Role Head of Information and Cyber Security

Location Hybrid. 1 day per week in London. Flexibility where needed.

Salary £84,500 plus benefits

This is a deliberate search for a rare blend of skills.

The organisation is looking for someone who can still think and act technically, while also owning and shaping the entire Information and Cyber Security vision moving forward. This is not a purely strategic or advisory role, and equally it is not a hands-on engineering post. It sits firmly in the middle.

You will be trusted to set direction, define priorities, and build a long-term security roadmap, while also being close enough to the detail to review designs, interpret diagrams, challenge suppliers, and make confident technical decisions when it matters.

The organisation has already established strong foundations, including a dedicated cyber function and a managed SOC. The focus now is on maturity, clarity of vision, and leadership that balances pragmatism with ambition.

Job Responsibilities

Reporting into the Director of Technology, you will:

• Own and evolve the organisation’s Information and Cyber Security strategy and roadmap, aligned to NIST
• Act as the senior technical authority for cyber security, able to engage deeply with architecture, designs, and risk trade-offs
• Talk audit and risk (!) – talk at board and committee level
• Lead incident response, risk management, and disaster recovery with both strategic oversight and technical understanding
• Line manage two Data Protection Officers (DPOs), ensuring privacy, governance, and cyber security operate together
• Own and actively manage third-party security partners including SOC, vulnerability management, patching, and firewall services
• Work closely with Heads of Infrastructure and Heads of Programmes, influencing secure design, delivery, and change across the organisation
• Drive Cyber Essentials Plus accreditation and continuous improvement across security controls
• Translate technical risk into clear, practical insight for risk, audit, and board stakeholders
• Build a security culture that is proportionate, pragmatic, and embedded into everyday ways of working

Technology Environment

This role will suit someone who no longer configures tools day to day but still enjoys engaging with the technical detail and expects to remain technically credible.

You should be comfortable reviewing and challenging across areas such as:

• Network and firewall architecture
• Identity and access management and MFA
• Vulnerability management and patching strategies
• Phishing, endpoint protection, and incident response workflows

You will be expected to make technical decisions, not simply approve recommendations.

Essential Experience

• Senior Manager, Lead, or Head-level experience in Information and Cyber Security
• Evidence of balancing hands-on technical understanding with ownership of broader security strategy and vision
• Strong experience managing SOCs and external security service providers
• Experience of working at board level working with audit and risk committees.
• Practical working knowledge of NIST and experience supporting Cyber Essentials Plus or similar frameworks
• Confidence engaging with engineers, architects, Heads of Infrastructure, programme leaders, executives, and non-technical stakeholders

Nice to Have’s

• Background in infrastructure, networks, or security engineering earlier in your career
• Experience operating in complex or regulated environments such as public sector, charity, or enterprise
• Experience leading security through a phase of maturity rather than initial setup

Why Join

You will have the space and trust to shape the long-term security vision, while remaining close enough to the technical detail to ensure decisions are grounded, credible, and effective. It is a chance to build something lasting, in third sector organisation where its people and security are valued and the mission genuinely matters.