Head of Cyber Security Compliance and Assurance

As the Head of the Home Office Cyber Security Compliance & Assurance Function, you will use your skills, expertise, and experience to lead and inspire a world class security function delivering Compliance and Assurance across the Home Office and its Arm’s Length Bodies. You will support the Home Office CISO and wider HOCS capability, drawing on a range of evidence to proactively provide risk-based advice to stakeholders across the organisation up to the highest levels. Additionally, you will support the departments adoption of ‘Secure by Design,’ embedding it within the full product lifecycle from inception to decommissioning. The role includes managing four sub functions that deliver Cyber Internal Audit, Strategic Assurance, Third Party Assurance, and 2nd Line Assurance.

HOCS is a committed and inclusive team of cyber professionals focused on reducing cyber risk across new and existing digital services, supported by a strong culture of collaboration and continuous professional development.

Due to the nature of the post this role is available on a full-time basis with the option of compressed hours working.

Your main day to day responsibilities will be:

• Delivering annual GovAssure assessments across the Home Office (HO) and its Arms-Length Bodies, including supporting deep‑dive Cyber Assessment Framework (CAF) reviews for the department’s most critical and CNI services.
• Overseeing HO Cyber Assurance, leading the department’s cyber second line. Provide effective check‑and‑challenge across products and portfolios to ensure compliance with security policies and required controls.
• Maintaining the HO Three Lines of Defence model aligned to the Cyber Assurance Framework, working with the Cyber Policy Team to develop and update assurance policies, standards, processes, and guidance.
• Managing the Third‑Party Assurance (TPA) function, covering regulatory and legislative compliance for HO business areas and suppliers, including ownership of associated tooling, budgets, and contracts.
• Managing the Internal Audit function to deliver cyber reviews and audits, assess control effectiveness, and drive continuous improvement.
• Leading analysis of complex security and information assurance requirements and advise on cyber governance arrangements to maintain organisational security confidence.
• Communicating findings and risk assessment outcomes clearly to senior leaders across government, shaping decisions on security strategy, risk management, and policy. Champion risk‑management policy and ensure alignment with regulation and wider government standards.

Essential Skills

• Leading and mentoring a diverse team of security specialists. 
• Producing, analysing, or implementing technical or security policies in a large organisation and clearly articulating the business impact while balancing with practicality and effectiveness. 
• Championing cybersecurity risk and ensuring ongoing appropriateness or practices. Capability to advocate for cybersecurity while collaborating across business units for effective implementation. 
• Developing and implementing cybersecurity risk, assurance or governance processes and procedures including driving continual service improvements through the measurement and challenge of services and processes, tools, and capability.
• Ability to network within the broader security industry, sharing best practice within and beyond the Home Office and the portfolio you lead.
• Advising on NCSC cyber security standards and guidance and working in or with government departments.

UK residency and security requirements       

Please note that this role requires Security Check (SC) clearance, which would normally need 5 years’ UK residency in the past 5 years. 

Candidates must also hold or be prepared to undergo NPPV3 clearance.

However, in exceptional circumstances security clearance applications for candidates who have been present in the UK for at least 3 of the last 5 years may be considered. Failure to meet this residency requirement will result in your security clearance application being rejected.