Head of Cyber Security

We are seeking a proven cyber security leader to take full ownership of the RSPB’s cyber security strategy and operations. This is a critical, strategic role for someone who can make immediate impact, bringing deep technical and practical expertise, to confidently lead the organisation’s cyber security agenda.

You will be the go-to authority on cyber security, responsible for safeguarding our digital infrastructure, data, and services. Reporting directly to the Chief Digital Technology Officer, you will shape and deliver a forward-thinking cyber strategy that ensures resilience, compliance, and a strong security culture across the RSPB.

This is not a developmental role. We are looking for someone who has already led cyber security at scale, ideally in a complex, multi-stakeholder environment, and who can confidently operate at a senior level from day one.

Key Responsibilities

• Lead the development, implementation, and continuous improvement of the RSPB’s cyber security strategy.

• Act as the senior accountable executive for cyber risk, compliance, and incident response.

• Provide expert advice to the CDTO, trustees, and executive board on cyber threats, risks, and mitigation strategies.

• Embed a cyber-aware culture across the organisation through training, awareness campaigns, and policy enforcement.

• Maintain oversight of cyber KPIs, threat intelligence, and incident response protocols.

• Ensure compliance with relevant regulatory frameworks (e.g., PCI DSS, NIST, ISO 27001)

• Build and maintain strategic relationships with external partners, including regulators and the National Cyber Security Centre.

• Represent cyber security in major organisational change programmes and digital transformation initiatives.
  

Essential Qualifications 

• Professional security certification such as CISSP, CISM, or equivalent.

• Degree in Cyber Security, Information Security, or Digital Technology, or equivalent professional experience (minimum 10 years in cyber security roles, with at least 5 years in a senior leadership capacity).

• Membership of a recognised professional body (e.g., (ISC)², ISACA, BCS).

Essential Knowledge and Experience

• Demonstrable experience leading cyber security in large, complex organisations.

• Deep understanding of cyber security frameworks and standards (e.g., NIST, ISO 27001, PCI DSS).

• Proven track record of developing and delivering cyber strategies and managing risk at an enterprise level.

• Strong technical knowledge of modern security technologies and principles, including Azure, AWS, and SaaS environments.

• Experience of governance, risk management, and compliance in regulated environments.

• Evidence of leading cultural change and embedding cyber awareness across diverse teams.

• Experience advising executive boards and trustees on cyber risk and resilience.
  

Essential Skills

• Strategic leadership and influence at executive and board level.

• Ability to operate independently and take full ownership of the cyber function.

• Strong communication skills with the ability to translate technical risk into business impact.

• Decisive and calm under pressure, particularly in high-risk or incident scenarios.

• Skilled in building high-trust relationships with internal and external stakeholders.
  

Desirable

• Experience in cyber leadership within the charity or not-for-profit sector.

• Evidence of sector-wide advocacy, thought leadership, or contributions to national cyber policy or forums.

This is a Full-Time, Permanent role for 37.5 hours per week. RSPB provides a flexible working policy.