Tony Blair Institute for Global Change

Director of Security & Compliance

Tony Blair Institute for Global Change  •  London, GB (Onsite)  •  3 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

We don’t just talk, we do. Lead the change with us.

At the Tony Blair Institute for Global Change, we work with political leaders around the world to drive change. We help governments turn bold ideas into reality so they can deliver for their people. We do it by advising on strategy, policy and delivery, unlocking the power of technology across all three. And by sharing what we learn on the ground, so everyone can benefit. We do it to build more open, inclusive and prosperous countries for people everywhere.

We are a global team of over 800 changemakers, operating in more than 40 countries, across five continents. We are political strategists, policy experts, delivery practitioners, technology specialists and more. We speak more than 45 languages. We are working on over 100 projects, tackling some of the world’s biggest challenges. We’re all here at TBI to make a difference.

In a world of ever more complex challenges, we believe diversity of background and perspective is a strength. We pride ourselves on a culture that values and nurtures difference. We are dedicated to unlocking potential, not only for the countries we work in but also for each of our team members. No matter where you’re from or who you are, if you’re passionate about the transformative power of progressive politics, we invite you to build a better future with us.

TBI operates globally in politically sensitive environments, handling sensitive policy, advisory and donor information across multiple jurisdictions. Following the establishment of Cyber Essentials+ certification, a live outsourced SOC and a 24/7 monitoring posture, Digital is now entering a phase of security and compliance maturity that includes ISO 27001 ambition, AI security and governance across a rapidly expanding AI estate, and a deepened compliance posture across the regulatory regimes in which TBI operates.


The Director of Security & Compliance is a new, senior role accountable for the security, governance, risk, compliance, continuity and data protection posture of TBI. Reporting to the CTO, this role leads the Security & Compliance function - the IT Security Engineer and the outsourced SOC - and provides authoritative leadership on cyber, AI and information security across the Institute. It is the named accountable owner for our certifications, our risk register, our continuity arrangements and the security and governance of our AI estate.


You will be an experienced security and compliance leader with deep expertise in modern cyber operations, governance frameworks (ISO 27001 in particular), risk management and the security and governance of AI in an enterprise context. You will work closely with Legal & Risk, the Director of Applications, the Enterprise Architect and the CTO to ensure our security posture enables rather than constrains TBI's mission.

Key Responsibilities

Security Operations

  • Accountable for security monitoring, incident response, remediation and security tooling / platform management across TBI (both internal and external)
  • Own the relationship with the outsourced SOC and line manage the IT Security Engineer
  • Own the firm-wide security awareness programme - phishing simulation, user training and security culture (delivered through a vCISO arrangement where appropriate)
  • Own the design of identity, access (RBAC) and authentication (MFA / SSO) standards, partnering with the Global Service Desk Manager who owns day-to-day operation

Governance, Risk & Compliance

  • Own TBI's IT governance framework adoption and maintenance, including the supporting RAPID and accountability mapping
  • Own the regulatory and standards compliance posture - GDPR, ISO 27001, Cyber Essentials+, and others - including certification maintenance, control evidence, audit readiness and statutory reporting
  • Lead TBI's path to ISO 27001 certification as a strategic programme, including the definition of certification scope across emerging functions and capabilities
  • Own the central Digital & Data Security risk register - identification, assessment, mitigation and ongoing maintenance - in partnership with Legal & Risk

Data Protection & Privacy

  • Own the data classification framework (design and operation), data retention policies and the GDPR / data subject rights operating model
  • Partner with Legal on the firm-wide data protection programme and breach notification process

Continuity

  • Own disaster recovery and business continuity planning, testing and recovery - including RTO / RPO definition for critical systems and the incident communications plan

AI Security & Governance

  • Own the security posture of TBI's AI estate - access and authentication for AI platforms, prompt and output data protection, prompt injection and jailbreak defence, and third-party AI vendor risk assessment (Anthropic, OpenAI, Salesforce Einstein, and others)
  • Own TBI's Responsible Use Policy for AI tools across the firm
  • Partner with the Director of Applications, the Enterprise Architect and the CTO to ensure all AI initiatives across TBI - including AI capability developed outside of Digital - sit within an appropriate security and governance envelope

DevSecOps

  • Own DevSecOps practice: secret management, vulnerability scanning (SAST / DAST / dependency scanning), pipeline security gates, container and workload security and code-level vulnerability management
  • Partner with the Director of Applications to embed security controls into the engineering practice without becoming a delivery blocker

Third-Party Risk

  • Own third-party security risk assessment and ongoing vendor security monitoring, in partnership with the Head of Digital Transformation & Performance, who owns the vendor relationship and performance lifecycle

Person Specification

  • Significant senior leadership experience in security and compliance roles within a mid-to-large global organisation
  • Deep, demonstrable expertise in ISO 27001 - ideally as named lead on a successful certification programme - together with working knowledge of SOC 2, NIST CSF and other relevant frameworks
  • Strong technical credibility across modern security operations: SIEM, EDR, IAM, vulnerability management and DevSecOps tooling
  • Demonstrable expertise in GDPR and data protection in a global, multi-jurisdiction context
  • Demonstrable understanding of AI security and AI governance - prompt injection, model risk, third-party AI vendor risk and the operational realities of running an AI estate at scale
  • Experience designing and running risk registers and risk processes at organisational level
  • Strong stakeholder credibility at executive level; able to articulate security posture in business terms and influence non-technical audiences
  • Pragmatic, proportionate and able to balance security rigour with delivery velocity
  • Experience managing technical security staff and outsourced security partners
  • Comfortable operating in politically sensitive contexts and exercising judgement on disclosure, escalation and risk acceptance

Qualifications & Certifications

Essential

One or more of these certifications

  • CISSP (ISC)
  • CISM (ISACA)
  • ISO 27001 Lead Implementer
  • CIPP/E or CIPM (IAPP)
  • CRISC or CGEIT (ISACA)
  • CCSP
  • AIGP

Candidates must have the legal right to work in the UK to apply for this role. We reserve the right to close this role early if we receive a sufficient number of applications.

Closing Date:

2026-08-09

Tony Blair Institute for Global Change

About Tony Blair Institute for Global Change

We are the Tony Blair Institute for Global Change.

We work with political leaders around the world to drive change, helping governments

deliver for their people by turning bold ideas into reality.

We do it by advising on strategy, policy and delivery, unlocking the power of technology across all three. And by sharing what we learn on the ground, so everyone can benefit.

We do it to build more open, inclusive and prosperous countries for people everywhere.

If you believe politics done well has the power to transform lives, we invite you to join us.

Together we can build a better future.

Industry
Nonprofit & NGOs
Company Size
501-1,000 employees
Headquarters
Global, OO
Year Founded
2017
Social Media