Senior Cyber, Governance, Risk and Compliance Manager

Job summary

The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.

Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.

Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.

Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.

The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission. The team have been nominated four times in a row for ‘Best Public Sector Employer’ at the Women in Tech awards and won the award in 2025!

Job description

Ready to move into a space where cyber isn’t an afterthought but a priority? Join DBT and help mature a security capability in a department that values expertise, moves quickly, and gives you the autonomy to drive meaningful change. This is a place where your skills won’t be sidelined, they’ll set the direction.

The GRC team plays a critical role in establishing governance, managing cyber risk, and maintaining system security assurance. They also deliver GovAssure, Secure by Design, security training and user education, maintain security policy, set compliance standards, and manage the delivery of cyber audits. Consequently, this role requires strong acumen across cyber security and corporate disciplines to actively shape governance practices and provide expert advice to inform decision-makers. Sitting at the heart of DBT’s Cyber Security function, as a Senior Cyber Governance, Risk and Compliance (GRC) Manager, you will play a central role in maturing the organisation’s cyber governance model, completing risk assessments, driving assurance activity, and helping to embed strong security culture across DBT.

Working closely with Lead GRC Managers and collaborating with colleagues across Cyber Security, DDaT, and the wider Government Security Profession, this is a role that blends strategic thinking with hands on delivery. You will support the uplift of organisational cyber posture within a broad remit, providing strong opportunity for personal development through empowerment to deliver within a growing government department. Indeed, in DBT we prioritise the wellbeing and careers of our Cyber professionals, with access to industry recognised training and civil service development pathways.

Main responsibilities

The post holder will be required to deliver across multiple areas within a complex cyber security portfolio. Experience across as many of the below as possible is desirable:

• Risk Management: Undertake complex cyber risk assessments, including, where applicable, tailored threat analysis and supply chain assurance, in compliance with appropriate legislation, regulation and policy.
• Digital Programmes: Provide cyber expertise and actively contribute to the delivery of key digital programmes of work across the organisation, ensuring all works are conducted cognizant of risk and in compliance with governmental standards and best practice, including ISO 27001, NCSC guidance, NIST CSF, NIS regulations and internal policy requirements.
• Security Audits: Manage cyber audit activities, compliance reviews and penetration tests, including GovAssure and Secure by Design, collaborating with diverse stakeholders to implement mitigations throughout programme lifecycles.
• User Education: Deliver cyber security education and awareness training across the organisation, developing auditable datasets that identify key areas for improvement and evidence knowledge uplift iteratively.
• Policy and Strategy: Contribute to the production and delivery of cyber strategies, security policies, standards and procedures across the cyber governance, risk and compliance portfolio ensuring they remain responsive to evolving threats and business requirements.
• Third party engagement: Support arm's length bodies and partner organisations to uplift their cyber security posture, standardising and sharing knowledge to align with departmental approaches, governmental standards and best practice wherever possible.
• Provide specialist cyber guidance: Offer specialist cyber security and data protection guidance to risk owners and stakeholders, enabling informed, risk-based decisions, while acting as an advocate for best practice within DBT and across government, engaging with peers in the public sector and industry.
• Stakeholder Engagement: Build strong relationships with internal and external stakeholders, including senior leaders, to enhance organisational cyber security capability.

Person specification

It is essential that you have:

• Proven workplace experience in cyber security governance, risk, and compliance, and demonstrable knowledge across cyber security or technology, evidenced through qualifications or relevant industry experience (e.g systems, development, computer forensics, networking etc) (Lead Criteria)
• Excellent communication skills, with experience distilling complex issues and translating technical matters and cyber risks into clear briefings for senior stakeholders and deliverables for wider business
• Experience conducting cyber security risk and assurance activities, collaborating with audit, legal, and compliance teams
• Experience supporting delivery of cyber maturity uplift programmes across multiple teams and stakeholders
• Experience producing cyber policy, ideally using a recognised policy framework

It is desirable that you have:

• Exposure to GovAssure and/or Secure by Design
• Experience delivering user education using diverse engagement methods
• Relevant certifications such as CISSP, CISM, or CRISC or an interest to work towards

Behaviours

We'll assess you against these behaviours during the selection process:

• Seeing the Big Picture
• Communicating and Influencing
• Changing and Improving

Technical skills

We'll assess you against these technical skills during the selection process:

• Information risk assessment and risk management
• Applied security capability
• Protective security
• Threat understanding

Benefits

• Learning and development tailored to your role
• A flexible, hybrid working environment with options like condensed hours
• A culture encouraging inclusion and diversity
• A Civil Service pension with an average employer contribution of 28.97%
• Annual leave starting at 25 days rising to 30 days with service
• Three paid volunteering days a year
• An employee benefits programme including cycle to work

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

As part of the application process you will be asked to upload a two-page CV and complete a 1250-word personal statement outlining how you meet the essential skills and experience listed above. You can use bullet points and subheadings if you prefer.

Sift will be from week commencing 2nd March 2026

Interviews will be from week commencing 16th March 2026

Please note these dates are indicative and may be subject to change.

If there is a high volume of applications, we will sift looking at the lead criteria 'Proven workplace experience in cyber security governance, risk, and compliance, and demonstrable knowledge across cyber security or technology, evidenced through qualifications or relevant industry experience (e.g systems, development, computer forensics, networking etc)’ only. You may then be progressed to full sift or straight to interview.

How we interview

At the interview stage for this role, you will be asked to demonstrate relevant Technical Skills and Behaviours from the Success Profiles framework. These are role specific and in line with the Government Security Profession Career Framework.

You will also be asked to deliver a presentation and will be informed on the topic following the sift.

How we offer

Offers will be made in merit order based on location preferences. If you pass the bar at interview but are not the highest scoring you will be held on a 12-month reserve list in case a role becomes available. If you are judged a near miss at interview, you may be offered a post at the grade below the one you applied for.

This role requires SC clearance. DBT’s requirement for SC clearance is to have been present in the UK for at least 3 of the last 5 years. Failure to meet this requirement will result in your application being rejected and your offer will be withdrawn.

Checks will also be made against:

• departmental or company records (personnel files, staff reports, sick leave reports and security records)
• UK criminal records covering both spent and unspent criminal records
• your credit and financial history with a credit reference agency
• security services record
• location details

More about us

This role can only be worked from within the UK, not overseas. If you are based in London, you will receive London weighting. DBT employees work in a hybrid pattern, spending 2-3 days a week (pro rata) in the office on average. Travel to your primary office location will not be paid for by DBT, but costs for travel to an office which is not your main location will be covered.

You can find out more about our office locations, how we calculate salaries, our diversity statement and reasonable adjustments, the Recruitment Principles, the Civil Service code and our complaints procedure in the candidate pack attached to this advert.

Find out more about life at DBT, our benefits and meet the team by watching our video or reading our blog!

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : DDaT Recruitment
• Email : Ddat.recruitment@businessandtrade.gov.uk

Recruitment team

• Email : Ddat.recruitment@businessandtrade.gov.uk

Further information

Our recruitment process is underpinned by the principle of appointment on the basis of fair and open competition and appointment on merit, as outlined in the Civil Service Commissioners’ Recruitment Principles. If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should in the first instance contact DBT by email at Resourcing@trade.gov.uk. If you are not satisfied with the response you receive, you can contact the Civil Service Commission, which regulates all Civil Service recruitment. For further information on bringing a complaint to the Civil Service Commission please visit their web pages: Civil Service Commission Complaints

Attachments

DDaT Candidate Pack Opens in new window (pdf, 506kB)