Senior Cyber Security Risk Manager

Home Office Cyber Security at the Home Office plays a vital role in protecting one of the UK’s largest government departments and its nationally critical digital infrastructure.

As Senior Cyber Security Risk Manager, you will identify, understand and mitigate cyber‑related risks. You will help to evaluate the security risks to information and processes in our critical national Infrastructure and business‑critical systems. You will use your expertise and draw on a range of evidence to provide advice to stakeholders across the organisation to ensure well‑informed risk‑based decision making. You will also be responsible for conducting external audits against Home Office suppliers and internally against other business areas.

Where business needs allow some roles may be suitable for a combination of office and home‑based working. Where this is the case, employees will be expected to spend a minimum of 60% of their working time in the office. There may be a requirement for occasional travel to other locations.

Watch this short video to hear from members of Home Office Digital talking about the projects they work on and their experience of working here: Working for Home Office Digital.

The Senior Cyber Security Risk Manager plans and implements organisation‑wide processes and procedures for the management of risk. They monitor the efficiency and effectiveness of the risk management processes across the organisation and make recommendations for continuous improvement.

As a Senior Cyber Security Risk Manager, your main day to day responsibilities will be:

• Working within established security and risk governance frameworks, supporting and conducting risk management activities such as system and supplier risk assessments, reviewing security schedules, and performing supply chain audits. Communicating risk assessment outcomes clearly to stakeholders to enable effective decision‑making.
• Contributing to the development and maintenance of cyber security policies, standards, and processes, ensuring alignment with regulations and organisational requirements. Providing advice on cyber security risks by applying recognised guidance and validating mitigation measures. Assisting risk and service owners in making informed decisions through clear security advice and reporting.
• Building functional relationships across departments, government bodies, and third‑party stakeholders. Collaborating with commercial teams to embed cyber security requirements throughout the procurement lifecycle.
• Supporting GovAssure compliance by aligning risk management processes with the Cyber Assessment Framework (CAF) and government assurance standards. Coordinating and contributing to GovAssure assessments, including evidence collection, gap analysis, and remediation planning to maintain compliance with mandated security requirements.