Technology Risk Capability Lead

Job summary

As the Government Cyber Unit, our mission is to protect public services and the wider Government from cyber threats by setting strategic direction, managing programmes that implement the strategy across central government, establishing standards and policies, supporting secure digital service delivery, assuring cyber security, and leading operational response to threats, vulnerabilities and incidents.

The risks facing government and the public sector mirror the scale and complexity of government. Some risks exist in aggregate across government and need active management to stop them impacting multiple areas or becoming a national security issue.

This role is pivotal in defining and implementing a cross-government approach to address these challenges, strengthening our ability to manage and respond to complex technology risks across our organisation and government.

We’re part of the Department for Science, Innovation and Technology (DSIT) and employ more than 1,000 people all over the UK, with hubs in Manchester, London and Bristol.

You will be joining the Technology Risk team, part of the Cyber Accountability Deputy Director area, helping to drive consistent, effective technology risk management across government.

Join us for rewarding work that makes a difference across the UK. You'll solve some of the nation’s highest-priority digital challenges, helping millions of people access services they need

The Technology Risk team sits within the Cyber Accountability area and works across central teams and departments to improve how technology risks are identified, understood and acted on—using frameworks, data and targeted engagement to drive accountability and investment.

Job description

This role focuses on building capability within departments, improving risk management practices, driving remediation efforts, and ensuring technology risk is considered in decision-making and investment.

If you’re motivated by national-scale impact, this is a chance to shape how government understands and manages technology risk. You’ll work with departments and central teams to strengthen risk capability, create consistent approaches to assessing and reporting risk, and use insights to help leaders make better decisions—so issues like legacy IT, resilience, supply chain vulnerabilities and emerging technologies are managed before they become incidents.

You’ll work across organisational boundaries, bringing together policy, assurance and operational perspectives to help drive consensus and action. Using evidence from data, assessments and engagement, you’ll help departments prioritise remediation and investment, and support maturity uplift in technology risk management.

You’ll also contribute to capability building across the risk profession—developing and sharing guidance, training and peer learning—to support consistent implementation at scale.

As a Technology Risk Capability Lead you’ll:

• work with departments to improve their capability to assess, manage and report technology risks, including articulating, setting and monitoring risk appetites
• develop consistent methods for identifying, categorising and measuring technology risks, including legacy IT, digital resilience, supply chain vulnerabilities and new technologies
• create and share guidance, training and peer learning to build capability across the risk profession
• use data and insights to support decision-making, governance and performance monitoring for technology risk
• support consistent approaches to controls management and driving remediation across government
• work with central teams and departments to uplift maturity in technology risk management
• coordinate with assurance, policy and operational leads so technology risk is embedded in decision-making and portfolio planning

Person specification

We’re interested in people who have:

• experience managing technology or operational risk in a complex environment, including use of appropriate risk assessment methods
• strong understanding of organisational risk appetite, risk assessment and risk treatment, and the ability to interpret risk in relation to corporate governance, strategic direction, and planning
• confident influencing and advising senior stakeholders, including boards and executive teams, with the ability to communicate tailored security and risk information
• ability to work across organisational boundaries, providing meaningful security, and risk communication to support alignment, decision making, and action
• experience designing policy, frameworks, or guidance that combine external information and organisational context to support a holistic and proportionate understanding of risk
• experience creating and implementing risk management frameworks and applying them to complex or non-standard scenarios
• understanding of digital service delivery challenges including legacy systems, resilience, and technical debt, and how security measures might impact on users or business needs
• ability to use data and insights from a range of relevant sources, to support security or risk related decision making, governance and performance monitoring

Benefits

There are many benefits of working at GDS, including:

• flexible hybrid working with flexi-time and the option to work part-time or condensed hours
• a Civil Service Pension with an average employer contribution of 28.97%
• 25 days of annual leave, increasing by a day each year up to a maximum of 30 days
• an extra day off for the King’s birthday
• an in-year bonus scheme to recognise high performance
• career progression and coaching, including a training budget for personal development
• a focus on wellbeing with access to an employee assistance programme
• job satisfaction from making government services easier to use and more inclusive for people across the UK
• advances on pay, including for travel season tickets
• death in service benefits
• cycle to work scheme and facilities
• access to an employee discounts scheme
• 10 learning days per year
• volunteering opportunities (5 special leave days per year)
• access to a suite of learning activities through Civil Service learning

Any move to Government Digital Service from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk

Office attendance
The Department operates a discretionary hybrid working policy, which provides for a combination of working hours from your place of work and from your home in the UK. The current expectation for staff is to attend the office or non-home based location for 40-60% of the time over the accounting period.
DSIT does not normally offer full home working (i.e. working at home); but we do offer a variety of flexible working options (including occasionally working from home).

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

The standard selection process for roles at GDS consists of:

• a simple application screening process - We only ask for a CV and cover letter of up to 750 words. Important tip - please ensure that your cover letter includes how you meet the skills and experience listed in the “person specification” section above
• a 60 minute video interview

Depending on how many applications we get, there might also be an extra stage before the video interview, for example a phone interview or a technical exercise.

In the event we receive a high volume of applications, we will conduct the initial sift against the lead criteria which is: experience managing technology or operational risk in a complex environment, including use of appropriate risk assessment methods

In the Civil Service, we use Success Profiles to evaluate your skills and ability. This gives us the best possible chance of finding the right person for the job, increases performance and improves diversity and inclusivity. We’ll be assessing your technical abilities, skills, experience and behaviours that are relevant to this role.

For this role we’ll be assessing you against the following Civil Service Behaviours:

• working together
• changing and improving
• making effective decisions
• communicating and influencing

We’ll also be assessing your experience and specialist technical skills against the following skills defined in the Government Cyber Security Capability Framework for the Risk Manager Lead (Page 125) role:

• Information risk assessment and risk management - Practitioner (Page 297)
• Applied Security Capability - Practitioner (Page 279)
• Protective Security - Practitioner (Page 309)
• Threat Understanding - Practitioner (Page 326)

Recruitment Timeline

Sift completion: 20/4/2026

Panel interviews: Starting from 28/4/2026

Candidates that do not pass the interview but have demonstrated an acceptable standard may be considered for similar roles at a lower grade.

A reserve list will be held for a period of 12 months, from which further appointments can be made.

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service D&I Strategy.

Please note that this role requires SC clearance, which would normally need 5 years’ UK residency in the past 5 years. This is not an absolute requirement, but supplementary checks may be needed where individuals have not lived in the UK for that period. This may mean your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible.

For meaningful checks to be carried out, you will need to have lived in the UK for a sufficient period of time, to enable appropriate checks to be carried out and produce a result which provides the required level of assurance. Whilst a lack of UK residency in itself is not necessarily a bar to a security clearance, and expectation of UK residency may range from 3 to 5 years. Failure to meet the residency requirements needed for the role may result in the withdrawal of provisional jobs offers.

Sponsorship

DSIT cannot offer Visa sponsorship to candidates through this campaign. DSIT holds a Visa sponsorship licence but this can only be used for certain roles and this campaign does not qualify.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : gdsrecruitment@dsit.gov.uk
• Email : gdsrecruitment@dsit.gov.uk

Recruitment team

• Email : gdsrecruitment@dsit.gov.uk

Further information

If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, you should contact gds-complaints@dsit.gov.uk in the first instance.

If you are not satisfied with the response you receive you can contact the Civil Service Commission by email: info@csc.gov.uk Or in writing: Civil Service Commission, Room G/8 1 Horse Guards Road, London, SW1A 2HQ.