Ministry of Justice

The Role

As the Chief Information Security Officer (CISO) for the Ministry of Justice, you will step into a critical strategic leadership position, providing authoritative direction, oversight and assurance for cyber and technology security across one of the UK government’s most complex and high‑risk departmental environments. As the MoJ continues to embed advanced technologies including artificial intelligence and modern digital platforms, to transform the delivery of justice services, you will set expectations and provide assurance that these advancements are introduced safely, responsibly and securely, protecting the public, MoJ staff and the integrity of our essential services.

In this role, you will focus on navigating an increasingly adversarial cyber threat landscape. The MoJ is regularly targeted by highly capable malicious actors seeking access to sensitive government information, to sophisticated criminal groups pursuing financial gain through ransomware and data theft, to those aiming to disrupt public services. These challenges are intensified by our large operational footprint, the presence of legacy systems, and interconnected dependencies across the wider justice system. You will ensure these risks are rigorously identified, proactively managed and clearly communicated to senior leaders, enabling robust cyber resilience across the department.

In this position, you will lead a cyber security function responsible for policy, assurance, incident coordination, security culture and specialist advisory support across the organisation, leading a team of specialists and managing an annual budget. You will shape departmental cyber strategy, influence executive decision‑making and represent the MoJ across government.

You will provide independent scrutiny of cyber risk, set policy and control expectations, assure their implementation and lead senior‑level responses to major cyber incidents. Your leadership will be pivotal in safeguarding the confidentiality, integrity and availability of MoJ systems and information, ensuring that the organisation remains resilient, secure and fully capable of delivering trusted justice services to the public.

You will proactively contribute as part of the senior leadership team for Security and Information Directorate and wider Service Transformation Group, contributing to their strategic direction.

Key Responsibilities

• Provide strategic leadership and direction for cyber security across the organisation. Oversee a specialist cyber security function of around 45 staff, shaping long‑term strategic direction, evolving cyber strategy in line with government policy, embedding strong cyber capability across all services.
• Set and maintain the organisation’s cyber security policy framework and control expectations. Define security outcomes, maintain clear separation between policy, standards and guidance, and establish proportionate and effective assurance mechanisms to assess whether these expectations are being met, and escalate where they are not.
• Deliver independent oversight, scrutiny and challenge of cyber and technology risks. Act as the department’s second line of defence by objectively assessing risk management practices, challenging delivery teams where required, ensuring risks are accurately understood and mitigated, and escalating significant concerns for appropriate governance intervention.
• Improve transparency and quality of cyber risk information to support executive decision‑making. Ensure cyber and technology risks are clearly articulated, prioritised and evidence‑based; provide high‑quality, evidence-backed, analysis and reporting for senior leaders; and support informed decisions on cyber risk, resilience and investment priorities.
• Lead senior responses to major cyber incidents and strengthen organisational resilience. Provide senior leadership and coordination during significant cyber incidents and issues, supporting operational decision-making and escalation, as well as post-incident improvement activities.
• Build strong collaboration across the justice system and government cyber community. Maintain productive relationships with internal delivery teams and agencies, represent the organisation in cross‑government cyber forums, engage with national partners such as NCSC and GCU, and influence cross‑government information security initiatives to ensure departmental risks and priorities are recognised.
• Define and monitor performance against standards, KPIs and targets to ensure legal compliance is achieved and maintained across MoJ and its Executive Agencies and the reputation of the department is maintained in the eyes of Ministers, the public and employees in all related matters.
• Manage an annual budget of approximately £5m and be responsible for ensuring expenditures remain within departmental spending limits to deliver a good, value for money, service.
• Collaborate as part of the Senior Management Team for Security and Information Directorate, supporting the Director and helping to shape the culture of the Group and working with the other Deputy Directors to align the portfolios and collaborate on cross-cutting issues