinating security efforts across the Office including the implementation of the Digital Assurance components of the NAO Digital Plan.
  • Identifying and establishing security initiatives and standards throughout the Office
  • Providing technical and administrative support for the development of Disaster recovery and administrative support and development.
  • Aligning our approach to information security within an approved Digital Plan including where cloud solutions drawing on the technical standards / principles produced by HMG.

Required skills and experience

The successful candidate will have the following skills and experience:

  • Substantial experience of an information security role gained in a similar sector or financial services organisation
  • Proven track record for driving new initiatives such as Network Behaviour Analysis, Cyber Security, Compliance, Risk Management, Endpoint protection through deploying effective change management techniques.
  • Skilled in the strategy, planning, delivery, implementation, operations and compliance reviews of: Cyber and Network Security | Cloud Security (Azure) | Data Analytics |       Regulatory Compliance | Data Protection 1998 Act |
  • Transformational leadership style to deliver the optimum performance from the team.
  • Effective communicator and change agent, linking strategic view with pragmatic, operational execution and excellence.

For full details of the role, please refer to the Job description.


You must be a UK, Commonwealth, EEA or Swiss national to comply with Civil Service nationality rules and must hold a valid work permit. We are not able to sponsor work visas.

 Recruitment process

  • Please submit your CV and cover letter outlining your suitability for the role
  • The deadline for applications is 11.55pm on Sunday 17 November



This Program / Vacancy is closed to applications.