Search
Header navigation
Cyber Security Assurance Lead

Cyber Security Assurance Lead

Infected Blood Compensation Authority
remoteOn-Site
ExpiresExpires: Expiring in less than 2 weeks
Full time
£58,655 per year

Job summary

The Infected Blood Compensation Authority (IBCA) is a new arm’s-length body set up, at unprecedented pace, to administer compensation to people whose lives have been impacted by the infected blood scandal.

IBCA will ensure payment is made in recognition of the wrongs experienced by those who have been infected by HIV, Hepatitis B or C, as well as those who love and care for them. They have been frustrated and distressed by the delays in achieving proper recognition, and we must help put this right.

We are committed to putting the infected and affected blood community at the centre of every decision we make and every step we take to build our organisation to deliver compensation payments.

IBCA employees will be public servants. If successful in this role you will be appointed directly into IBCA, on IBCA terms and conditions as a public servant.

Successful applicants will join the Civil Service Pension Scheme.

Please note that the mission of IBCA means that it is likely to be operational for a period of approximately 5 to 7 years. When IBCA’s work begins to wind down, IBCA employees will receive support and practical guidance to find a new role, whether in the Civil Service, another Arms Length Body (ALB), or an external employer.

Job description

IBCA is seeking a Security Assurance Lead to drive the risk management and security assurance initiatives for our compensation scheme.

This role will be accountable for the implementation and management of various technical risk management and assurance initiatives related to the compensation scheme. In addition, the role will be accountable for ensuring assurance of supplier delivery throughout the project lifecycle of the compensation scheme. The role will work alongside cyber security colleagues to develop and deliver security training to embed a security first culture at IBCA. Working at IBCA gives you a huge opportunity to make an impact on those who deserve compensation. This role suits a highly adaptable and resilient security assurance lead with who excels at communication, empowers diverse teams, strategically navigates complexity, and proactively solves problems to drive continuous security improvement.

As the Security Assurance Lead, you will work at the heart of our mission, collaborating with internal teams, external vendors, and government stakeholders to oversee the full security lifecycle of the compensation scheme. You will be the primary authority ensuring that sensitive claimant data is protected and that all compliance obligations are met throughout the project.

Beyond technical oversight, you will play a key role in supplier assurance, ensuring third-party delivery meets rigorous contractual standards and you will champion a "security-first" culture through the development of organisation-wide security training.

Responsibilities

  • End-to-End Security Assurance: Lead technical risk management and assurance activities across the IBCA and its supply chain, ensuring security is integrated throughout the project lifecycle;
  • Supplier & Vendor Oversight: Manage external partners to ensure strict adherence to contractual security standards, data protection regulations, and delivery milestones;
  • Strategic Risk Management: Identify, assess, and mitigate risks to sensitive claimant data, ensuring robust defences against digital threats and alignment with the Data Protection Act/GDPR;
  • Governance & Compliance: Develop and maintain comprehensive security policies and governance frameworks aligned with UK Government standards (such as CAF and Secure by Design) or equivalent industry frameworks;
  • Culture & Awareness: Lead the development and delivery of security training programs to embed a resilient, security-conscious culture across the organisation.

Person specification

Essential criteria

  • Security Assurance Expertise: Proven experience conducting security assurance and implementing policies aligned with recognised industry or government standards (e.g., ISO 27001, NIST, or GovS 007);
  • Risk & Compliance: Demonstrated ability to identify, assess, and manage security risks within complex environments. Knowledge of audit processes, risk management strategies, and security frameworks;
  • Regulated Environment Experience: Experience managing security projects or initiatives within a highly regulated or sensitive data environment (e.g., Public Sector, Financial Services, or Healthcare);
  • Stakeholder Management: Proven ability to build and manage effective relationships with diverse stakeholders to shape project outcomes, considering different technical needs and perspectives;
  • Communication & Influence: An influential communicator able to translate complex technical security concepts into straightforward, honest, and engaging advice for senior management;
  • Security Fundamentals: A strong working understanding of the principles of Confidentiality, Integrity, and Availability (CIA) and the protection of IT systems used for sensitive data;
  • Agility & Problem Solving: Ability to respond quickly to challenges or security incidents, providing practical, solution-oriented guidance to teams during high-pressure situations.

Desirable Criteria

  • Professional Certification: Holding or working towards certifications such as CISM, CISSP, CompTIA Security+, or CC (Certified in Cybersecurity);
  • Incident Management: Experience in managing data breaches or cyber incidents, with a focus on regulatory reporting and impact mitigation.

Additional information:

A minimum 60% of your working time should be spent at your principal workplace. Although requirements to attend other locations for official business will also count towards this level of attendance.

Behaviours

We'll assess you against these behaviours during the selection process:

  • Changing and Improving
  • Working Together
  • Delivering at Pace

Technical skills

We'll assess you against these technical skills during the selection process:

  • Secure supply chain management (Practitioner)
  • Risk understanding and mitigation (Practitioner)

Benefits

Alongside your salary of £58,655, Infected Blood Compensation Authority contributes £16,992 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
  • Premium allowance paid monthly after probation
  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • A Civil Service Pension which provides an attractive pension, benefits for dependants and employer contributions of 28.97%
  • 32.5 days of paid annual leave plus 8 bank holidays
  • Family friendly policies to support you and your everyday responsibilities
  • Enhanced maternity and paternity leave, up to 12 months shared parental leave

Recent changes in skilled worker visa eligibility mean that a Skilled Worker must have a job offer in an eligible skilled occupation from a Home Office-approved sponsor. From 22 July 2025, the job must normally be skilled to level 6 (graduate level) on the Regulated Qualifications Framework for England and Northern Ireland, or the equivalent level in Wales or Scotland, or be included on either the Immigration Salary List or the Temporary Shortage List. Please be aware that if the role is not eligible for a skilled worker visa that we will be unable to provide sponsorship.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

As part of your application you will be required to provide a CV setting out your career history and qualificationshighlighting specific responsibilities and achievements that are relevant for this role.

You will also be required to provide a Statement of Suitability (1000 words max.)

Please use your statement of suitability to explain how you consider your personal skills, qualities and experience provide evidence of your suitability for the role, with reference to the essential criteria in the person specification section of the job advert.

Your CV and Statement of Suitability will be assessed against the essential criteria listed in the 'Person Specification' section of the job advert.

Should a large number of applications be received, an initial sift may be conducted using your CV. Candidates who pass the initial sift may be progressed to a full sift, or progressed straight to assessment/interview.

Should you be successful at sift, you will be invited to attend an interview where you will be assessed on behaviours and technical skills. Please find the links to the technical skill descriptors below -

Technical 1 - Secure supply chain management (Practitioner)
Technical 2 - Risk understanding and mitigation (Practitioner)

Expected timeline (subject to change)

Expected sift date – 19th January 2026
Expected interview date/s – 26th January 2026
Interview location - Your interview will either be conducted face to face or by video. You will be notified of the location if you are selected for interview.

Reasonable Adjustment

If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.

If you need a change to be made so that you can make your application, you should:

  • Contact Government Recruitment Service via IBCA.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs.
  • Complete the ‘Assistance required’ section in the ‘Additional requirements’ page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.

Further Information

A reserve list may be held for a period of 6 months from which further appointments can be made.

Any move to IBCA from another employer will mean you can no longer access childcare vouchers. You may however be eligible for other government schemes, including Tax Free Childcare; for further information visit the Childcare Choices website)

In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service or Disclosure Scotland on your behalf.

However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.grs@cabinetoffice.gov.uk stating the job reference number in the subject heading.

For further information on the Disclosure Scotland confidential checking service telephone: the Disclosure Scotland Helpline on 0870 609 6006 and ask to speak to
the operations manager in confidence, or email Info@disclosurescotland.co.uk

Please note that this role requires SC clearance, which would normally need 5 years’ UK residency in the past 5 years. This is not an absolute requirement, but supplementary checks may be needed where individuals have not lived in the UK for that period. This may mean your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible.

For further information on National Security Vetting please visit the Demystifying Vetting website.

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the IBCA if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.

PLEASE NOTE: IBCA employees are public servants, therefore the Civil Service Nationality Rules (CSNR) do not apply. Candidates who do not meet the CSNR are welcome to apply and applications will not be rejected: successful candidates however will be subject to a Right to Work check to work within the UK.



Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service

Please note this Post is NOT regulated by the Civil Service Commission.The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Further information

Our recruitment and selection processes are underpinned by the requirement of selection for appointment on the basis of merit by a fair and open competition. If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should contact the Resourcing Team at IBCA.grs@cabinetoffice.gov.uk

Attachments

Employee Offer Opens in new window (pdf, 1851kB)

Salary range

  • £58,655 per year