Lead Cyber Governance Risk and Compliance Manager

Job summary

About us

The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.

Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.

Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.

Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.

The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission. The team have been nominated four times in a row for ‘Best Public Sector Employer’ at the Women in Tech awards and won the award in 2025!

About the role

Ready to break out of environments where cyber is an afterthought? Join DBT and help mature a security capability in a department that values expertise, moves quickly, and gives you the autonomy to drive meaningful change. This is a place where your skills won’t be sidelined, they’ll set the direction.

As part of DBT’s Cyber Security team, you will lead delivery of Cyber Governance, Risk and Compliance within the Governance, Risk and Compliance (GRC) function. Reporting to the Head of Cyber Governance, Risk and Compliance you will work with colleagues across Digital, Data and Technology (DDaT), and the wider Government Security Profession across government.

The GRC team plays a critical role in establishing governance, managing cyber risk, and maintaining system security assurance. They also deliver GovAssure, security training and user education, maintain security policy, set compliance standards, and manage the delivery of cyber audits. Consequently, this role requires strong leadership and acumen across cyber security and corporate disciplines to actively shape governance practices and provide expert advice to inform senior decision-makers.

You will lead and support the uplift of organisational cyber posture within a broad remit, providing strong opportunity for personal development through empowerment to deliver within a growing government department. Indeed, in DBT we prioritise the wellbeing and careers of our Cyber professionals, with access to industry recognised training and civil service development pathways.

Job description

Main responsibilities

The post holder will be responsible for delivery across multiple areas within a complex cyber security portfolio. Experience across as many of the below as possible is desirable:

• Risk Management: Undertake and lead complex cyber risk assessments, including, where applicable, tailored threat analysis, supply chain risk assessment, and compliance with legislation, regulation and policy.
• Supplier Assurance and standards: Integrate assurance approaches to provide confidence that organisational security needs are met, aligning with UK Government standards such as the Government Security Policy Framework, ISO 27001, and NCSC Cyber Governance Code of Practice.
• Digital Programmes: Provide cyber expertise and lead cyber delivery of key digital programmes of work across the organisation, ensuring all works are conducted cognizant of risk and in compliance with governmental standards and best practice.
• Security Audits: Lead cyber audit activities, compliance reviews and penetration tests, including GovAssure and Secure by Design, collaborating with diverse stakeholders to implement mitigations through the programme lifecycle.
• User Education: lead the strategic delivery of cyber security education and awareness across the organisation, developing auditable datasets that identify key areas for improvement and evidence knowledge uplift iteratively.
• Policy and Strategy: Champion and develop strategies, security policies, standards and procedures across the cyber governance, risk and compliance portfolio ensuring they remain responsive to evolving threats and business requirements.
• Third Party engagement: Support arm's length bodies and partner organisations to uplift their cyber security posture, standardising and sharing knowledge to align with departmental approaches, governmental standards and best practice wherever possible.
• Provide Expert Advice: Offer specialist cyber security and data protection guidance to risk owners and stakeholders, enabling informed, risk-based decisions.
• Stakeholder Engagement: Build strong relationships with internal and external stakeholders, including senior leaders, to enhance organisational cyber security capability.
• Promote Best Practice: Act as an advocate for cyber security best practice within DBT and across government, engaging with peers in the public sector and industry.

If you have some, but not all of the above, we would like to hear from you!

Person specification

Skills and experience

It is essential that you have:

• Proven experience in cyber security governance, risk, and compliance within complex or regulated environments. ( LEAD)
• Demonstrable experience across cyber security or technology, evidenced through qualifications (e.g. undergraduate/master’s degree), relevant industry experience in positions such as systems, development, computer forensics, networking etc.
• Excellent communication skills, with experience distilling complex issues and translating technical matters and cyber risks into clear briefings for senior stakeholders and deliverables for wider business.
• Experience leading cyber security risk and assurance activities, collaborating with audit, legal, and compliance teams.
• Experience leading and delivering large programmes across multiple teams and stakeholders.

It is desirable that you have:

• Demonstrable experience delivering GovAssure and/or Secure by Design.
• Experience delivering user education informed by data, using diverse engagement methods.
• Relevant certifications such as CISSP, CISM, or CRISC or an interest to work towards.

Behaviours

We'll assess you against these behaviours during the selection process:

• Changing and Improving
• Making Effective Decisions
• Communicating and Influencing
• Seeing the Big Picture

Technical skills

We'll assess you against these technical skills during the selection process:

• Information risk assessment and risk management
• applied security capability
• protective security
• threat understanding

Benefits

Alongside your salary of £62,534, Department for Business and Trade contributes £18,116 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Benefits

If you join us, you will get:

• learning and development tailored to your role
• a flexible, hybrid working environment with options like condensed hours
• a culture encouraging inclusion and diversity
• a Civil Service pension with an average employer contribution of 28.97%
• annual leave starting at 25 days rising to 30 days with service
• three paid volunteering days a year
• an employee benefits programme including cycle to work

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

At the interview stage for this role, you will be asked to demonstrate relevant Technical Skills and Behaviours from the Success Profiles framework. These are role specific and in line with the Government Security Profession Career Framework.

You will also be asked to present a technical case study on a related topic, to be confirmed prior to interview.

Technical Skills

• Information risk assessment and risk management
• applied security capability
• protective security
• threat understanding

Behaviours

• Changing and improving
• Making effective decisions
• Communicating and influencing
• Seeing the big picture

How to apply

As part of the application process you will be asked to upload a two-page CV and complete a 1250 personal statement outlining how you meet the essential skills and experience listed above. You can use bullet points and subheadings if you prefer.

Sift will be from week commencing 2nd February

Interviews will be from week commencing 16th February

Please note these dates are indicative and may be subject to change.

If there is a high volume of applications, we will sift looking at your Lead criteria Proven experience in cyber security governance, risk, and compliance within complex or regulated environments. - only. You may then be progressed to full sift or straight to interview.

How we offer

Offers will be made in merit order based on location preferences. If you pass the bar at interview but are not the highest scoring you will be held on a 12-month reserve list in case a role becomes available. If you are judged a near miss at interview, you may be offered a post at the grade below the one you applied for.

This role requires SC clearance. DBT’s requirement for SC clearance is to have been present in the UK for at least 3 of the last 5 years. Failure to meet this requirement will result in your application being rejected and your offer will be withdrawn.

Checks will also be made against:

• departmental or company records (personnel files, staff reports, sick leave reports and security records)
• UK criminal records covering both spent and unspent criminal records
• your credit and financial history with a credit reference agency
• security services record
• location details

More about us

This role can only be worked from within the UK, not overseas. If you are based in London, you will receive London weighting. DBT employees work in a hybrid pattern, spending 2-3 days a week (pro rata) in the office on average. Travel to your primary office location will not be paid for by DBT, but costs for travel to an office which is not your main location will be covered.

You can find out more about our office locations, how we calculate salaries, our diversity statement and reasonable adjustments, the Recruitment Principles, the Civil Service code and our complaints procedure in the candidate pack attached to this advert.

Find out more about life at DBT, our benefits and meet the team by watching our video or reading our blog!

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : Ddat.recruitment@businessandtrade.gov.uk
• Email : Ddat.recruitment@businessandtrade.gov.uk

Recruitment team

• Email : Ddat.recruitment@businessandtrade.gov.uk

Further information

Our recruitment process is underpinned by the principle of appointment on the basis of fair and open competition and appointment on merit, as outlined in the Civil Service Commissioners’ Recruitment Principles. If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should in the first instance contact DBT by email at Resourcing@trade.gov.uk. If you are not satisfied with the response you receive, you can contact the Civil Service Commission, which regulates all Civil Service recruitment. For further information on bringing a complaint to the Civil Service Commission please visit their web pages: Civil Service Commission Complaints

Attachments

DDaT Candidate Pack Aug 25 - Final Opens in new window (pdf, 499kB)