Cyber Security Lead

Job summary

The Infected Blood Compensation Authority (IBCA) is a new arm’s-length body set up, at unprecedented pace, to administer compensation to people whose lives have been impacted by the infected blood scandal.

IBCA will ensure payment is made in recognition of the wrongs experienced by those who have been infected by HIV, Hepatitis B or C, as well as those who love and care for them. They have been frustrated and distressed by the delays in achieving proper recognition, and we must help put this right.

We are committed to putting the infected and affected blood community at the centre of every decision we make and every step we take to build our organisation to deliver compensation payments.

IBCA employees will be public servants. If successful in this role you will be appointed directly into IBCA, on IBCA terms and conditions as a public servant.

Successful applicants will join the Civil Service Pension Scheme.

Please note that the mission of IBCA means that it is likely to be operational for a period of approximately 5 to 7 years. When IBCA’s work begins to wind down, IBCA employees will receive support and practical guidance to find a new role, whether in the Civil Service, another Arms Length Body (ALB), or an external employer.

Job description

As the Cyber Security Lead at IBCA, you will play a vital role in upholding our commitment to the infected, affected, and deceased blood community. We are an organisation built on the principles of integrity, compassion, and transparency, and your work is the foundation that keeps our services secure and reliable. You are not just protecting a network; you are safeguarding the privacy and trust of individuals who have waited decades for recognition and support.

In this position, you will move beyond traditional oversight to foster a culture of security by design that prioritises the needs of the community. You will collaborate across teams to ensure that our digital systems, ranging from claims processing to support services, are resilient and accessible. By balancing technical excellence with a deep sense of empathy, you will help us deliver a service that is both modern and profoundly human, ensuring that every interaction remains safe, dignified, and stable.

As the Cyber Security Lead, you will be responsible for ensuring the architecture of IBCA’s digital infrastructure is secure and resilient. Your role is to balance technical excellence with a service-first mindset, ensuring our systems remain secure and trusted by the community we serve. You will lead risk management strategies that prioritise data security and maintain institutional trust.

Your expertise will guide the selection of security tooling and the implementation of secure engineering principles, ensuring that "security by design" is embedded within every technical design. You will oversee compliance with relevant standards and frameworks while directing overall cyber management and incident readiness.

Beyond the technical, you will lead stakeholder management, translating complex risks into clear, concise guidance for leadership. The ideal candidate will have strong knowledge and experience in the security domains of Security Operations, Security Architecture, and Governance, Risk, and Compliance.

Responsibilities

• Technical Design & Secure Engineering: Act as the primary security design authority for the compensation services architecture. Collaborate with Solution Architects and Developers to implement Secure by Design principles at the code and infrastructure level, ensuring robust identity management (e.g., MFA, RBAC), data encryption at rest and in transit, and secure API integrations across the digital service;
• Security Automation and Tooling: Lead the integration of security into the Software Development Lifecycle (SDLC) by implementing and overseeing DevSecOps practices. This includes managing automated security testing tools—such as Static and Dynamic Application Security Testing (SAST/DAST) and Software Composition Analysis (SCA)—to identify and remediate code vulnerabilities and insecure dependencies in real-time;
• Compliance and Regulatory Oversight: Ensure that all security practices, policies, and systems are fully compliant with relevant regulations, including the Data Protection Act, GDPR, and UK government security standards such as CAF and Secure by Design;
• Cybersecurity Management: Oversee the security of the IT systems and infrastructure used to manage compensation claims, ensuring the implementation of best practices in cybersecurity. Work with IT teams to safeguard against data breaches, hacking attempts, and insider threats;
• Incident Response: In the event of a security breach or data incident, lead the response efforts, including investigating the breach, implementing remedial actions, and liaising with the Information Commissioner’s Office (ICO) and other regulatory bodies.

Person specification

Essential

• Solid understanding of secure development frameworks (such as the OWASP Top 10 or SANS Top 25) and the ability to apply them within a cloud-native environment. You should have experience reviewing system architectures and code to ensure the implementation of technical controls like Zero Trust principles, robust API security, and secure identity/access management (IAM).
• Practical experience in implementing and managing automated security tools within a CI/CD pipeline. This includes the ability to interpret and act upon results from SAST/DAST (Static/Dynamic Analysis) tools, container scanning, and infrastructure-as-code (IaC) security assessments to ensure vulnerabilities are caught and remediated before they reach production.
• Proven experience of conducting security assurance activities, including providing security assurance for suppliers, ensuring compliance with relevant security regulations and standards and implementing comprehensive security policies and procedures to align with UK government standards and best practice.
• Ability to support the development and delivery of security awareness training programs and experience of promoting a security first culture in the workplace.
• Proven ability and experience of building and managing effective stakeholder relationships to shape the outcomes of a project, considering different individual needs, views, and ideas.
• Influential, and able to communicate in a straightforward, honest, and engaging manner, choosing appropriate styles and tools to maximise and check understanding and impact.
• Demonstrated experience in managing security projects within a sensitive data environment, ideally within a public sector or government agency.
• Ability to identify, assess, and manage security and compliance risks. Knowledge of audit processes, security certifications, and risk management strategies.
• Familiarity with cybersecurity confidentiality, integrity and availability principles, fundamentals of cyber security knowledge, and protection of IT systems used for sensitive data storage and processing.
• Ability to respond quickly to challenges and security incidents, providing practical solutions and guidance to teams and senior management.

Desirable

• Security Certifications: CompTIA Security+, CC – Certified in Cybersecurity, or other relevant security certifications would be advantageous.
• Incident Response Experience: Experience managing or responding to data breaches or cyber incidents, with a focus on minimizing impact and ensuring regulatory compliance.

Additional information:

A minimum 60% of your working time should be spent at your principal workplace. Although requirements to attend other locations for official business will also count towards this level of attendance.

Behaviours

We'll assess you against these behaviours during the selection process:

• Changing and Improving
• Working Together
• Delivering at Pace

Technical skills

We'll assess you against these technical skills during the selection process:

• Secure Systems Architecture and Design
• Vulnerability Management
• Monitoring

Benefits

Alongside your salary of £58,655, Infected Blood Compensation Authority contributes £16,992 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• Premium allowance paid monthly after probation
• Learning and development tailored to your role
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service Pension which provides an attractive pension, benefits for dependants and employer contributions of 28.97%
• 32.5 days of paid annual leave plus 8 bank holidays
• Family friendly policies to support you and your everyday responsibilities
• Enhanced maternity and paternity leave, up to 12 months shared parental leave

Recent changes in skilled worker visa eligibility mean that a Skilled Worker must have a job offer in an eligible skilled occupation from a Home Office-approved sponsor. From 22 July 2025, the job must normally be skilled to level 6 (graduate level) on the Regulated Qualifications Framework for England and Northern Ireland, or the equivalent level in Wales or Scotland, or be included on either the Immigration Salary List or the Temporary Shortage List. Please be aware that if the role is not eligible for a skilled worker visa that we will be unable to provide sponsorship.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

As part of your application you will be required to provide a CV setting out your career history and qualifications highlighting specific responsibilities and achievements that are relevant for this role.

You will also be required to provide a Statement of Suitability (750 words max.)

Please use your statement of suitability to explain how you consider your personal skills, qualities and experience provide evidence of your suitability for the role, with reference to the essential criteria in the person specification section of the job advert.

Your CV and Statement of Suitability will be assessed against the essential criteria listed in the 'Person Specification' section of the job advert.

You will also be assessed on Behaviours and Technical Skills at application stage.

The links to the technical skill descriptors are below -

• Technical 1 - Secure Systems Architecture and Design
  https://www.security.gov.uk/government-security-profession-career-framework/cyber-roles/security-architect/
• Technical 2 - Vulnerability Management
  https://www.security.gov.uk/government-security-profession-career-framework/cyber-roles/vulnerability-management/
• Technical 3 - Monitoring
  https://www.security.gov.uk/government-security-profession-career-framework/cyber-roles/monitoring/

Should a large number of applications be received, an initial sift may be conducted using Technical 1 - Secure Systems Architecture and Design. Candidates who pass the initial sift may be progressed to a full sift, or progressed straight to assessment/interview.

Should you be successful at sift, you will be invited to attend an interview where you will be assessed on Behaviours and Technical Skills.

Expected timeline (subject to change)

Expected sift date – 23/03/2026
Expected interview date/s – 30/03/2026
Interview location - Your interview will either be conducted face to face or by video. You will be notified of the location if you are selected for interview.

Reasonable Adjustment

If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.

If you need a change to be made so that you can make your application, you should:

• Contact Government Recruitment Service via IBCA.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs.
• Complete the ‘Assistance required’ section in the ‘Additional requirements’ page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.

Further Information

A reserve list may be held for a period of 6 months from which further appointments can be made.

Any move to IBCA from another employer will mean you can no longer access childcare vouchers. You may however be eligible for other government schemes, including Tax Free Childcare; for further information visit the Childcare Choices website)

Please note that this role requires SC clearance, which would normally need 5 years’ UK residency in the past 5 years. This is not an absolute requirement, but supplementary checks may be needed where individuals have not lived in the UK for that period. This may mean your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible.

For further information on National Security Vetting please visit the Demystifying Vetting website.

In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service/Disclosure Scotland on your behalf.

However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.grs@cabinetoffice.gov.uk stating the job reference number in the subject heading.

For further information on the Disclosure Scotland confidential checking service telephone: the Disclosure Scotland Helpline on 0870 609 6006 and ask to speak to
the operations manager in confidence, or email Info@disclosurescotland.co.uk

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the IBCA if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.

PLEASE NOTE: IBCA employees are public servants, therefore the Civil Service Nationality Rules (CSNR) do not apply. Candidates who do not meet the CSNR are welcome to apply and applications will not be rejected: successful candidates however will be subject to a Right to Work check to work within the UK.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

Please note this Post is NOT regulated by the Civil Service Commission.The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : IBCA Recruitment Team
• Email : ibca.recruitment@ibca.org.uk

Recruitment team

• Email : IBCA.grs@cabinetoffice.gov.uk

Further information

Our recruitment and selection processes are underpinned by the requirement of selection for appointment on the basis of merit by a fair and open competition. If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should contact the Resourcing Team at IBCA.grs@cabinetoffice.gov.uk

Attachments

Employee Offer Opens in new window (pdf, 1851kB)