Head of Cyber Security WCC623727

Salary range: £79,005 - £109,833 per annum. Salary negotiable depending upon experience.

Work location: Westminster City Hall, 64 Victoria Street, Westminster, SW1E 6QP

Hours per week: 36

Contract type: Permanent

Vetting requirements: Standard DBS Check

Closing date: 04 May 2026

Interview dates: There will be an in person assessment at Westminster City Hall on 11 May 2026, followed by interviews on 20 May 2026

As Head of Cyber Security you can make your own powerful contribution to Westminster's success. This is a senior security role, where the focus is on helping the organisation do its best work - with security built in, not bolted on.

You will lead the Cyber Security team and shape the Council's security strategy and policies, making sure they are practical and fit for a local government environment. Working closely with colleagues across Digital and Innovation, and alongside the Senior Information Risk Owner (SIRO) and the Data Protection Officer (DPO), you will help embed security into everyday decision making and into how services are delivered.

A big part of the role is about continuous improvement. You will lead work to strengthen the Council's security posture, aligning with industry standard control frameworks and staying on top of the wider threat landscape, including the specific risks facing local government. You'll help the organisation balance delivery, risk and compliance - supporting informed choices rather than blocking progress.

You will provide clear leadership and direction for the Cyber Security team, including managing the budget for people, tools and capital projects. You'll oversee business as usual security activity, from incident response and vulnerability management through to security engineering improvements and protecting the Council's supply chain.

You'll also be a visible advocate for good security culture. You will drive change across the organisation by promoting secure by design principles, embedding security into the Software Development Lifecycle, and supporting teams to make safer choices when selecting products and services. Through security communication and engagement campaigns, you will help build understanding and shared ownership of security at all levels.

The role has a strong external and operational dimension too. You will represent the Council in local, national and international forums and partnerships, sharing insight and learning from others. You will also play a key role in responding to major incidents - supporting Borough Emergency Control Centre activation, taking part in the emergency rota, and coordinating responses with the Executive Team, the Security Operations Centre and cyber incident response partners.

You bring a strong, practical understanding of cyber security and how it supports real business outcomes. You've worked with recognised standards such as ISO/IEC 27001 and Cyber Essentials, and you know how to apply information and security legislation - including GDPR, FOI and PCI DSS - in ways that enable delivery rather than restrict it. You also stay close to the evolving threat landscape and understand the organisational challenges that come with managing risk in a local government context.

Your technical background gives you deep knowledge of modern security practices across services, infrastructure, hosting and platforms, including open source technologies and modern software development approaches. You're comfortable working across cloud and on premise environments, using tools such as identity and access management, SIEM, firewalls and secure remote access. You understand DevOps and SecOps ways of working, are used to operating at pace in a culture of continuous release, and can set clear service and development standards.

You're confident balancing client, organisational and technical needs, and making the trade offs that shape strategy and direction. You've worked closely with senior stakeholders and across multiple teams, bringing people together around complex decisions. With experience building and securing complex services in code, you understand how security design choices play out in practice, not just in theory.

You communicate clearly and in understandable terminology, bridging the gap between technical detail and user centred outcomes. You can assess services, identify risks and vulnerabilities, and work with others to design secure, proportionate solutions that reduce risk while keeping services accessible. Comfortable influencing strategy, policies and behaviours, you adapt your approach as needed and stay effective in a fast changing environment.

Westminster City Council is committed to supporting Care Leavers into the workplace. Care leavers seeking their first job and who wish to be considered under our scheme, will automatically be invited to interview should they meet the essential criteria for the role.

The Council is committed to achieving diverse shortlists to support our desire to increase the number of staff from under represented groups in our workforce. We especially encourage applications from a Global Majority (GM), people who are Black, Asian, Brown, dual heritage, indigenous to the global south, and/or have been racialised as 'ethnic minorities' (formally known as B.A.M.E, Black, Asian and Multiple Ethnic) background and, while the role is open to all applicants, we will utilise the positive action provisions of the Equality Act 2010 to appoint a candidate from a global majority background where there is a choice between two candidates of equal merit. If you are from a Global Majority background you can self declare this to the hiring manager as part of our positive action commitments.

Westminster City Council is a Disability Confident Employer. If you have declared a disability in your application, we guarantee an interview if you meet the essential criteria of the job. If you are invited for interview, you will be asked if you need any reasonable adjustments in order to attend, and we will make these wherever possible.

We reserve the right to extend or close this vacancy early without warning subject to the volume of suitable applicants.