Cyber, Risk & Assurance Lead

You will play a leading role in supporting the Information and Assurance Manager in delivering the operational objectives of the security team. You will act as the first line of support for security-related queries and incidents, maintaining joint ownership of the Corporate Security Team mailboxes, managing workloads, and responding to requests.

You will support the team to effectively manage and maintain the security risk register, working with security business partners to ensure compliance with the risk framework. You will support the security audit schedule (e.g., DSHC, CAF), assisting in the completion of all activities by relevant stakeholders.

You will enable a positive, engaging, and inclusive security culture through supporting security education and awareness programmes, building a network of security partners across Government and the broader security industry to share best practices, adopt common approaches, and foster joint working on areas of mutual interest.

You will support the development of continuous improvements to policies, processes, and standards. You will promote cybersecurity standards and best practices across the GPA, guiding and influencing project and policy decision-making, and seeking innovative solutions to challenging security issues.

Supporting the Information and Assurance Manager, you will work closely with the business to provide trusted advice and support across all aspects of security—data, information, assurance, cyber, and third-party suppliers—safeguarding the Department's assets in relation to confidentiality, integrity, and availability of information, ensuring the GPA meets its legal responsibilities in managing security-related risks.

1. Review cyber security risk assessment processes against policy and approved frameworks (e.g., NIST), shaping the Security by Design (SbD) approach through lessons learned activities; help embed this approach into business and project plans.
2. Reporting: Supporting and developing regular reports on security metrics, incidents, and compliance status for key governance forums and government authorities.
3. Compliance and Assurance: Supporting all audit activities (e.g., DSHC, CAF) and updating audit schedules as required.
4. Incident Management: Updating incident logs, arranging lessons learned sessions, and updating processes or policies as necessary.
5. Supply Chain Security: Working with others to support security assurance activities, providing advice and guidance.
6. Risk Management: Supporting the management and maintenance of the security risk register collaboratively with security partners.
7. Security Awareness and Training: Supporting the delivery of security awareness programs to educate staff on best practices and promote a security-first culture.

We are committed to Equality, Diversity, and Inclusion (EDI) and encourage applications from diverse backgrounds, including candidates with disabilities, from ethnic or gender minorities, and the LGBTQ+ community.