Cyber, Risk & Assurance Lead

Summary

Job description

You will play a leading role in supporting the Information and Assurance Manager in delivering the operational objectives of the security team.

You will act as the first line of support for security related queries and incidents, maintaining joint ownership of the Corporate Security Team mailboxes, managing workloads and responding to requests.

You will support the team to effectively manage and maintain the security risk register, working with security business partners to ensure compliance with the risk framework.

You will support the security audit schedule (e.g., DSHC, CAF), assisting completion of all activities by relevant stakeholders.

You will enable a positive, engaging and inclusive security culture through supporting the security education and awareness programmes, building a network of security partners across Government, and the broader security industry to share best practice, adopt common approaches and foster joint working on areas of mutual interest.

You will support the development of continuous improvement of our policies, processes and standards.

Support the promotion of cyber security standards and best practice across the GPA, guiding and influencing project and policy decision making, as appropriate and seeking novel resolutions to challenging security issues.

Supporting the Information and Assurance Manager, you will work closely with the business to provide trusted advice and support across all aspects of Security – data, information, assurance, cyber, and 3rd party suppliers, safeguarding the Department’s assets in relation to confidentiality, integrity, and availability of information, helping ensure that the GPA meets its legal responsibilities in managing security related risk.

Key responsibilities:

Review cyber security risk assessment processes against policy and approved frameworks (e.g., NIST), shaping the SbD approach through lessons learned activity; help embed this approach into business and project plans.
Reporting: Supporting and developing regular reports on security metrics, incidents, and our compliance status for key governance forums and government authorities.
Compliance and Assurance: Support all audit activities (e.g., DSHC, CAF) and updating our audit schedules as required.
Incident Management: Updating the incident management logs, arranging lessons learnt with the team and updating any processes or policies as required.
Supply Chain Security: Working with others across the business to support security assurance activities, providing advice and guidance where needed.
Risk Management: Support the management and maintenance of the security risk register by working collaboratively with the security business partners.
Security Awareness and Training: Support the delivery of a security awareness program to educate staff on security best practices and promote a security first culture throughout the organisation.

Person specification

Proactive individual, with the proven ability to build collaborative relationships with a range of stakeholders.
Flexible and dynamic approach to work, with ability to prioritise workloads.
Exceptional organisational and time management skills.

Experience & Technical Skills

Essential criteria

Experience of Risk Management.
Good understanding of Information Security and approved security standards (e.g., NIST, ISO etc)
Ability to communicate with a variety of stakeholders on security topics.
Excellent analytical and problem-solving skills, adopting a positive approach and displaying flexibility of mind when encountering new situations.
Excellent organisational and time management skills, with the ability to prioritise competing workloads.
This role has been mapped to ‘Cyber Security Risk Manager’ in the UK Government Security Profession Career framework and will require the skills attributed for a Cyber Security Risk Manager at Associate level.
Experience of working in either a cyber security/information security or risk management role.
Experience of incident management.

Desirable criteria

Recognised qualification in Risk management or Information Security.

Behaviours

We’ll assess you against these behaviours during the selection process:

Working Together
Managing a Quality Service
Communicating and Influencing

Technical skills

We’ll assess you against these technical skills during the selection process:

Customer Perspective
Commercial Acumen
Property Market Knowledge
Innovation

Apply through Civil Service Jobs

Current vacancies

Technical Architect

Birmingham, Bristol, Leeds, Manchester, Swindon,
Salary: £42,450 to £46,636 Closing date: 11:55 pm Sunday 4 January 2026
Cyber Security Risk Manager (Principal)

Birmingham, Bristol, Cardiff, Leeds, Manchester, Nottingham, Swindon,
Salary: £56,500 to £62,554 Closing date: 11:55 pm Sunday 14 December 2025
Regional Workplace Services Delivery Government Soft Landings (GSL) Lead (1 x LONDON and 1 x North)

Leeds, London, Manchester,
Salary: £56,500 to £67,594 Closing date: 11:55 pm Saturday 20 December 2025

Latest

Beyond buildings: Why a collaborative, people-first approach is our priority

Civil servants exit another office space under £94m programme

Desk, desks, desks? Here’s why it’s not always the answer.

Manchester First Street hub named 2025 Building Magazine Project of the Year

Craft a career with purpose

Vacancies

Technical Architect

Our approach to sustainability