Cyber Security Risk Manager Lead

Join to apply for the Cyber Security Risk Manager Lead role at Office for National Statistics

1 week ago Be among the first 25 applicants

Join to apply for the Cyber Security Risk Manager Lead role at Office for National Statistics

Get AI-powered advice on this job and more exclusive features.

The ONS operates a flexible hybrid working model across the UK, with colleagues linked to one of our contractual locations working between office and remote throughout the week. The locations for this role are Newport, Titchfield (Fareham), London and Manchester.

All colleagues are required to work from their contractually allocated site for at least 40% of their working time. Due to current capacity constraints there is currently an exception for colleagues based at the Manchester office with office attendance being 20% this is expected to move to 40% attendance in 2025-2026.

The induction process for the role will be conducted in person.

Job Summary

The Office for National Statistics (ONS) has a long history of working with personal, economic and commercial information. Security and the management of information used for corporate and statistical activities is critical to business operations and the trust that citizens place in us. ONS has a strong commitment to protecting this information.

The last few years has seen an extensive overhaul of security and information management to meet the challenges of corporate and statistics transformation in technology, methods and practice, the Digital Economy Act and organisational risk appetite. The capability is evolving and expanding to address changes in threat and business direction.

Security and Information Management Directorate (SaIM) operates five key services across ONS: security risk advice and management; knowledge and information management (KIM); physical security and business continuity; security compliance and audit; security operations including our Security Operations Centre.

Job Description

The Cyber Security Risk Manager - Lead role forms part of the Advisory Security team within the Security and Information Management Division at the Office for National Statistics (ONS). The role reports to the Cyber Security Risk Manager - Principal.

The primary focus of the role is to provide the Organisation with security advice and best practice to develop ‘Secure by Design’ protections for organisational assets and embed the ONS Security Framework - principles; policies; processes; threat model; security risk management into the ONS. This includes security advice, guidance and risk management activities to support large cross-disciplinary programmes of work, such as the Integrated Data Service (IDS), as well as engagement with specialised business units in their delivery objectives.

Key outcomes from the role are the identification of security risk within the business context, the identification of appropriate mitigation approaches for business selection and the management of these options through to implementation within the live service. The security advice provided will be informed by threat, vulnerability and risk analysis for business and third parties. Effective communication of security concepts and providing appropriate guidance to stakeholders at different levels is key for the role.

The focus, outcomes and responsibilities are aligned to the Government Security Profession framework of the Cyber Security Risk Manager – lead.

Key Responsibilities

• Support and influence the development of business-focused security solutions for large programmes of work, digital products and business operations that cover data collection, storage and processing, deployed both internally and externally;
• Identify security threat and risk to the Organisation’s digital products and business operations being developed through Agile methodologies and Supplier processes;
• Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation;
• Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures;
• Lead the analysis and derivation of business-supporting security needs for large programmes of work, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation;
• Consult with and influence the Organisation’s security stakeholders to ensure that the solutions deployed are secure and fit for purpose;
• Liaise effectively with the Organisation’s business, technology and security colleagues to build their security capability and ensure various business needs are supported by appropriate, proportional security solutions.
• Provide general security architecture, guidance and advice to the stakeholders, ensuring that security policies and security controls remain appropriate and adaptable to the changing threat environment, business requirements and ONS policies;
• Provide tailored advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise;
• Provide expert security advice that highlights Cyber Security related risks, so risk or service owners can make well-informed and audit-able decisions.
• HMG Vetting at Security Clearance (SC) and if appropriate Developed Vetting (DV) level will be required once in role.
  
  

The Cyber Security Risk Manager - Lead role forms part of the Advisory Security team within the Security and Information Management Division at the Office for National Statistics (ONS). The role reports to the Cyber Security Risk Manager - Principal.

The primary focus of the role is to provide the Organisation with security advice and best practice to develop ‘Secure by Design’ protections for organisational assets and embed the ONS Security Framework - principles; policies; processes; threat model; security risk management into the ONS. This includes security advice, guidance and risk management activities to support large cross-disciplinary programmes of work, such as the Integrated Data Service (IDS), as well as engagement with specialised business units in their delivery objectives.

Key outcomes from the role are the identification of security risk within the business context, the identification of appropriate mitigation approaches for business selection and the management of these options through to implementation within the live service. The security advice provided will be informed by threat, vulnerability and risk analysis for business and third parties. Effective communication of security concepts and providing appropriate guidance to stakeholders at different levels is key for the role.

The focus, outcomes and responsibilities are aligned to the Government Security Profession framework of the Cyber Security Risk Manager – lead.

Key Responsibilities

• Support and influence the development of business-focused security solutions for large programmes of work, digital products and business operations that cover data collection, storage and processing, deployed both internally and externally;
• Identify security threat and risk to the Organisation’s digital products and business operations being developed through Agile methodologies and Supplier processes;
• Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation;
• Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures;
• Lead the analysis and derivation of business-supporting security needs for large programmes of work, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation;
• Consult with and influence the Organisation’s security stakeholders to ensure that the solutions deployed are secure and fit for purpose;
• Liaise effectively with the Organisation’s business, technology and security colleagues to build their security capability and ensure various business needs are supported by appropriate, proportional security solutions.
• Provide general security architecture, guidance and advice to the stakeholders, ensuring that security policies and security controls remain appropriate and adaptable to the changing threat environment, business requirements and ONS policies;
• Provide tailored advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise;
• Provide expert security advice that highlights Cyber Security related risks, so risk or service owners can make well-informed and audit-able decisions.
• HMG Vetting at Security Clearance (SC) and if appropriate Developed Vetting (DV) level will be required once in role.
  
  

Person specification

Essential Criteria:

• Expert knowledge of application, infrastructure and networking security controls and systems covering physical, procedural and technical (ICT) areas, particularly in relation to data management.
• Experienced in providing detailed security advice and technical security solutions in a UK Government Department, with an ability to effectively communicate complex security requirements and solutions to a wide range of stakeholders.
• Good knowledge of UK Government Security Policy Framework, Information Assurance Standards, e.g. ISO 27001, DPA and ability to communicate security requirements and outcomes at all levels.
• Holding or working towards relevant professional qualifications and memberships e.g. Senior Practitioner level within the CESG Certified Professional scheme (CCP), British Computer Society (BCS).
• Track record in working as part of a multi-divisional team covering a multi-discipline environment, ideally in supporting large programmes of work.
  
  

Link to The Government Security Profession career framework

Behaviours

We'll assess you against these behaviours during the selection process:

• Seeing the Big Picture
• Communicating and Influencing
• Leadership
  
  

Technical skills

We'll assess you against these technical skills during the selection process:

• Applied Security Capability - Practitioner
• Information Risk Assessment and Risk Management - Practitioner
• Protective Security - Practitioner
• Threat Understanding - Practitioner
  
  

Alongside your salary of £58,594, Office for National Statistics contributes £16,974 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

The Office for National Statistics is part of the Civil Service, and as such we share a number of key benefits with other departments, whilst also having our own unique offerings to support our 5400 valued colleagues across the business.

Whether you are hearing about us for the first time or already know a bit about our organisation, we hope that the benefits pack attached (bottom of page) will give you a great insight into the benefits and facilities available to our colleagues, and our fantastic working culture.



Inclusion & Accessibility

At ONS we are always looking to attract the very best people from the widest possible talent pool, and we are proud to be an inclusive, equal opportunities employer. As a Disability Confident Leader we’re committed to ensuring that all candidates are treated fairly throughout the recruitment process.

As part of our application process, you will be prompted to provide details of any reasonable adjustments to our recruitment process that you need. If you would like to discuss any reasonable adjustments before applying, please contact the recruitment team in the first instance.

If you would like an accessible version of any of the attachments or recruitment documents below or linked to in this advert, please contact the recruitment team who will be happy to assist.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

Security Clearance

For ONS the requirement for SC clearance is to have been present in the UK for 3 consecutive years immediately prior to applying and the department will consider eligibility by exception on a case-by-case basis. You will be asked to provide information regarding your UK residency during your application, and failure to provide this will result in your application being rejected.

If you are unsure that you meet the eligibility above, please read the information available on Gov.uk on this link or contact the recruitment email on the advert before applying to discuss, as failure to meet the residency requirements will result in your security clearance application being rejected and any offer of employment being withdrawn.

At the point of SC application, you will need to provide or give access to the following evidence:

• Departmental or company records (personnel files, staff reports, sick leave reports and security records)
• UK criminal records covering both spent and unspent criminal records
• Your credit and financial history with a credit reference agency
• Security Services records
  
  

We may also reach out to you mid-campaign to confirm eligibility for this role.

Application Support

All applicants will have access to AI resources, it is therefore important to remember these tools, although helpful in streamlining the writing process, cannot fully understand the organisational context, or requirements for the role you are applying for.

To maintain authenticity and credibility of the application process, should you choose to use generative AI tools, you need to ensure the information you provide in your supporting evidence accurately reflects your skills, knowledge, and experience.

ONS does not advocate relying solely on generative AI to write your application. Doing so may negatively impact your chances of success during the selection process.

If you are invited to interview, please be aware the use of AI tools is prohibited, and any suspected use may result in the termination of your interview and subsequent withdrawal from the campaign.

Please note that all campaigns may be subject to withdrawal at any stage if the internal resource position changes.

Application Process

Number of Stages: 2 stage process

Stage 1: Application

Stage 2: Interview

Stage 1 – Application

The assessment process at the application stage will be based on your work history, skills, experience, CV, and personal statement. It is important that your application is tailored to highlight the skills, knowledge, and experience relevant to the role.

If a personal statement is required at application stage, it will state the maximum word count allowed (1250 words), which should not be exceeded. Where it is a requirement to make a personal statement, you should provide evidence for each essential skill criterion listed in the person specification. As these criteria are scored, it is advisable to give clear examples for each one, including the impact of your actions, ideally utilising the STAR technique (Situation, Task, Action, Result).

Please note that Success Profiles Behaviour examples are not required at this stage of the application process.

In instances where a high number of applications are received, the sift pass mark may be adjusted, and candidates will be invited to interview based on merit order, i.e., those with the highest scores.

Stage 2 – Interview

If invited to interview, you will be assessed using techniques aligned with the Civil Service Success Profiles framework, covering all behaviours listed in the job advert and any required technical skills.

Interviews may be in person or via Microsoft Teams.

A reserve list may be held for a period up to 6 months from which further appointments may be made.

The Sift will be conducted from 07/07/2025

Interviews will be conducted from 21/07/2025

For the full terms and conditions of the post, please see attachment.

This role is eligible for Government Digital and Data (GDD) Capability and Pay Framework. If you are successful at interview, your salary is directly linked to your capability outcome. Your capability is determined by the scores achieved during the Technical section of the interview. Full feedback will be provided to you at the point of offer.

All successful candidates are required to undertake an annual capability assessment, pay will vary depending on the outcome, for example, if you achieve a lower capability outcome your pay will decrease, if you achieve a higher capability outcome your pay will increase. Failure to complete the annual assessment means you will be moved to ONS pay terms and conditions and your pay will be adjusted.

All existing allowances will not be considered when calculating starting salary, starting salary is directly linked to capability outcomes only. Note, this also applies to existing Civil Servants (including ONS colleagues) moving to the GDD Capability and Pay Framework.

Feedback will only be provided if you attend an interview or assessment.

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

Security

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This Job Is Broadly Open To The Following Groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
  
  

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job Contact :

• Name : Government-Digital-and-Data-Recruitment@ons.gov.uk
• Email : Government-Digital-and-Data-Recruitment@ons.gov.uk
  
  

Recruitment team

• Email : Government-Digital-and-Data-Recruitment@ons.gov.uk
  
  

Further information

If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, in the first instance, you should contact recruitment.complaints@ons.gov.uk. If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Finance and Sales
• Industries
  Government Administration

Referrals increase your chances of interviewing at Office for National Statistics by 2x

London, England, United Kingdom 1 week ago

London, England, United Kingdom 3 weeks ago

London, England, United Kingdom 3 weeks ago

City Of London, England, United Kingdom 1 week ago

London, England, United Kingdom 1 week ago

London, England, United Kingdom 1 month ago

London, England, United Kingdom 2 weeks ago

London, England, United Kingdom 2 days ago

London, England, United Kingdom 1 month ago

London, England, United Kingdom 4 weeks ago

London, England, United Kingdom 3 days ago

London, England, United Kingdom 4 weeks ago

London, England, United Kingdom 3 weeks ago

London, England, United Kingdom 1 month ago

London, England, United Kingdom 4 weeks ago

London, England, United Kingdom 3 days ago

London, England, United Kingdom 2 months ago

London, England, United Kingdom 2 weeks ago

City Of London, England, United Kingdom £80,000.00-£90,000.00 1 week ago

Staines-Upon-Thames, England, United Kingdom 1 week ago

London, England, United Kingdom 1 week ago

City Of London, England, United Kingdom £70,000.00-£85,000.00 1 day ago

London, England, United Kingdom 1 month ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.