Principal Lawyer – Cyber EnforcementFull time / Part time Salary: £69,371- £79,372 pa, with potential for further progression to £89,369 with our pay progression scheme. Location: Hybrid Contracted to our Wilmslow, London, Edinburgh, Cardiff or Belfast office, however, we offer flexible home and office-based working opportunities. There will be times when you will be expected to attend the office to collaborate with colleagues or travel due to business need. Please note from Autumn 2026 our head office will be relocating from Wilmslow to Manchester city centreWhy work for the ICO? Pay progression scheme.Hybrid and flexible working options. 25 days paid holiday per year, plus privilege and public holidays. Flexi leave (up to 26 additional days leave per year). Pension (employer contribution around 28.9%). Online discount scheme to save money at major supermarkets, retailers, gyms, restaurants, insurance providers and many more. Health Cash Plan. Fantastic development opportunities to learn and progress. Further details can be found on the benefits section of our . Job summaryThe Cyber Enforcement Principal Lawyer will work within the ICO Legal Service (Enforcement) team, providing legal advice to support civil regulatory enforcement action in relation to cyber security under the UK GDPR, DPA 2018 and PECR 2003 and also to support NIS enforcement activity under the NIS Regulations 2018 as well as ongoing and future legislative reforms.The post holder will provide expert legal advice, and forge partnerships with other areas of the organisation to achieve consistency of approach, efficiency and the delivery of high quality, timely and risk-based legal advice to the Commissioner. The post holder will work closely with the Regulatory Cyber Team to ensure we have in place robust procedures for NIS enforcement and Cyber enforcement activities.Job descriptionThe Cyber Enforcement Principal Lawyer will act in accordance with directions given by the Commissioner (and Executive Team) and Legal Directors, under the overall supervision of the ICO’s General Counsel. They will advise as to the appropriate legal position in civil investigations (including NIS investigations), including providing strategic advice and working closely with the investigators on cases.As one of the ICO’s noted legal experts in their field, the Principal Lawyer will provide technical legal support to others across the organisation.Post holders will work with their legal colleagues to ensure that learning and development across the ICO Legal Service is shared and developed collectively.Key ResponsibilitiesProvide expert legal advice on high priority, complex civil regulatory enforcement and NIS matters, including issuing monetary penalties.Effectively and independently manage a caseload of complex civil enforcement and NIS matters, adding value to the wider operations and influence of the ICO.Provide advice on the ICO’s role as the UK’s competent authority under the NIS Regulations, including its responsibilities in cross-border regulatory cooperation and enforcement, particularly in the context of evolving frameworks such as the EU’s NIS2 Directive.Provide expert cyber security advice in areas of responsibility by being fully conversant with all relevant legislation and ICO policies, as well as leading on developing strategy and thinking on novel and complex legal issues.Manage and develop lawyers in the Legal Service, provide supervision to other lawyers and, as appropriate, instruct external lawyers on key matters. Ensure that all supervised lawyers are continually developing and competent and undertaking sufficient development opportunities to maintain their practising certificate.
Seek continuous improvement in all areas of responsibility, recommend changes, and manage and lead on regulatory initiatives to ensure that implementation is successfully achieved.Participate and where appropriate lead, on behalf of the ICO, at meetings and events where senior representation is required, some travel including overseas may be required.Identify opportunities and risks to the ICO’s operations and reputation and make recommendations for improving the ICO’s legal risk management of its own regulatory compliance as well as that of external sectors/organisations.Engage with colleagues across the organisation, media and other external stakeholders on important legal issues related to civil enforcement cases.Contribute to the development of colleagues in the ICO by preparing or delivering in-house training as required. Person specification Essential criteria assessed at application stage:Applicants must be qualified to practise as a Solicitor, Barrister or Chartered Legal Executive in England and Wales or, in respect of Applicants qualified in a jurisdiction outside of England and Wales, must have an appropriate equivalent professional qualification and may be required to undertake the Solicitors’ Qualifying Examinations (or apply and be granted an exemption of one or both parts) within a defined period.Experience and insight into the ICO’s enforcement powers in relation to cybersecurity, including its approach to investigating breaches, issuing sanctions, and promoting compliance under frameworks such as the UK GDPR and the Network and Information Systems Regulations.Substantial experience of regulatory enforcement work or equivalent experience of complex contentious work or the ability to quickly develop skills in this area. Experience of providing strategic legal advice in a regulatory environment including knowledge of public law principles and/or the ability to quickly develop skills in this area.Experience of supervising other lawyers. Some experience of managing others and/or the ability to quickly develop skills in this area.Essential criteria assessed during interview:Excellent legal analytical skills.Ability to interpret and apply complex legislation to particular situations and to engage in debate about these issues.Excellent written and verbal communication and presentation skillsAbility to draft complex legal documents including provisional and final decisions (including notices of intent, enforcement notices and monetary penalty notices).Understanding of the regulatory environment (including capacity to learn about NIS regulation) and the public sector generally including the democratic, political and organisational framework of a regulator.Ability to seek out, manage and influence opportunities for continuous improvement and changePersonally effective – excellent organisational skills, ability to prioritise and delegateEquality, diversity, and inclusion The ICO is committed to promoting and enhancing equality, diversity, and inclusion. We are focused on developing a workforce that is representative of the communities we serve and together we are building an inclusive workplace where all of our colleagues have the opportunity to make a real difference. We are championing this through our Equality Diversity and Inclusion Board together with a number of staff networks. Read more about our commitment on our website. Candidates with a disability who meet the minimum criteria for this vacancy will be invited to interview as part of the ICO’s commitment to the Disability Confident Scheme.As part of the ICO’s commitment to our EDI objectives and creating a workplace that represents the communities and societies we serve, we guarantee an interview to candidates who declare they identify as belonging from an ethnic minority background and who meet the minimum criteria for this vacancyIf you are disabled or have an impairment and require an alternative application method, please email the HR team at kClosing Date Please submit your CV and a cover letter detailing your suitability for the role by 23:59 on Wednesday 19th November 2025Your cover letter should be no more than 1,000 words and should clearly articulate how your experience and aspirations align with the specific expectations of this roleWe may close this vacancy early if we receive a high volume of applications. To ensure your application is considered, we encourage you to apply as soon as possible. If you require any reasonable adjustments to support your application, please contact us at .In the event of a high volume of applications, we may not be able to invite all candidates who meet the minimum criteria to interview. However, we encourage you stay in touch and apply for future roles that match your interests.All candidates who meet the minimum criteria and apply in-line with our guaranteed interview scheme for disabled and ethnic minority applicants will be interviewed.
Read Less
