Search
Header navigation
Information Security Governance and Risk Manager

Information Security Governance and Risk Manager

UK Research and Innovation
remoteHybrid
ExpiresExpires: Expiring in less than 4 weeks
IT
Full time
£58,589 per year

Job summary

Corporate Hub
Salary: £58,589
Band: UKRI Band F
Contract Type: Open Ended – Permanent (Compressed hours & flexible working patterns available)
Hours: Full-time (flexible working available)
Location: Keyworth, Nottingham or Polaris House, Swindon- Hybrid working available

Closing Date: Sunday 14th June 2026

Step into the world where cutting-edge science meets robust information security. Protect the technology that powers groundbreaking discoveries and be part of the team that safeguards the future of Big Science. Here, you’ll collaborate with leading engineers, researchers, and technologists to tackle the most pressing security challenges in a fast-paced, innovative environment. Every day offers you the chance to defend vital data and systems, ensuring that the pursuit of scientific excellence continues securely and seamlessly.

Discover the difference you can make when you bring your expertise in information security to an organisation at the forefront of global research - working alongside some of the brightest minds and most advanced facilities in the world.

Security

As a minimum, due to the nature of this role, candidates must be eligible for clearance in line with UK National vetting guidelines and willing to undertake the process. Please indicate eligibility in the written submission. Candidates not meeting this level of clearance will not be considered.

The level of clearance required is security check .

Job description

About the role

The UKRI CIO Group plays a pivotal role in managing and optimising the organisations critical enterprise technical services that underpin and enable UKRI’s business capabilities. Within the group a team of Information Security Professionals support the delivery of modern, secure, resilient and scalable services across a larger federated team of Digital, Data and Technology professionals to deliver impact across the organisation and the wider UK research and innovation system.

Join us for this rare opportunity to apply your experience in information security governance, risk and assurance in a dynamic, fast-paced strategic role in an organisation at the heart of research and innovation in the UK. Managing the Information Security Governance, Risk and Assurance function your broad remit is to drive the implementation of our ambitious information security roadmap and support the UKRI Head of Information Security to mature our information security function. You will lead UKRI’s cyber security risk, compliance and assurance activity for cloud and enterprise services (AWS and Azure). You will own the information security management system (ISMS) and accreditations (ISO 27001 and Cyber Essentials Plus), run the information security risk framework, and drive secure-by-design assurance for new and existing services. You will work across UKRI’s federated technology estate to set proportionate controls, monitor compliance, and provide clear, actionable risk reporting to senior stakeholders.

Your responsibilities:

  • Own and lead UKRI’s Information Security Governance, Risk and Assurance framework.
  • Own, operate and continuously improve the Information Security Management System (ISMS).
  • Provide end‑to‑end security assurance for cloud and enterprise services (AWS and Azure).
  • Define and maintain UKRI’s security policy and control framework.
  • Enable and support risk ownership across UKRI’s federated technology and business teams.
  • Develop and maintain meaningful security metrics, dashboards and management information.
  • Define, deliver and track a multi‑year security governance, risk and assurance roadmap.
  • Lead security assessment, testing and remediation activity.
  • Provide ongoing oversight of supplier and third‑party security risk.
  • Establish and maintain enterprise visibility of assets, services and data risk context.
  • Provide governance leadership across incident management, people, suppliers and assurance partnerships.
  • Ensure governance‑level oversight of significant security incidents.

Person specification

The below criteria will be scored during Shortlisting (S), Interview (I) or both (S&I).

Applicants will be able to demonstrate skills in line with the cyber security risk manager roles using the Government Security Profession career framework.

Essential

  • Degree in a related subject or relevant comparable education. (S)
  • A professional qualification (e.g., CISM, CISSP, CCSP, ISO 27001 Lead Implementer/Lead Auditor). (S)
  • Effective decision-making, communication and interpersonal skills, with the ability to adapt communication style and approach to different environments and audiences. (I)
  • Self-motivated, shows initiative and works with minimal direction, demonstrating strong customer focus. (S&I)
  • Changing and improving processes, systems, and people to achieve positive outcomes. (S&I)
  • Strong knowledge of information security governance, risk management and compliance, including operating within an ISO/IEC 27001 management system. (S&I)
  • In-depth understanding of cloud security principles and practices for AWS and Azure, including secure configuration, identity, logging, network controls and data protection. (S&I)
  • Ability to coordinate and communicate security risk issues at a senior level and propose solutions that are appropriate, proportionate and effective. (S&I)
  • Strong problem-solving and analytical skills, including interpreting technical evidence and translating it into business risk. (S&I)

Benefits

Alongside your salary of £58,589, UK Research and Innovation contributes £16,973 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

We recognise and value our employees as individuals and aim to provide a favourable pay and rewards package. We are committed to supporting employees' development and promote a culture of continuous learning!

A list of benefits below:

  • An outstanding defined benefit pension scheme
  • 30 days' annual leave in addition to 10.5 public and privilege days (full time equivalent)
  • Employee discounts and offers on retail and leisure activities
  • Employee assistance programme, providing confidential help and advice
  • Flexible working options

Plus many more benefits and wellbeing initiatives that enable our employees to have a great work life balance!

For further information on our benefits please see:

Benefits of working at UK Research and Innovation (UKRI)

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

We know different organisations use different processes, so we wanted you to know what to expect from us.

Stage 0 - Pre-application

If you would like to find out more about the role we encourage prospective applicants to get in touch with us to discuss the opportunity.

Stage 1 - Written Submission

Candidates will need to submit a written application which consists of 2 parts:

  • A CV – this should contain your work experience and any skills, qualifications and accomplishments relevant to the jobs you have completed based on the shortlisting criteria.
  • A personal statement (max. 1000 words) - this statement should be used to provide examples of how you meet the essential criteria listed in the shortlisting criteria.

Applications will be reviewed for suitability and shortlisted.

Stage 2 - Interview

Applicants who are successful at stage 1 will be invited to interview. The interview will generally be 1 hour in length. The interview will consist of competency-based questions. A presentation will be required.

Stage 3 - Outcome

The panel outcome is decided and the successful candidate will be offered verbally first, followed by a formal offer letter.

We encourage candidates to apply as soon as possible, as we reserve the right to close this vacancy early.

Please apply online, if you experience any issue applying, please contact Recruitment@ukri.org

Please note, if you will require sponsorship to work in the UK, as part of your sponsorship application, you and any dependants travelling with you, will be required to pay costs directly to The Home Office for the application before you start your role with us. UKRI is normally able to reimburse some, or all of these fees after you have become an employee and this can be discussed with the Hiring Manager. For more information, please visit https://www.gov.uk/skilled-worker-visa/how-much-it-costs or contact Recruitment@ukri.org.



Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service

Please note this Post is NOT regulated by the Civil Service Commission.The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Salary range

  • £58,589 per year