CISO

About Us:

We’re Nominet – a world-leading domain name registry operating at the heart of the UK internet. While we're best known for running .UK domains, our DNS expertise also underpins critical internet infrastructure that government services, including the NHS, rely on. As a public benefit company, our work has a positive impact on society. We’ve donated millions to projects that use technology to improve people’s lives and have committed to delivering £60m worth of support over the next three years.

The Role:

We are looking for a Chief Information Security Officer to deliver an industry leading security posture at Nominet. This is a critical role with responsibility for all aspects of Information Security.

The role will ensure Nominet remains at the forefront of regulatory compliance and standards while delivering exceptional operational performance across the business. You will work with our engineering teams to help underpin and realise our ambition to become a world class software company. Protecting the Nominet from security threats and cyber risk is of paramount importance for a company running critical national infrastructure and this role is pivotal to upholding security standards through a period of business change.

Reporting to the CTO, the CISO is a key member of the extended leadership team whose purpose is to be an advocate for Nominet’s total information security needs. The CISO is responsible for the development, direction, management and delivery of information security across the business both internally and externally. The role will encompass communications, applications and infrastructure, including the policies and procedures which apply across the company.

As CISO you will lead the on-going development and implementation of a security program that involves all business teams. Leading information security governance to advise the senior leadership team and the executive team on security direction while ensuring risk management is managed effectively with appropriate policies and controls.

What You'll Be Doing:

Support and drive Nominet’s ambition to become a ‘World Class Software Company’

Functional Leadership

Deliver a Secure and Resilient business

Ensure security and resilience remains a priority in the delivery of Nominet’s group operations

Maintain a current understanding of the IT threat landscape for the industry

Enhance, develop and maintain key operational procedures with a standards-based approach for all security work, ensuring effective development and operational compliance to applicable recognised standards

Lead the security requirement inputs for key transformation projects

Operate as Nominet’s Security Ambassador both Internally & Externally – championing Nominet’s role in the industry

Develop and embed a security focused culture across the organisation. Communicate best practices and risks to all parts of the business. Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced

Brief the Board, Executive Team, senior management team and other key stakeholders on status and risks

Be a key partner to the CTO in helping to create strategy and process that will further the work of the organisation and ensure Nominet has the highest possible operational and technical security procedures in line with expectations of an operator of Critical National Infrastructure

Ensure Business Continuity

Support New Business Development

Contribute to the development of key internet and security standards

Develop relationships with existing CERT and responder community, looking to proactively develop new ideas

About You:

The criticality of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders and external partners. There is a balance to be found between security strategy, good practice and other priorities at an organisation wide level, e.g., project delivery with clear security guardrails. This position needs a proactive and enthusiastic team lead who is excited by managing technology to deliver world-class data support to the Nominet business.

Must Haves:

10 years+ experience working in an IT-Security role

5 years+ in lead or management positions

A good understanding of Internet, DNS, threat analytics, networking and infrastructure technologies

In-depth knowledge of current security threats and issues as well as mitigation techniques

Skilled in policy debate and discussion

Experience working on committees and working groups with an ability to drive decisions through consensus

Digital leadership skills – capable of empowering and leading a security team to meet business and security goals

Solid people management skills – providing direction, monitoring performance, motivating staff and building a positive working environment

Ability to adapt to a fast-moving threat landscape and keep pace with latest thinking and new security technologies

Analytical mind capable of managing numerous information sources and providing data analysis reports to senior management

Strong customer focus – able to meet the demands of internal and external customers

Excellent communication skills – providing verbal and written communication that is outstanding to both direct reports and senior management as well as other stakeholders

Flexible and adaptable – capable of changing direction where required and showing flexibility to meet new demands

Creative thinking – able to look at alternatives and consider new ways of thinking to problem solve

Proven experience with:

Developing and delivering security strategies ideally in the environment of critical national infrastructure

Working with Board and Executive level management

Developing compelling and impactful business cases and presentations

CISSP, CISP, CISM or equivalent qualification highly desirable

Experience with Cyber Essentials, ISO 27001/2 (or BSI equivalent) standards desirable

Previous government security clearance, e.g., SC/DV

Working at Nominet:

Our people make things happen, but our values are our compass as a company, guiding our day-to-day work and building our culture. They reflect that we're strongest when we're proactive and pull together, while underlining the importance of a "glass half full" mindset and aiming to keep things simple for success.

What We Offer:

Early Finish Friday – Working week of 34 hours with full-time pay. (Finish at midday on Friday)

30 days of annual leave plus bank holidays, with the ability to purchase an additional 5 days

Bupa private healthcare + Employee Assistance Programme

Electric vehicle scheme with on-site charging points

Rewards platform with access to discounts at hundreds of shops, restaurants etc.

Medicash discounts on routine healthcare including optical, dental and much more

Company and individual performance-based annual bonus

Diversity Statement:

We're passionate about creating a workplace where every individual is valued, respected, and empowered. Somewhere we can benefit from all forms of diversity and discover the true value in our differences. If there are any adjustments we could make to the recruitment and selection process to support you, please let us know

Security Statement:

Nominet is committed to the safeguarding and welfare of the internet and expects all employees and volunteers to share this commitment by participating in the relevant security and screening processes. All roles working for Nominet will be subject to a Baseline Personnel Security Standard (BPSS) check. Some roles due to the nature of their work, will require additional security clearance.