Search
Header navigation
Cyber Security Risk Manager Lead

Cyber Security Risk Manager Lead

Office for National Statistics
remoteHybrid
ExpiresExpires: Expiring in less than 3 weeks
IT
Flexible
£60,007 - £66,701 per year

Job summary

The Office for National Statistics (ONS) is the UK’s largest producer of official statistics, covering a range of key economic, social and demographic topics. These include measuring changes in the value of the UK economy, estimating the size, geographic distribution and characteristics of the population, and providing indicators of price inflation, employment, earnings, crime and migration.

The last few years has seen an extensive overhaul of security and information management to meet the challenges of corporate and statistics transformation in technology, methods and practice, the Digital Economy Act and organisational risk appetite. The capability is evolving and expanding to address changes in threat and business direction. Security and Information Management Directorate (SaIM) operates five key services across ONS: security risk advice and management; knowledge and information management (KIM); physical security and business continuity; security compliance and audit; security operations including our Security Operations Centre.

Job description

The Cyber Security Risk Manager - Lead roles forms part of the Security Risk Advisory team within the Security and Information Management Division at the Office for National Statistics (ONS). The roles reports to the Cyber Security Risk Manager - Principal. The primary focus of these roles are to provide the Organisation with security advice and best practice to develop ‘Secure by Design’ protections for organisational assets and embed the ONS Security Framework - principles; policies; processes; threat model; security risk management into the ONS.

These roles will be dedicated to supporting all security assessment and assurance activities associated with the preparation and delivery of UKSA digital programmes, such as Census 2031. Key activities will involve security assessment, assurance, threat modeling and mitigation advice/guidance for all aspects of digital delivery, including in-house and procured/third-party elements. Key outcomes from the roles are the identification of security risk within the business context, the identification of appropriate mitigation approaches for business selection and the management of these options through to implementation within the live service. The security advice provided will be informed by threat, vulnerability and risk analysis for business and third parties. The focus, outcomes and responsibilities are aligned to the Government Security Profession framework of the Cyber Security Risk Manager – Lead.

Government Security Profession - Career framework

Responsibilities

  • Supporting the development of business-focused security solutions for digital products and business operations that cover data collection, storage and processing of Official - Sensitive information (deployed both internally and via external suppliers);
  • Identifying security threat and risk to the Organisation's digital products, data assets and business operations as part of the delivery lifecycle;
  • Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation;
  • Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures;
  • Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation;
  • Consulting with the Organisation’s security stakeholders to ensure that the solutions deployed are secure and fit for purpose;
  • Liaising with the Organisation’s business, technology and security colleagues to ensure various business needs are understood and applied, including providing general security architecture, guidance and advice to the stakeholders;
  • Advising on opportunities for using secure and open-source products and any implications of such an approach.
  • Ensure that security policies and security controls remain appropriate and proportionate to the assessed risks, and are responsive and adaptable to the changing threat environment, business requirements and ONS policies;
  • Provide tailored advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise;
  • Provide expert security advice that highlights Cyber Security related risks, so risk or service owners can make well-informed and auditable decisions.

Person specification

Essential Criteria:

  • Extensive expertise in cloud, application, infrastructure and networking security controls, with strong proficiency across cyber, physical, procedural and technical (ICT) security domains, particularly in relation to secure data management.
  • Proven experience delivering high quality security advice and technical security solutions within a UK Government Department, supporting complex operational and digital environments.
  • Strong working knowledge of UK Government security frameworks and standards, including the Government Security Policy Framework (SPF), ISO 27001, and the Data Protection Act (DPA).
  • Commitment to professional development, ideally working towards relevant certifications such as CESG Certified Professional (CCP) at Senior Practitioner level and/or membership of professional bodies such as the British Computer Society (BCS).
  • A successful track record of leading and influencing the implementation of security frameworks (e.g., Secure-by-Design) in multi-disciplinary environments.

Behaviours

We'll assess you against these behaviours during the selection process:

  • Seeing the Big Picture
  • Leadership
  • Communicating and Influencing

Technical skills

We'll assess you against these technical skills during the selection process:

  • Applied Security Capability - Practitioner
  • Information Risk Assessment and Risk Management - Practitioner
  • Protective Security - Practitioner
  • Threat Understanding - Practitioner

Benefits

Alongside your salary of £60,007, Office for National Statistics contributes £17,384 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

The Office for National Statistics is part of the Civil Service, and as such we share a number of key benefits with other departments, whilst also having our own unique offerings to support our valued colleagues across the organisation.

Whether you are hearing about us for the first time or already know a bit about our organisation, we hope that our careers site will give you a great insight into the benefits and facilities available to our colleagues, and our fantastic working culture.

Inclusion & Accessibility

At ONS we are always looking to attract the very best people from the widest possible talent pool, and we are proud to be an inclusive, equal opportunities employer. As a Disability Confident Leader we’re committed to ensuring that all candidates are treated fairly throughout the recruitment process.

As part of our application process, you will be prompted to provide details of any reasonable adjustments to our recruitment process that you need. If you would like to discuss any reasonable adjustments before applying, please contact the recruitment team in the first instance.

If you would like an accessible version of any of the attachments or recruitment documents below or linked to in this advert, please contact the recruitment team who will be happy to assist.

ONS are committed to flexible ways of working that support a healthy work-life balance. ONS has already considered how this job could be right sized for applicants working flexibly and we are happy to explore options with you about working part time, in a job share or flexibly, in line with our hybrid working policies.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

Security Clearance

For ONS the requirement for SC clearance is to have been present in the UK for 3 consecutive years immediately prior to applying and the department will consider eligibility by exception on a case-by-case basis. You will be asked to provide information regarding your UK residency during your application, and failure to provide this will result in your application being rejected.

If you are unsure that you meet the eligibility above, please read the information available on Gov.uk on this link or contact the recruitment email on the advert before applying to discuss, as failure to meet the residency requirements will result in your security clearance application being rejected and any offer of employment being withdrawn.

At the point of SC application, you will need to provide or give access to the following evidence:

  • Departmental or company records (personnel files, staff reports, sick leave reports and security records)
  • UK criminal records covering both spent and unspent criminal records
  • Your credit and financial history with a credit reference agency
  • Security Services records

Please note we will reach out to you once the advert has closed to confirm eligibility for this role, this will be via an e-mail. Please check your junk e-mails for any correspondence.

Application Process

Number of Stages: 2 stage process

Stage 1: Application

Stage 2: Interview

Stage 1 – Application

The assessment process at the application stage will be based on your work history, CV, skills, experience, and personal statement. It is important that your application is tailored to highlight the skills, knowledge, and experience relevant to the role.

A personal statement is required at application stage, the maximum word count allowed is 1000 words, which should not be exceeded. You should provide evidence for each essential skill criterion listed in the person specification. As these criteria are scored, it is advisable to give clear examples for each one, including the impact of your actions, ideally utilising the STAR technique (Situation, Task, Action, Result).

Please note that Success Profiles Behaviour examples are not required at this stage of the application process.

In instances where a high number of applications are received, the sift pass mark may be adjusted, and candidates will be invited to interview based on merit order, i.e., those with the highest scores.

Stage 2 – Interview

If invited to interview, you will be assessed using techniques aligned with the Civil Service Success Profiles framework, covering all behaviours listed in the job advert and any required technical skills.

Interviews will be via Microsoft Teams.

A reserve list may be held for a period up to 12 months from which further appointments may be made.

Important Dates

  • Eligibility Security Clearance checks from 17/04 - 24/04 We will be sending you an e-mail with a form to fill out. Please check your junk e-mails for any correspondence.
  • Sift will be conducted from 27/04/2026
  • Interviews will be conducted from 11/05/2026

For the full terms and conditions of the post, please see attachment.

Please note that all campaigns may be subject to withdrawal at any stage if the internal resource position changes.

This role is eligible for the Government Digital and Data (GDD) Capability and Pay Framework. If you are successful at interview, your salary will be directly linked to your capability outcome, as determined by your performance in the Technical section of the interview.

  • Capability Outcome: Assessed based on scores achieved during the technical interview.

  • Salary Determination: Your starting salary will reflect the capability level assigned.

  • Feedback: Full feedback on your capability outcome will be provided at the point of offer.

All successful candidates are required to undertake an annual capability assessment as part of their ongoing employment terms. The outcome of this assessment directly influences individual pay levels:

  • Higher Capability Outcome: Results in an increase in pay.

  • Lower Capability Outcome: Results in a decrease in pay.

Completion of the assessment is mandatory. Failure to complete the annual capability assessment will result in the individual being transitioned to ONS pay terms and conditions, with a corresponding adjustment to their pay.

If you're already in a GDD Group 1 role and receiving GDD pay, and you make a lateral move (i.e. same grade, different role):

Initial Capability Assessment:

  • You’ll be assessed in your new role through the interview process.

  • If your proficiency level is lower than your current one, you retain your current level and pay for 6 months.

If your proficiency level is higher than your current one, you will move to that level of pay.

Development Plan:

  • During those 6 months, you’ll work with your line manager to create and follow a development plan to build the required skills.

Reassessment at 6 Months:

  • If you reach your previous proficiency level, you keep your current pay.

  • If your proficiency is still lower, your pay will decrease to match the new level.

  • If your proficiency level is higher, your pay will increase to match the new level.

Starting salary for roles within the Government Digital and Data (GDD) Capability and Pay Framework is determined solely by the capability outcome achieved during the recruitment process.

Please note:

  • Existing allowances (scarce skills) will not be taken into account when calculating starting salary.

  • This policy applies to all candidates, including existing Civil Servants and ONS colleagues transitioning to the GDD Capability and Pay Framework.



Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Further information

If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, in the first instance, you should contact recruitment.complaints@ons.gov.uk. If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission

Attachments

GDD_ONS_External_Vacancy_Terms (3) Opens in new window (pdf, 31kB)

Salary range

  • £60,007 - £66,701 per year