Principal Security Risk Assurance Manager

DWP is seeking a Principal Security Risk Assurance Manager to drive Supply Chain Security excellence across one of the UK’s largest public service departments.

The Department for Work and Pensions (DWP) is responsible for welfare, pensions, and child maintenance policy. We deliver a range of critical services to approximately 20 million customers. In this influential role, you will deliver impartial, expert insight to senior leaders and stakeholders, ensuring that strategic Supply Chain Security risks are identified, understood, and effectively managed. This is your opportunity to make a real impact, embed data-driven assurance, and strengthen resilience across vital public services.

You will lead the Supply Chain Security function in DWP’s Security & Data Protection (S&D P) directorate, one of the largest security teams in government. We are responsible for delivering a wide range of specialist security services, solutions, and capability to DWP’s 80,000 staff, Arm's Length and Public Bodies, and industry partners to ensure the secure and resilient delivery of welfare services.

We are a huge organisation. That means a real variety of work, challenge, and opportunity. And we strongly believe that diversity and inclusion is not only the right thing to do but is also essential for a thriving and successful organisation. We know that diverse teams bring a wide range of perspectives, experiences, and ideas, which lead to better decision‑making, creativity, and innovation. We have a culture where differences are celebrated and our people feel supported, included, and empowered.

Join us and be part of an organisation at the leading edge of government security that truly values diversity and inclusion and makes a real‑world positive impact.

As the Principal Security Risk Assurance Manager, you will play a critical role in safeguarding DWP’s services by directing the security posture of suppliers. You will lead the identification and analysis of Supply Chain risks, translating complex data and threat intelligence into clear, actionable insights for decision‑makers. Working closely with commercial, delivery, and security teams, you will strengthen resilience, ensure compliance, and protect sensitive assets across a diverse supplier landscape. Your work will directly support strategic assurance efforts and help shape a proactive, risk‑aware culture across DWP and its partners.

Responsibilities will include:

• Leading by example, visibly and confidently engaging colleagues and stakeholders to support and deliver effective security risk and assurance capabilities
• Clearly define priorities, ensuring all risk analysis and assurance activities align with departmental and HMG strategic risk. Reflect priorities in measurable team objectives and strategic plans
• Identify opportunities for enhanced assurance of DWP’s supplier and known Supply Chain risks
• Continue to iterate the service to ensure we continue to meet end user needs, stakeholder requirements, and align to wider departmental risk and control assessment practices
• Inspire and develop team members, ensuring they are equipped with the skills and support needed to deliver high‑quality outputs.

• Direct the delivery of timely security assurance reviews of suppliers to DWP to inform contract award, risk mitigation, and in‑contract Security Risk Management requirements
• Ensure that industry trends, new technologies and up to date threat modelling is factored into assurance activities to maintain best in class service to DWP
• Represent the Supply Chain Security Assurance function at Cross Government and Industry bodies and act as a spokesperson for Supply Chain Assurance benefits.

• Lead and deliver a data‑driven analysis to improve both contract and enterprise‑level decision‑making, providing holistic and robust opinion on the security posture of people, processes, and technology
• Direct the delivery of activities ranging from targeted contract or supplier‑focused risk assessments to inform the management of specific risks, through to enterprise‑level assessments of DWP exposure to security risk from its vast and complex Supply Chain
• Deliver quarterly strategic updates to Director General level customers on Supply Chain security and timely responses to any urgent and ad‑hoc requests, balancing the need for accuracy with the necessity of quick decision‑making.

• Establish and maintain relationships with key stakeholders in Commercial, Legal, Digital, and other enabling functions to collectively identify and address Supply Chain security risks
• Clearly communicate analytical results and complex concepts to non‑expert audiences, including senior stakeholders, to secure buy‑in and support for recommendations
• Champion Supply Chain Security and Risk Management services across DWP, particularly within Commercial Directorate
• Lead the development of a cross‑government Supply Chain Security and resilience community of practice and collaborate with Other Government Departments.

We have a supportive and collaborative team culture in Enterprise Security & Risk Management (ESRM). With a fantastic induction programme and year‑round learning opportunities, we will provide you with the skills and experience you need to be confident in your role. We welcome applications from skilled and knowledgeable security professionals and can support you in gaining relevant qualifications and certifications (such as ISO27005 Risk Manager, certified in the Governance of Enterprise IT (CGEIT) or CompTIA+) if you do not already hold them.

Given the geographic spread of our team, DWP customers, cross‑government stakeholders, and industry suppliers, you will need to be willing to travel to other DWP locations, with regular overnight stays required.