Search
Header navigation
Army Cyber Risk Manager

Army Cyber Risk Manager

Ministry of Defence
locationAndover SP11 8HJ, UK
remoteHybrid
ExpiresExpires: Expiring in less than 3 weeks
Full time
£46,040 per year

Job summary

The Ministry of Defence, Civil Service workforce is diverse, with many different functions and professions ranging from police officers, security guards, trainers, human resources, teachers, and psychologists to storekeepers, financiers, project and programme managers, and policy secretariat staff to support the British Army.

Within the Army Directorate of Digital, Security & Resilience, the Cyber and Security pillar, headed up by a Senior Civil Servant has a diverse and highly capable workforce that spans all areas of security activity. An exciting job role exists in the Principal Security Advisor's Team working within Cyber Risk Management. This is an advisory role, responsible for monitoring and developing the Army’s Cyber maturity. You will work across the strategic and tactical elements of the Army to improve awareness and reporting of cyber risks up to the 4 Star Head Quarters.

This role works within the inclusive and innovative Cyber and Security team, the Army Headquarters provides forces to support operations around the globe and directs, develops, and delivers the people, equipment, training, and sustainment to ensure the Army can fight and win wars on land.

This position is advertised at 37 hours per week.

Job description

We are seeking a dedicated Cyber Security Risk Manager (CRM) to lead the Cyber Risk Management team, reporting directly to the Governance, Risk and Compliance (GRC) Lead. In this role, you will be responsible for providing leadership, direction and oversight to the CRM function, ensuring effective understanding, monitoring and mitigation of cyber risks across the Army’s digital enterprise. You will retain oversight of key activities such as cyber security supply chain risk, risk assessment methodologies, the provision of clear and pragmatic cyber risk advice, and the validation of risk mitigation measures. You will act as the primary focal point for cyber security risk reporting, assuring the quality and consistency of outputs into the centre and managing key relationships with MOD Main Building and other areas of Defence. This role will involve maintaining alignment with Defence-wide cyber initiatives, directives, activities and lessons learned, ensuring Army’s cyber risk posture remains coherent, effective and well-governed.

If you are passionate about cyber security and have a keen eye for detail, we encourage you to apply.

Main Role Responsibilities:

  • Lead and drive a coherent, enterprise-wide approach to cyber risk management across the Army Digital Enterprise, ensuring alignment with Defence and Army strategic objectives, policies, and recognised national frameworks.
  • Provide strategic leadership for Army cyber risk governance, chairing and cohering the Cyber Governance, Risk and Compliance (GRC) Steering Group and associated boards to enable effective decision-making and delivery.
  • Integrate cyber risk into wider Security Risk Management, including maintaining oversight of the Army Cyber Risk Register and supporting senior-level risk discussions and the Army Security and Resilience Board.
  • Deliver a regularly refreshed, authoritative cyber threat and risk picture for Army, providing clear reporting, metrics and analysis to inform Defence and enable risk-based prioritisation and intervention.
  • Provide expert cyber risk advice and assurance to risk owners and Senior Responsible Owners, validating mitigation effectiveness and supporting consistent, informed decision-making in line with CRM practices.
  • Coordinate and manage Defence-directed cyber security tasks, reporting requirements and Land Domain Cyber Vulnerability Investigations, ensuring prioritisation, clear ownership and timely delivery aligned to risk.
  • Lead the annual Army Cyber Assurance Audit programme, providing assurance over compliance with mandated cyber processes, standards and frameworks.
  • Lead cyber supply chain and third-party risk management across Army, ensuring proportionate assurance of external dependencies in collaboration with delivery partners and stakeholders.
  • Provide leadership and line management for Cyber Risk Managers, setting objectives, managing performance, supporting professional development, and ensuring high-quality delivery of cyber risk outputs.

Person specification

We are looking for a talented and motivated individual who is a team player but is equally comfortable working on their own. Good judgement and strong interpersonal skills are required, as well as the ability to work under pressure.

Essential Skills Required:
  • Ability to communicate complex risks, implications, and mitigations clearly to a wide range of technical and non-technical stakeholders, including senior leadership
  • Ability to work collaboratively with diverse internal and external stakeholders across Army, Defence and industry and build strong and credible relationships
  • Strong organisational skills, with the ability to manage multiple competing priorities and deadlines in a dynamic risk environment
  • Demonstrate understanding of Cyber Supply Chain Security and third party risk management
  • Strong knowledge of recognized cyber security and risk frameworks (e.g. NIST, ISO27001, NCSC CAF) and their practical application

Desirable qualifications / accreditations:

  • Membership of a relevant Cyber Security or IT institution / body (e.g BCS, UK Cyber Security Council)
  • Relevant industry qualifications and accreditations (e.g. Cyber Security Professional, CISMP, Security+)
  • Relevant government qualifications or accreditations
  • Experience conducting data analysis to support risk, assurance or performance reporting

Qualifications

Relevant industry and/or government qualifications and accreditations i.e: Cyber Security Professional, CISMP, Security+ ,etc

Behaviours

We'll assess you against these behaviours during the selection process:

  • Communicating and Influencing
  • Changing and Improving
  • Making Effective Decisions
  • Delivering at Pace
  • Seeing the Big Picture

We only ask for evidence of these behaviours on your application form:

  • Communicating and Influencing
  • Changing and Improving
  • Making Effective Decisions

Technical skills

We'll assess you against these technical skills during the selection process:

  • Information risk assessment and risk management
  • Applied security capability
  • Protective security
  • Threat understanding

Benefits

Alongside your salary of £46,040, Ministry of Defence contributes £13,337 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

The Army prides itself on being a supportive employer and where possible encourages flexible working, helping you to maintain a great work/life balance.

Other benefits for Army civil servants include:

  • 25 days paid annual leave rising (1 day per year) to 30 days upon completion of 5 years’ service
  • Highly competitive pension scheme
  • Personal and professional development of skills
  • Alternative working patterns for many roles
  • Access to the Employee Assistance Programme (EAP), a free service that assists you with achieving a productive, healthy environment that is conducive to a healthy lifestyle.
  • Enhanced parental and adoption leave
  • 6 days special leave per year which can be used for volunteering activities
  • Learning and Development
  • This post is eligible for a Digital Skills Allowance per annum. Eligibility for this allowance will be assessed at interview against the 4 core technical skills only and reviewed annually in line wilt MOD policy.

We believe that everyone has the potential to make a difference and you will be supported to help you learn and advance in your career. This includes working towards membership of a professional body and/or undertaking a modern apprenticeship as part of your role.

A modern apprenticeship is a combined package of work and training. Through the schemes available you will gain a professional qualification, practical experience, and the broader skills required to develop in your current role and pave the way for your future career.

Where business needs allow, some roles may be suitable for a combination of office and working from home as part of a non-contractual hybrid working arrangement. All office-based employees will be expected to spend a minimum of 60% of their working time in office, subject to site capacity and any required workplace adjustments. Requirements to attend other locations for official business, or work in another MOD workplace, will also count towards this level of office attendance. Applicants can request further information regarding how this and other flexible working arrangements may work in their team from the Vacancy Holder (see advert for contact details). Defence Business Services cannot respond to any questions about working arrangements.

The post does not offer relocation expenses.

External recruits who join the MOD who are new to the Civil Service will be subject to a six-month probation period.

Please Note: Expenses incurred for travel to interviews will not be reimbursed.

Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.

Any move to MOD from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/.

The Ministry of Defence is committed to providing a safe and healthy working environment for its staff which includes educating them on the benefits of not smoking, protecting them from the harmful effects of second-hand smoke and supporting those who want to give up smoking. Under the Smoke-Free Working Environment policy, Smoking and the use of all tobacco products (including combustible and chewing tobacco products) will not be permitted anywhere in the Defence working environment however some exemptions are in place, please refer to local guidance. The policy is Whole Force and includes all Defence personnel, contractors, visitors and other non-MOD personnel. All applicants seeking, considering, or accepting employment with the Ministry of Defence should be aware of this policy and that it is already in place at a number of Defence Establishments.

MOD Recruitment Satisfaction Survey – We may contact you regarding your experience to help us improve our customer satisfaction. The survey is voluntary and anonymous. You may however be given the opportunity to provide additional information to help us improve our service which includes the collection of some personal data as defined by the United Kingdom General Data Protection Regulation (UK GDPR). The MOD Privacy Policy Notice sets out how we will use your personal data and your rights.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

At application stage you will be assessed against the following:

  • Your CV
  • Personal Statement - of no more than 500 words. Please evidence against the requirements listed in essential skills required.
  • Behaviour - Changing & Improving
  • Behaviour - Making Effective Decisions
  • Behaviour - Communicating & Influencing

Where a large number of applications are received, an initial sift will be conducted based on the evidence you provide in support of Communicating & Influencing.

The remaining evidence provided at application stage will only be reviewed if you are successful at this initial sift.

At interview stage you will be assessed against the following:

Application sifting will be scheduled to take place within 7 days of the application closing date. Interview dates are to be confirmed and will be held in person. We endeavour to keep to these time frames, but these are subject to change around business needs.

The Civil Service embraces diversity and promotes equality of opportunity. There is a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. If you need to advise us that you need additional help or reasonable adjustments for the recruitment process, please contact: DBSCivPers-Resourcingteam3@mod.gov.uk .

As a result of the changes to the UK immigration rules which came in to effect on 1 January 2021, the Ministry of Defence will only offer sponsorship for a skilled worker visa under the points based system, where a role has been deemed to be business critical. This role does not meet that category and we will not sponsor a visa. It is therefore NOT open to applications from those who will require sponsorship under the points based system.

Should you apply for this role and be found to require sponsorship, your application will be rejected and any provisional offer of employment withdrawn.

The Ministry of Defence requires all candidates who are successful at interview to declare any outside interests. These declarations will be discussed with successful candidates following the interview process and before a formal offer of employment is made, as some outside interests may not be compatible with MOD civilian roles. This will not, in the majority of cases, prevent employment in MOD, but it is a measure that must be taken to ensure that appropriate mitigations can be put in place to manage any potential, perceived or actual conflicts of interest from the first day of employment.

The Ministry of Defence adopts a zero-tolerance approach to unacceptable behaviours, which includes bullying, harassment, sexual harassment, discrimination, and victimisation. You will not be eligible and will not be considered for this post if you have been dismissed from a role for such unacceptable behaviours within the last five years. This will also apply if you resign or otherwise leave a role but, because of an adverse decision, would have been dismissed for gross misconduct had you continued in that employment. Pre-employment checks will be carried out.



Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

Open to UK nationals only.

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Further information

Please ensure you read the attached candidate information document prior to completing your application. If you are dissatisfied with the service you have received from DBS, or believe that DBS has failed to follow the recruitment process in line with the Civil Service Commission principles of selection for appointment on merit on the basis of Fair and Open competition, you can raise a formal complaint by writing to DBS at the following address: Defence Business Services, Scanning Hub, Room 6124, Tomlinson House, Norcross Lane, Blackpool, FY5 3WP. If after raising your complaint with DBS you remain dissatisfied you can complain directly to the Civil Service Commission at the following address: Civil Service commission, Room G/8, 1 Horse Guards Road, London, SW1A 2HQ Or by email: info@csc.gov.uk.

Attachments

Information risk assessment and risk management - UK Government Security - Beta Opens in new window (pdf, 141kB)Applied security capability - UK Government Security - Beta Opens in new window (pdf, 157kB)Protective security - UK Government Security - Beta Opens in new window (pdf, 139kB)MOD Candidate Pack Opens in new window (pdf, 1562kB)

Salary range

  • £46,040 per year