Search
Header navigation
Cybersecurity Risk Management Lead

Cybersecurity Risk Management Lead

UK Health Security Agency
remoteHybrid
ExpiresExpires: Expiring in less than 2 weeks
Flexible
£56,185 - £70,566 per year

Job summary

Overview

At the United Kingdom Health Security Agency (UKHSA) our mission is to provide health security for the nation by protecting from infectious disease and external hazards. We are a trusted source of advice to government and to the public, focusing on reducing inequalities in the way different communities experience and are impacted by infectious disease, environmental hazards, and other threats to health.

Our mission is challenging, innovative and in the spotlight. We will work to ensure our people have the diverse skills, experiences and backgrounds we need to thrive, that our employees are representative of the communities we serve and feel valued and enabled to play their part in delivering our work.

Creating our working culture is an ongoing process which we are developing by listening and learning together, hearing and acting upon diverse voices and opinions to develop a common sense of identity and effective ways of working.

Working for your organisation

We pride ourselves as being an employer of choice, where Everyone Matters promoting equality of opportunity to actively encourage applications from everyone, including groups currently underrepresented in our workforce.

UKHSA ethos is to be an inclusive organisation for all our staff and stakeholders. To create, nurture and sustain an inclusive culture, where differences drive innovative solutions to meet the needs of our workforce and wider communities. We do this through celebrating and protecting differences by removing barriers and promoting equity and equality of opportunity for all.

Job description

Main duties of the job

As part of its development and governance UKHSA is expanding the Cyber Security Division, building on its capability to provide a critical function in the protection of the UKHSAs digital assets, working closely with wider UKHSA security teams and stakeholders (Government Security Group, NCSC and CPNI) to build a resilient infrastructure, supporting the organisation in reaching its ambition to become a global leader for health security and becomes a critical component of our national security architecture.

This is an exciting opportunity to join the division in a specialist cyber risk management role. Reporting to the Head of Cyber Risk & Assurance, you will be responsible for the day-to-day management of cyber risks and cyber risk assessments, whilst reporting the cyber risk posture of the organisation to the Senior Leadership Team.

Detailed job description and main responsibilities

The successful candidate must be comfortable working flexibly in a changing environment as the Agency continues its transformation journey. They must be able to identify and understand challenges, develop creative solutions, and build strong relationships across the organisation. Effective, fast-paced collaboration—both within UKHSA and with external partners—is essential. The role requires someone who can work independently while recognising when to seek guidance.

The post holder will engage stakeholders across UKHSA to establish and manage cyber risk. They must be analytical, pragmatic, and innovative in delivering effective risk management services. A consistent approach to cyber risk will be expected, along with the ability to advise, challenge, and support colleagues in identifying, assessing, mitigating, and reporting risks. The successful candidate will value the benefits of strong risk management and focus on outcomes as much as on reporting.

This post aligns with the Cyber Security Risk Manager Lead role in the Government Security Profession Career Framework.

In this challenging role, you will:

  • Manage a team of cyber risk professionals and deputise for the Head of Cyber Risk and Assurance when required.
  • Drive continuous improvement and ensure a consistent, effective cyber risk management approach across UKHSA.
  • Independently conduct risk management activities within your area of expertise, operating within established governance structures.
  • Lead analysis to define business-driven security needs, carry out cyber security risk assessments, perform tailored threat assessments, and ensure all activities comply with relevant legislation and regulations.
  • Provide tailored, proportionate advice to stakeholders on addressing identified risks, drawing on standards, guidance, expert input, and personal expertise.
  • Offer expert security advice that clearly highlights cyber risks, enabling risk and service owners to make informed, auditable decisions.
  • Collaborate closely with Information Management and Privacy teams to ensure overlapping risks are understood, reported, and managed effectively.
  • Undertake any other responsibilities appropriate to the grade.

Person specification

Role Criteria and Other Requirements

Essential role criteria (including qualifications, licenses and registrations)

The successful candidate will be expected to demonstrate:

  • Risk understanding and mitigation.
  • Information risk assessment and risk management.

This includes:

  • Proven cyber risk management experience across a broad range of areas in large complex organisations. This experience could have been gained from the public or private sectors.
  • A good understanding of various risk management methodologies and cyber security and information security management systems.

In addition:

  • Ability to communicate to both technical and non-technical stakeholders.
  • Experience at establishing processes and reporting metrics.
  • Experience managing small teams.
  • Experience managing contracts for supporting services.
  • Proficient at time management and prioritisation
  • Managing ambiguity and delivering certainty in fast paced, high-pressure environments
  • Academic / Professional cyber security and/or risk management qualifications or accreditations:

Academic / Professional cyber security:

  • Bachelors in Cybersecurity, Computer Science, Information Technology, Information Systems or MSc in Cybersecurity Management or Security and Risk Management.

Risk management qualifications or accreditations:

  • Certified Information Systems Security Professional
  • ISO27001 Lead Auditor

Desirable role criteria:

Ideally you will also have the following skills or some experience in:

  • Complex stakeholder management.
  • Managing ambiguity and delivering certainty in fast paced, high-pressure environments.
  • Delivery focused problem solving.
  • Working knowledge of the UK GDPR security Principles
  • Data Security and Protection Toolkit (DSPT) Cyber Assessment Framework (CAF)

Benefits

Alongside your salary of £56,185, UK Health Security Agency contributes £16,276 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • A Civil Service pension with an employer contribution of 28.97%

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

Selection Process Details (Success Profiles)

This vacancy is using Success Profiles and will assess your Behaviours, Strengths, Ability, Experience and Technical skills

Stage 1: Application & Sift

Success profiles Success Profiles - GOV.UK

You will be required to complete an application form. You will be assessed on the listed essential criteria and be required to complete an:

  • Application form (‘Employer/ Activity history’ section on the application)
  • 1,500 word Supporting Statement

This should outline how you consider your skills, experience and knowledge provide evidence of your suitability for the role, with reference to the essential criteria. You will receive a joint score for your application form and statement. (The application form is the kind of information you would put into your C.V –please be advised you will not be able to upload your CV. Please complete the application form in as much detail as possible). Please do not email us your CV.

Healthjobs UK has a word limit of 1,500 but your supporting statement must be no more 1,500 words.

Longlisting

In the event of a large number of applications we will longlist into 3 piles of:

  • Meets all essential criteria
  • Meets some essential criteria
  • Meets no essential criteria

If used, the pile(s) ‘Meets all essential criteria’ and ‘Meets some essential criteria’ will proceed to shortlisting

Shortlisting

In the event of a large number of applications we may conduct an initial sift, on the lead criteria of:

  • Risk understanding and mitigation.
  • Information risk assessment and risk management.
  • Relevant industry qualifications and accreditations e.g. Cyber Security Professional,

Desirable criteria may be used in the event of a large number of applications/ successful candidates.

If you are successful at this stage, you will progress to interview & assessment.

Feedback will not be provided at this stage.

Stage 2: Interview

Success profiles Success Profiles - GOV.UK

You will be invited to a single remote interview.

You will be asked to prepare and present a 5–10-minute presentation at the start of your interview aimed to assess your technical skills in relation to the following role criteria:

  • Risk understanding and mitigation.
  • Information risk assessment and risk management.
  • Ability to communicate to both technical and non-technical stakeholders.
  • Experience at establishing processes and reporting metrics.

The title subject/topic will be released in advance to applicants that progress to interview stage.

Behaviours, Strengths, Ability, Experience, Technical skills will be tested at interview.

Behaviours

  • Managing a Quality Service (Lead Behaviour)
  • Seeing the Bigger Picture
  • Leadership
  • Changing and Improving
  • Making Effective Decisions

Eligibility Criteria - External

Open to all external applicants (anyone) from outside the Civil Service (including internal applicants).

Location

This role is being offered as hybrid working based at any of our Core HQ’s. We offer great flexible working opportunities at UKHSA and operate using a hybrid working model where business needs allow. This provides us with greater flexibility about how and where we work, to get the best from our workforce. As a hybrid worker, you will be expected to spend a minimum of 60% of your contractual working hours (approximately 3 days a week pro rata, (averaged over a month) working at one of UKHSA's core HQ’s (Birmingham, Leeds and Liverpool). Our core HQ offices are modern and newly refurbished with excellent city centre transport link and benefit from benefit from co-location with other government departments such as the Department for Health and Social Care (DHSC).

Future location

UKHSA is investing in a new state-of-the-art National Biosecurity Centre in Harlow, Essex, which will eventually bring together teams currently based at Canary Wharf, Colindale and Porton Down. For more details, please see: Huge biosecurity centre investment to boost pandemic protection - GOV.UK.

The new facilities will start becoming operational in the mid-2030s, with full completion by 2038. Staff will move in phases as facilities become available. If you're appointed to a role currently based at Canary Wharf, Colindale or Porton Down, please note that we'll continue investing in these sites for the next decade. As we get closer to the transition, we'll provide full information about relocation support available to staff.

Security Clearance Level Requirement

Successful candidates for this role must pass an enhanced disclosure and barring security check before they can be appointed.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is:

  • Basic Personnel Security Standard
  • Security Clearance

For meaningful National Security Vetting checks to be carried out individuals need to have lived in the UK for a sufficient period of time. You should normally have been resident in the United Kingdom for the last 5 years as the role requires Security Check (SC). UK residency less than the outlined periods may not necessarily bar you from gaining national security vetting and applicants should contact the Vacancy Holder / Recruiting Manager listed in the advert for further advice.

Reasonable Adjustments

The Civil Service is committed to making sure that our selection methods are fair to everyone. To help you during the recruitment process, we will consider any reasonable adjustments that could help you. An adjustment is a change to the recruitment process or an adjustment at work. This is separate to the Disability Confident Scheme. If you need an adjustment to be made at any point during the recruitment process you should contact the recruitment team in confidence as soon as possible to discuss your needs.

You can find out more information about reasonable adjustments across the Civil Service here: https://www.civil-service-careers.gov.uk/reasonable-adjustments/

International Police check

If you have spent more than 6 months abroad over the last 3 years you may need an International Police Check. This would not necessarily have to be in a single block, and it could be time accrued over that period.

Internal Fraud check

If successful for this role as one aspect of pre-employment screening, applicant’s personal details – name, national insurance number and date of birth - will be checked against the Cabinet Office Internal Fraud Hub and anyone included on the database will be refused employment unless they can show exceptional circumstances. Currently this is only for External candidates to the Civil Service.

Careers website

Please visit our careers site for more information https://gov.uk/ukhsa/careers



Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Further information

The law requires that selection for appointment to the Civil Service is on merit on the basis of fair and open competition as outlined in the Civil Service Commission's Recruitment Principles. If you feel your application has not been treated in accordance with the Recruitment Principles, and you wish to make a complaint, in the first instance, you should contact UKHSA Public Accountability Unit via email: Complaints@ukhsa.gov.uk If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission: Visit the Civil Service Commission website here.

http://www.healthjobsuk.com/vacancy/7712773

Salary range

  • £56,185 - £70,566 per year