Deputy Director - Protective Security & Information Assurance

Job summary

Do you want to make your mark on role within the emergency services, giving you a chance to make a tangible difference to the security of the UK?

Can you provide inspiring senior leadership while shaping a strong, pragmatic approach to protective security and information assurance across a complex national organisation?

Have you led protective security-related governance, risk, and incident management at scale, influencing senior stakeholders and delivering assurance in a high‑profile environment?

If so, we’d love to hear from you!

The Maritime and Coastguard Agency (MCA) is seeking a Deputy Director – Protective Security & Information Assurance. The Maritime and Coastguard Agency (MCA) implements the government's maritime safety policy in the United Kingdom and works to prevent the loss of life and occurrence of pollution on the coast and at sea.

The Corporate Services Group is responsible for the effective delivery of all Corporate Services to the Maritime & Coastguard Agency (MCA). Corporate Services include IT, Data, Security, Communications, Procurement, Finance, Health & Safety, Human Resources, Governance, Performance, and Property & Facilities.

Joining our department comes with many benefits, including:

• Employer pension contribution of 28.97% of your salary. Read more about Civil Service Pensions here
• 25 days annual leave, increasing by 1 day each year of service (up to a maximum of 30 days annual leave), plus 8 bank holidays and a privilege day for the King’s birthday
• Flexible working options where we encourage a great work-life balance.

Read more in the Benefits section below!

Find out more about what it's like working at: Maritime and Coastguard Agency - Department for Transport Careers

Job description

As the Deputy Director – Protective Security & Information Assurance, you will be responsible for leading the Protective Security, Data Protection, and Knowledge and Information Management functions. You will lead Information Security management for the MCA, setting standards, assuring cyber security, and ensuring policies remain proportionate to evolving risks. Working across government, you will maintain compliance with required standards while upholding strong data protection and information management arrangements across the Agency.

Your responsibilities will include, but aren’t limited to:

1. Providing visible, inclusive leadership that promotes accountability, integrity, and high performance
2. Overseeing teams and senior managers, ensuring strong leadership, capability, and delivery
3. Managing budgets and resources effectively, delivering value for money aligned to demand
4. Setting strategic direction aligned to MCA, corporate, and departmental priorities
5. Leading robust protective security-related governance, risk management, innovation, and deputise for the Director when required
6. Defining and delivering the Agency’s information and cyber security strategy and governance framework
7. Protecting critical assets and managing security risks across the organisation and supply chain
8. Ensuring effective incident response, security culture, data protection, and knowledge management compliance

Great line management is important to us as an organisation, and we will equip and support line managers to develop the skills they need. We aim to empower line managers to create teams where people can flourish and deliver excellent outcomes for the public.

For further information on the role, please read the role profile. Please note that the role profile is for information purposes only - whilst all elements are relevant to the role, they may not all be assessed during the recruitment process. This job advert will detail exactly what will be assessed during the recruitment process.

Person specification

To be successful in this role you will need to have the following experience:

1. Be a credible and authentic leader, with the ability to articulate a vision, and engage people to deliver results.
2. Extensive experience in working on information security programmes in an organisation, ideally in an area that has low tolerance for service disruption or incidents, preferably with experience of working in mission critical environments.
3. Leading security cultural change within a complex organisation
4. Developing and implementing a pragmatic approach to assessing the security, privacy and resilience risks, including engaging stakeholders to create shared understanding of the risks.
5. Operating robust information security risk management processes
6. Providing effective advice on compliance issues, including data protection, and applying public sector guidelines and rules
7. Highly developed interpersonal and influencing skills with a demonstrable ability to develop and maintain effective relationships with a wide range of internal and external stakeholders up to a senior level.
8. A proven track record of delivery providing clear, balanced advice and professional leadership at senior management level, in a way that inspires confidence and promotes effective decision making.
9. Excellent written and verbal communication abilities, with the skill to convey complex information clearly and transparently to diverse audiences.

Additional Information

The role is part of the Government Digital and Data (or Government Security Profession Career Framework) profession and utilises an enhanced Capability–Based Pay Framework which provides access to a Digital and Data allowance.

The base pay is £69,501. In addition to this the role includes a Digital and Data allowance of up to £28,560

The value of allowance awarded will be based on an assessment of your skills and experience as demonstrated through the selection process.
Here are more details on the pay framework.

Working hours, office attendance and travel requirements

Full time roles consist of 37 hours per week. Whilst we welcome applications from those looking to work with us on a part time basis, there is a business requirement for the successful candidate to be able to work at least 30 hours per week.

This role is suitable for hybrid working, which is a non-contractual arrangement where a combination of workplace and home-based working can be accommodated subject to business requirements.

The expectation at present is a minimum of 60% of your working time a month will be spent at either your designated workplace (one of the locations cited in the advert) or, when required for business reasons, in another office/work location/visiting stakeholders. Your designated workplace will be your contractual place of work. There may be occasions where you are required to attend above the minimum expectation.

If you have a question about hybrid working, part time/job share hours, flexible working, travelling for work, or require a reasonable adjustment, please contact the Vacancy Holder during the recruitment process to avoid possible disappointment later in the process should your working arrangements not be compatible with the requirements of the role (see below for contact details).

Visa Sponsorship

Please note that we will only offer sponsorship for a skilled worker visa where a role has been deemed to be business critical. This role does not meet that category, and we will not sponsor a visa. Therefore, this role is not open to applications from those who require sponsorship – candidates must ensure they have the appropriate right to work in the UK before applying. Should you apply for this role and be found to require sponsorship, your application will be rejected and any provisional offer of employment withdrawn.

Behaviours

We'll assess you against these behaviours during the selection process:

• Leadership
• Communicating and Influencing
• Making Effective Decisions
• Seeing the Big Picture

Technical skills

We'll assess you against these technical skills during the selection process:

• Information Risk Assessment and Risk Management – Expert
• Applied Security Capability – Practitioner
• Protective Security – Expert
• Threat Understanding – Practitioner
• Risk Understanding and Mitigation – Practitioner
• Legal and Regulatory Environment and Compliance - Practitioner

Benefits

Alongside your salary of £69,501, Maritime and Coastguard Agency contributes £20,134 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Being part of our brilliant Civil Service means you will have access to a wide range of fantastic benefits:

• Employer pension contribution of 28.97% of your salary. Read more about Civil Service Pensions here
• 25 days annual leave, increasing by 1 day each year of service (up to a maximum of 30 days annual leave).
• 8 Bank Holidays plus an additional Privilege Day to mark the King’s birthday.
• Access to the staff discount portal.
• Excellent career development opportunities and the potential to undertake professional qualifications relevant to your role paid for by the department, such as CIPD, Prince2, apprenticeships, etc.
• Joining a diverse and inclusive workforce with a range of staff communities to support all our colleagues.
• 24-hour Employee Assistance Programme providing free confidential help and advice for staff.
• Flexible working options where we encourage a great work-life balance.

Find out more about the benefits of working at MCA (opens in a new window).

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

How to apply:

Our selection process ensures a comprehensive assessment of each applicant's skills, and potential fit within our organisation.

The selection process for this role will be:

Stage 1: Sift of CV and personal statement

Stage 2: Interview

You must be successful at each stage to progress to the next stage.

Stage 1: Sift

At sift, you will be assessed against the following Success Profile elements:

Experience – you will be asked to provide a CV (unlimited wordcount) and personal statement (1250-word count). Please provide evidence of your Experience of the following:

• Extensive experience in working on information security programmes in an organisation, ideally in an area that has low tolerance for service disruption or incidents, preferably with experience of working in mission critical environments.
• Experience of leading security cultural change within a complex organisation
• Experience of developing and implementing a pragmatic approach to assessing the security, privacy and resilience risks, including engaging stakeholders to create shared understanding of the risks.
• Experience of providing effective advice on compliance issues,

Should a large number of applications be received, an initial sift may be conducted using the lead Success Profile element, “Extensive experience in working on information security programmes in an organisation, ideally in an area that has low tolerance for service disruption or incidents, preferably with experience of working in mission critical environments”. Candidates who pass the initial sift may be progressed to a full sift or progressed straight to assessment/interview.

Please note: the sift will be completed on a rolling basis whilst the campaign is still live, so you may receive your sift scores before the advert closing date.

The sift will take place week commencing 08/06/2026

Stage2: Interview

At interview stage, you will be assessed against the following Success Profile elements:

Behaviours -

• Leadership
• Making Effective Decisions
• Communicating and Influencing
• Seeing the Big Picture

Technical -

Cyber Security Governance & Risk Management - Principal

• Information Risk Assessment and Risk Management – Expert
• Applied Security Capability – Practitioner
• Protective Security – Expert
• Threat Understanding – Practitioner

Cyber Security Audit & Assurance - Principal

• Risk Understanding and Mitigation – Practitioner
• Legal and Regulatory Environment and Compliance – Practitioner

You will also be required to create and deliver a presentation to assess the Behaviour: Communicating and Influencing and Technical: Information Risk Assessment and Risk Management – Expert, and Technical: Risk Understanding and Mitigation – Practitioner. Guidance will be provided if you are invited to interview.

The interviews will take place week commencing 22/06/2026.

This interview will be conducted in person at our Southampton office (Spring Place, 105 Commercial Road, Southampton, SO15 1EG). Further details will be provided to you should you be selected for interview.

You can find out more about our hiring process, how to apply, and application and interview guidance on our careers site (opens in a new window).

Please note that we will try to meet the dates set out in the advert. There may be occasions when these dates will change.

Further information on the selection process

We will also hold a 12 month reserve list for this role, which may lead to potential opportunities beyond the role you applied for. You can read more about our reserve lists here.

Appointments for this position will be made in order of merit. If you are successful in the selection process but there are no further available posts for the advertised role, you may be contacted to discuss an offer for a lower graded role (with similar experience and responsibility requirements).

If you are unsuccessful in the selection process, your application may be considered for a lower graded position if your demonstrated skills and experience meet the requirements of the alternative position. Candidates will be considered in order of merit.

Further Information

For more information about how we hire, and for useful tips on submitting your application for this role, visit the How We Hire page of our DfT Careers website. You can find detailed information about the recruitment process and what to expect when applying for a role.

If your application is successful but you have been dismissed from the Civil Service, your application could be removed at the pre-employment checking stage depending on the nature of the dismissal.

Pre-employment Checking

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5-year period following a dismissal for carrying out internal fraud against government.

All External applicants and current employees of accredited non-departmental public bodies (NDPBs) will be required to undergo a Social Media Check. A Social Media Check is a review of your publicly available online activity, typically across platforms like LinkedIn, Facebook, X (formerly Twitter), Instagram, and others. The purpose is to identify any public posts or content that could raise concerns for employers, such as:

Hate speech or discriminatory behaviour

Threats or acts of violence

Illegal activity or substance misuse

Sexually explicit material

Extremist views or affiliations

Importantly, this check does not involve hacking into your accounts or accessing private messages. It only considers content you have chosen to make public.

Employers use this kind of screening to help ensure their workplace remains safe, inclusive, and aligned with company values. It’s not about judging your personality or lifestyle—it’s about checking for potential red flags that might affect the role or company culture.

If you have questions or concerns about the social media check, we would be happy to explain in more detail what’s being looked at and how your data is handled securely and fairly.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : Helen Wentworth
• Email : helen.wentworth@mcga.gov.uk
• Telephone : 07783669694

Recruitment team

• Email : dftrecruitment.grs@cabinetoffice.gov.uk

Further information

If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, in the first instance, you should contact Government Recruitment Services via email: dftrecruitment.grs@cabinetoffice.gov.uk
If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission: Visit the Civil Service Commission website Here

Attachments

Deputy Director - Protective Security & Information Assurance (Job Profile) Opens in new window (pdf, 276kB)