Lead Cyber Security Vulnerability Manager

Job summary

Please note this role requires you to pass Security Check clearance. For further information, please see 'Selection process details'.

Can you turn complex cyber risks into clear, actionable strategies that keep services safe and resilient?

Digital Security require an experienced Lead Cyber Security Vulnerability Manager. This is a leadership role with responsibility to:

• Lead the development and implementation of the Departments vulnerability management strategy including people, process, and technology elements.
• Ensure organisation-specific vulnerability management policies, procedures and guidelines are aligned with organisational objectives and risk appetite.
• Drive prioritisation security vulnerabilities through a risk-based approach, to meet common organisational objectives such as security policy compliance, regulatory compliance, and industry best practice.
• Collaborate with other Security and Operational teams, Lead with the development of mitigation strategies in order reduce the Departments exposure to the risks presented by unaddressed security vulnerabilities.
• Lead a team of Vulnerability Analysts to manage capability and resource levels and develop their skills, knowledge, and capabilities.
• Use expert knowledge to lead and inform the investigation of cyber security vulnerabilities (risks), develop, and agree remediation and prioritisation actions within agreed KPIs, across multiple Digital functions to protect DWP systems.
• Contribute to the delivery of security awareness to meet the objectives set out in Government Cyber Security Strategy.

Please Note: You will be required to hold one of the following qualifications to be considered for this role:

Certified Information Systems Security Manager (CISSP) or
Certified Information Security Manager (CISM) or
MSc Information Security or equivalent Information Systems audit qualifications (CISA)

Job description

• Lead with the development and implementation of the Departments vulnerability management strategy including people, process, and technology elements.
• Ensure organisation-specific vulnerability management policies, procedures and guidelines are aligned with organisational objectives and risk appetite.
• Drive prioritisation of those vulnerabilities through a risk-based approach, to meet common organisational objectives such as regulatory compliance and audit functions.
• In collaboration with other Security and Operational teams, Lead with the development of mitigation strategies in order reduce the Departments exposure to the risks presented by unaddressed security vulnerabilities.
• Lead a team of Vulnerability Analysts to manage capability and resource levels and develop their skills, knowledge, and capabilities.
• Use expert knowledge to lead and inform the investigation of cyber security vulnerabilities (risks), develop, and agree remediation and prioritisation actions within agreed KPIs, across multiple Digital functions to protect DWP systems.
• Contribute to the delivery of security awareness to meet the objectives set out in Government Cyber Security Strategy.
• Establish interfaces and working processes with other teams within Security and operational teams which have a shared responsibility to deliver a mature vulnerability management programme.

Person specification

When giving details in your CV you should highlight your experience in line with essential criteria below:

• A broad platform knowledge and ability to conduct cybersecurity assessments from a multi-platform perspective.
• Experience in a leadership capacity with an in depth knowledge of vulnerability management as a functional component of a cybersecurity capability.
• Extensive knowledge and experience of working with security principles and technologies for cloud hosted services.
• Advanced understanding of threat intelligence and threat assessment principles and concepts and leads threat intelligence and assessment activities.
• Demonstrable experience of working on complex IT infrastructures and across a multi-domain model, with specific experience working in a vulnerability management role as part of a cybersecurity capability.

If you would like to learn more about the role, please contact Natalie.Selby1@dwp.gov.uk.

Qualifications

Certified Information Systems Security Manager (CISSP) or
Certified Information Security Manager (CISM) or
MSc Information Security or equivalent Information Systems audit qualifications (CISA)

Benefits

Alongside your salary of £75,026, Department for Work and Pensions contributes £21,735 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

We also have a broad benefits package built around your work-life balance which includes:

• Working patterns to support work/life balance such as job sharing, term-time working, flexi-time and compressed hours.
• Generous annual leave – at least 25 days on entry, increasing up to 30 days over time (pro–rata for part time employees), plus 9 days public and privilege leave.
• Support for financial wellbeing, including interest-free season ticket loans for travel, a cycle to work scheme and an employee discount scheme.
• Health and wellbeing support including our Employee Assistance Programme for specialist advice and counselling and the opportunity to join HASSRA a first-class programme of competitions, activities and benefits for its members (subscription payable monthly).
• Family friendly policies including enhanced maternity and shared parental leave pay after 1 year’s continuous service.
• Funded learning and development to support progress in your role and career. This includes industry recognised qualifications and accreditations, coaching, mentoring and talent development programmes.
• An inclusive and diverse environment with opportunities to join professional and interpersonal networks including Women’s Network, National Race Network, National Disability Network (THRIVE) and many more.

Hybrid Working

This role may be suitable for hybrid working, which is where an employee works part of the week in their DWP office and part of the week from home. This is a voluntary, non-contractual arrangement and your office will be your contractual place of work.

If a hybrid working arrangement is suitable for the role and for you, you will normally be required to spend a minimum of 60% of your contracted working hours from your DWP office.

If you have a disability, caring responsibilities, or other circumstances that may affect your ability to meet the minimum office attendance requirement, please discuss this with us using the contact details in this advert.

Salary Information

Pay for this role is from £75,026 to £92,522.

The maximum salary for the grade is £80,267, however a Digital Allowance of up to £12,225 per annum is available for exceptional candidates. Digital Allowance is non-salary, and non-pensionable, and is classed as a temporary allowance. It is reviewed annually where it could be retained, amended, or removed.

Our offer to successful candidates will be based on an assessment of your skills and experience as demonstrated at interview.

Existing Civil Servants who secure a new role on lateral transfer will maintain their current substantive salary.

Existing Civil Servants who gain promotion will move to the bottom of the grade pay scale or receive a 10% increase applied to their current substantive salary, whichever is greater.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

Stage 1: Application

Applications must include:

1. A completed Personal Details application form.

2. A curriculum vitae including education, professional qualifications and full employment history, giving details of key achievements in line with essential criteria listed in the Person Specification.

When uploading your CV, do not include personal information or links to any webpages or profiles that identifies you. This means we can recruit based on your knowledge and skills, and not background, gender or ethnicity. Take out references to your name/title, age, sex, email address, postal address, telephone number or nationality/immigration status.

When giving details of your redacted CV, you should therefore include details of the work and projects that you have been involved in, and your role therein.

For Hints and Tips on completing your application visit Applying for jobs at DWP Digital.

Important information

• Please attach your redacted CV as a separate additional document in either PDF or word format.
• If your CV contains any personal details your application may be withdrawn.

Stage 2: Interview

If you’re successful at sift stage you will be invited to a video interview via Microsoft Teams. There, you will be assessed against the experiences listed in the essential criteria.

Interviews will take place from early May 2026. Sift and Interview dates to be confirmed.

Further Information:

Find out more about Working for DWP

If high application volumes are received, the benchmark for candidates to proceed to the next stage may be raised. In line with our commitment to the Disability Confident Scheme (DCS), we aim to advance all candidates applying under the DCS who meet the minimum standard. However, we may only progress those candidates who best meet the required standards.

A reserve list may be held for a period of 6 months from which further appointments can be made.

All successful candidates and those placed on reserve will be posted in merit list order by location.

For these vacancies, we strongly recommend that applicants consult with an immigration specialist or qualified advisor to assess their eligibility for Visa Sponsorship before deciding to apply. Please note that while we consider sponsorship requests in accordance with current DWP guidance and Home Office policy, sponsorship cannot be guaranteed.

Security Clearance Requirement

You must meet the security requirements before you can be appointed. The level of security needed is security check.

You must have resided continuously in the UK for at least 3 of the last 5 years, 2 of which must have been the immediately preceding years from the point of applying for this job.

For further information on National Security Vetting please visit the Demystifying Vetting website.

Reasonable Adjustment

At DWP we value diversity and inclusion and actively encourage and welcome applications from everyone, including those that are underrepresented in our workforce.

We consider visible and non-visible disabilities, neurodiversity or learning differences, chronic medical conditions, or mental ill health. Examples include dyslexia, epilepsy, autism, chronic fatigue, or schizophrenia.

If you need a change to be made so that you can make your application, you should: Contact Government Recruitment Service via DigitalRecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs.

Complete the “Reasonable Adjustments” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.

For further information on reasonable adjustments, terms and conditions and how we recruit visit the How we recruit page.

The Civil Service values honesty and integrity and expects all candidates to abide by these principles. Please ensure that all examples provided in your application are taken directly from your own experience and that you describe the examples in your own words. Applications will be screened and if evidence of plagiarism or copying examples/answers from other sources is found, your application will be withdrawn. Internal DWP candidates may also face disciplinary action.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : Natalie Selby
• Email : Natalie.Selby1@dwp.gov.uk

Recruitment team

• Email : DigitalRecruitment.grs@cabinetoffice.gov.uk

Further information

Appointment to the Civil Service is governed by the Civil Service Commission Recruitment Principles. If you wish to make a complaint, please find further details here: https://careers.dwp.gov.uk/how-we-recruit/.

Attachments

DWP Terms and Conditions January 2024 (3) Opens in new window (docx, 17kB)Success-Profiles-Candidate-Overview (18) Opens in new window (pdf, 635kB)