Search
Header navigation
Cyber Governance and Assurance Manager

Cyber Governance and Assurance Manager

UK Export Finance
locationWestminster, London SW1, UK
remoteOn-Site
ExpiresExpires: Expiring in less than 3 weeks
Security
Full time
£61,250 - £76,671 per year

Job summary

The Corporate Services Group (CSG) brings together a broad range of specialist functions which enable UKEF to operate effectively and safely. These include HR (covering resourcing, payroll, employee relations, talent management, learning and development), Facilities, Procurement, Project Management, Transformation, and Security. Together, these teams provide the organisational infrastructure, stewardship, and resilience required to support UKEF’s mission and strategic priorities.

Within CSG, the Security & Resilience team headed by Deputy Director of Security plays a critical role in protecting UKEF’s people, information, physical assets, and operational continuity. The team is responsible for designing, implementing, and maintaining security controls and resilience measures across four core domains.

  • Physical and Personnel Security
  • Information Assurance
  • Business Continuity Planning
  • Cyber Security

Job description

This position is embedded within the Cyber Security function of the Security & Resilience team and reports directly to the Head of Cyber. The postholder is responsible for leading the governance and assurance function for cyber security, ensuring that all policies, procedures, and controls are robust, effective, and compliant with both business objectives and regulatory standards.

By overseeing cyber security governance and assurance, the postholder plays a pivotal role in safeguarding UKEF’s digital assets, data, and systems. This work directly supports the Security & Resilience team’s broader mission to protect the organisation’s people, information, physical infrastructure, and operational continuity. Through close collaboration with colleagues across the other security domains of Physical and Personnel Security, Information Assurance, and Business Continuity Planning, the postholder helps to maintain a cohesive and resilient security posture throughout UKEF.

Furthermore, this role contributes significantly to the overall effectiveness and resilience of the Corporate Services Group (CSG). By ensuring that cyber security measures are aligned with organisational and regulatory requirements, the postholder supports the CSG’s mandate to provide the infrastructure, stewardship, and resilience necessary for UKEF to operate safely and effectively. This integrated approach enables the division to respond proactively to emerging threats

Main Activities

  • Lead and coordinate cyber governance and assurance activity across the organisation, ensuring alignment to relevant government policy and standards and providing clear oversight to senior stakeholders.
  • Develop, implement and continuously improve cyber security governance frameworks, policies, standards and processes (e.g., risk management, exception handling and decision logs), ensuring they are understood and adopted across the business.
  • Plan and deliver assurance activity (internal/external reviews, audits and assessments), including defining scope, coordinating evidence, documenting outcomes, and driving timely remediation and risk acceptance where appropriate.
  • Lead delivery of GovAssure activities, including producing evidence packs, engaging stakeholders, and tracking actions through to closure.
  • Coordinate internal cyber audits and assessments, including agreeing scope, supporting testing, and reporting outcomes and recommendations.
  • Work with colleagues across Cyber, Digital/IT and the business to embed assurance findings into delivery plans and strengthen organisational capability.
  • Monitor and maintain cyber security policies and standards, ensuring they remain current, risk-based and aligned to organisational objectives, with appropriate governance for exceptions and waivers.
  • Provide oversight of cyber security controls, working with control owners to confirm controls are designed appropriately, operating effectively and supported by proportionate evidence.
  • Identity and access management controls, including joiners/movers/leavers and privileged access governance.
  • Provide governance and oversight of privileged access, ensuring least privilege principles are applied, risks are understood and approvals are appropriately documented.
  • Promote and support a zero-trust approach (where appropriate), working with technical teams to ensure governance and assurance needs are met.
  • Develop and maintain cyber management information (MI) and performance reporting, including risk and compliance dashboards and metrics that support oversight and prioritisation.
  • Oversee privileged access governance, ensuring appropriate controls, monitoring and review arrangements are in place.
  • Support post-incident reviews from a governance and assurance perspective, ensuring lessons are captured, actions are owned and improvements are tracked.
  • Engage with senior stakeholders, providing clear briefings and advice on assurance status, key risks, compliance position and required decisions.
  • Work with control owners to ensure asset identification, account administration and access controls are robust, proportionate and compliant.
  • Oversee administration and governance of access to relevant security tooling and services (including privileged access where applicable), ensuring appropriate approvals, reviews and audit trails are maintained.

This list is not exhaustive, and you may be required to carry out additional duties according to business needs.

Person specification

UK Export Finance is looking for motivated individuals with a desire to learn about the business. Successful candidates will be provided not only with functional training to enable them to do well in their role, but also with personal development to help them to achieve their career ambitions. Please note that the person specification below outlines at which stage(s) you will be assessed on how you meet the criteria for the role(s) including:-

A = assessed at application stage I = assessed at interview stage = assessed at presentation stage

Essential

Qualifications

  • Professional certifications (e.g., CISM, CISA, ISO 27001) and/or equivalent demonstrable (A)


Knowledge

  • Strong understanding of relevant government cyber standards and assurance approaches (e.g., NCSC guidance, Cyber Assessment Framework (CAF), GovAssure and related policy), and how to apply them proportionately to support cyber security governance and risk management. (A, I)
  • Knowledge of cyber security governance and risk management, including how to define, implement and monitor controls and manage compliance obligations. (A, I, P)


Skills/Ability

  • Strong stakeholder engagement and communication skills, including the ability to influence senior leaders, explain complex cyber risk and assurance topics clearly, and drive action across teams. (A, I)

Experience

  • Experience of planning and managing assurance activity (e.g., audits, assessments and reviews), including defining scope, coordinating evidence, reporting findings and driving remediation to completion. (A, I)
  • Experience of leading or owning cyber governance and assurance work, including setting direction, establishing ways of working, and providing clear oversight and reporting to senior stakeholders. (A, I)
  • Experience of developing and embedding cyber security compliance and control requirements (including policy/standards), and monitoring adherence through effective reporting and governance. (A, I)

Behaviours

We'll assess you against these behaviours during the selection process:

  • Seeing the Big Picture
  • Delivering at Pace
  • Working Together
  • Leadership

Technical skills

We'll assess you against these technical skills during the selection process:

  • Presentation - assessed against the behaviour 'Seeing the Big Picture' - this will be a subject / topic agreed by UKEF and provided to relevant candidates
  • Technical questions relevant to the role.

Benefits

Alongside your salary of £61,250, UK Export Finance contributes £17,744 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • A Civil Service pension with an employer contribution of 28.97%

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

We are assessing candidates using Success Profiles and Line Management Standards (see Appendix 1) and across the whole process we will assess your Experience, Technical, and Behaviours and Line Manager Standards as highlighted below.

The application must be completed by 23.55 on the day of the closing date for it to be accepted.

Use of Artificial Intelligence (AI)

Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.

All applications will be sifted against our essential criteria outlined in the personal specification.

  • Qualification - Professional certifications (e.g., CISM, CISA, ISO 27001) and/or equivalent demonstrable (A, I)
  • Statementofsuitability - you should fully articulate in 500words how you meet the essential criteria outlined in the person specification within the Information

For the initial sift your application will be evaluated against

  1. Experience - CV / Application and Statement of Suitability

In the event of a high volume of applications, there will be a pre-sift on the following essential criteria:

  • Experience of developing and leading Cyber Security system Management and (A,I)
  • Demonstrable understanding of government standards (NCSC, CAF, Cyber Governance Code of Practice) and regulatory (A,I)

If you are successful following the sift stage, you will be invited to an initial interview; this will include the following assessment:

  1. Behaviours/Experience/LineManagementStandards - a formal panel interview where you will be interviewed across all three behaviours highlighted

inAppendix1 of the Candidate Information Pack attached below.

  1. Behaviour - Leadership - assessed against the Line Management Standard – People Focus
  2. Behaviour - Delivering at Pace
  3. Behaviour - Working Together
  1. Technical - you will be assessed across your technical expertise and acumen, in relation to the essential criteria:
    1. Presentation - assessed against the behaviour 'Seeing the Big Picture' - this will be a subject / topic agreed by UKEF and provided to relevant candidates
    2. Technical questions relevant to the role.


Interviews will be held at UK Export Finance’s office in Westminster. Details of interview panel members will be e-mailed to all successful candidates who are invited for interview.


Timetable

Please note that the interview dates are indicative.

Closingdateforapplications

23:55 on Sunday 26 April 2026

Notificationofoutcomeofapplication

w/c 27 April 2026

InterviewsinWestminster,London

w/c 11 & 18 May 2026



Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is counter-terrorist check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Further information

Should you have a complaint or wish to raise any concerns regarding the recruitment process, please e-mail your complaint to the Head of Pay and Resourcing (UKEF) at Recruitment2@ukexportfinance.gov.uk and include “Complaint” in the subject heading. Should you remain dissatisfied following UKEF’s investigation then you can refer your complaint to the Commission - http://civilservicecommission.independent.gov.uk/making-complaint.

Attachments

Candidate Pack v2 - Cyber Gov and Assurance Mgr Opens in new window (pdf, 4335kB)

Salary range

  • £61,250 - £76,671 per year