Cyber Security Risk Manager (Principal)

The Government Property Agency is the largest property holder in government, with more than £2.1 billion in property assets and over 55% of the government’s office estate.

We are transforming the way the Civil Service works by creating great places to work, leading the largest commercial office programme in the UK, working towards halving carbon emissions from government offices, and achieving greater value for taxpayers. And we are looking for innovative, solutions-focused people to join our team.

Representing the best covenant in the UK – His Majesty’s Government – we are leading significant transformational programmes such as the Government Hubs Programme, Whitehall Campus Programme and Net Zero Programme. We are also delivering cost‑effective property services such as asset management, lifecycle replacement and workplace services.

Innovation and progress underpin our behaviours. We foster a culture of lifelong learning, where curiosity and self‑improvement are encouraged. Our four core values are at the heart of everything we do. They shape our culture and guide how we work, lead and grow together:

• Striving for excellence - We always aim to deliver great results
• Empowering through respect - We insist on fair treatment for all, always
• Acting with integrity - We consistently do the right thing
• Succeeding together - We rely on each other to achieve success

The GPA is committed to representing the communities we serve by making Diversity, Equality and Inclusion part of everything we do.

To ensure that we are always recruiting and retaining a diverse mix of talent, we are particularly inviting applications from candidates who are disabled, ethnically or gender diverse, and people who identify as being part of the LGBTQ+ community.

Join our dynamic and diverse team that leads with purpose, improving sustainability, nurturing social value, driving inclusivity and flexibility, and kickstarting economic growth. We are driven by purpose, and you can be part of it too: where you make a meaningful impact; where you influence; where your voice really matters; where you help to shape our future direction.

You will support the Chief Security Officer and Security Advisor in the delivery of the security strategy by being a Subject Matter Expert, apply your expertise to identify, analyse, evaluate, and mitigate risks for a variety of systems and services.

Working closely with the business and key stakeholders to provide trusted advice and support across all aspects of Security – data, information, assurance, cyber, and 3rd party suppliers, safeguarding the Department’s assets and managing security risks.

This is a varied and complex role that directly focuses on the delivery of Personnel, Cyber, Information and Supply Chain security, whilst working with other teams on the delivery of Physical, Technical and Operational security.

Lead and work collaboratively with stakeholders to provide subject matter expertise on a range of security & risk requirements and oversee the Identification, delivery and escalation of security risks for the business, influencing appropriate decisions in keeping within the GPA risk appetite.

You will deliver and implement a wide range of security risk and assurance activities, aligning our delivery to Government Standards, Frameworks and Industry best practice, continuously adapting our approach to improve our security maturity.

You will be responsible for communicating security standards, articulate threats, negotiate security enhancements, and conduct assurance activities across various environments, including on-premise and cloud solutions.

Conduct regular security assessments to identify vulnerabilities and recommend appropriate controls aligning to both government and industry best practice, identifying opportunities for continuous improvement in our delivery.

Delivering holistic security across the whole lifecycle of systems and services, embedding security into our supply chain and reviewing compliance to standards by advising on appropriate mitigations and controls.

You will lead on creating a positive, engaging and inclusive security culture through security education and awareness programmes, building a network of security partners across Government, and the broader security industry to share best practice, adopt common approaches and foster joint working on areas of mutual interest.

Key Responsibilities:

• Incident Management: Being the initial escalation point for managing incidents, advising on remediation actions, and developing security plans for future improvements via lessons learnt exercises.
• Security Policies: Implementing comprehensive security policies and procedures in alignment with UK government standards and best practices.
• Security Awareness and Training: Support the delivery of security awareness programs to educate staff on security best practices and promote a security first culture throughout the organisation.
• Compliance and Assurance: Ensure compliance with relevant security regulations and standards, conducting regular security audits, supporting Secure by Design and completing DSHC, CAF etc.
• Supply Chain Security: Working with others across the business to carry out security assurance activities, providing expert security advice for tenders or contracts, and working collaboratively to mitigate risks throughout the lifecycle of the service.
• Reporting: Supporting the Security Advisor in preparing regular reports on security metrics, incidents, and our compliance status for key governance forums and government authorities.
• Risk Management: Maintaining the security risk register by continually assessing security risks and vulnerabilities of projects and services, regularly communicating with service/asset owners to mitigate risks.
• Security Operations: Overseeing day‑to‑day security operations, including incident response, threat detection, and security monitoring, to promptly identify and address security incidents.