Senior Security Risk Assurance Manager

Are you interested in helping protect vital public services and supporting national resilience?

We’re looking for Security Risk and Assurance Managers to join the Department for Work and Pensions (DWP) – one of the UK’s largest government departments. In this analytical role, you’ll help assess and manage information security risks and assurance, supporting the safe and secure delivery of services to millions of people.

The DWP is responsible for welfare, pensions, and child maintenance. We deliver a range of critical services to approximately 20 million customers. In this role, you’ll deliver impartial, expert security insight to senior leaders and stakeholders, ensuring that strategic security risks are identified, analysed, assured and effectively managed. This is your opportunity to make a real impact, embed evidence based assurance, and strengthen resilience across vital public services.

You will join Enterprise Security & Risk Management (ESRM) in DWP’s Security & Data Protection (S&DP) directorate, one of the largest security teams in government. We are responsible for delivering a wide range of specialist security services, solutions and capability to DWP’s 80,000 staff, Arms’ Length and Public Bodies, and industry partners to safeguard the secure and resilient delivery of welfare services. Your work will contribute to the department’s ability to understand and respond to security threats. This is a great opportunity to develop your skills in a high-impact area, working with colleagues across commercial, digital, and operational teams.

We’re a huge organisation, which means a real variety of work, challenge and opportunity. We strongly believe that diversity and inclusion help the organisation thrive and succeed. We know that diverse teams bring a wide range of perspectives, experiences and ideas, which lead to better decision‑making, creativity and innovation. We have a culture where differences are celebrated and our people feel supported, included and empowered.

Join us and be part of an organisation at the leading edge of government security that truly makes a real and positive impact.

In these roles, you will deliver security risk assessment and assurance activities across a wide range of contracts, suppliers and internal services. You’ll help identify, analyse and assure risks by leveraging threat intelligence and understanding of critical assets, assessing supplier and internal services security controls, using evidence to demonstrate their alignment with DWP security expectations and their operational effectiveness.

Working closely with teams across the department, you’ll help ensure risks are clearly understood and effectively managed. You’ll also assist in preparing reports and briefings for senior stakeholders, helping to inform decisions and strengthen resilience. Alongside this, you’ll promote good security practices and play a part in embedding a security risk‑aware culture across the organisation.

We’re looking for people who are adaptable and open to learning new approaches, always looking for ways to improve how things are done. You’ll be a natural problem solver, able to use evidence and judgement to support decisions and suggest practical ways to manage risk. You’ll need to manage competing priorities and stay focused under pressure to deliver high quality work. As an enabler, you’ll support others, share knowledge, and contribute to a positive and collaborative team culture. You will also have excellent verbal and written communication skills, which will help you work effectively with a range of stakeholders.

You will bring an understanding of risk management and assurance, ideally with a security focus. Awareness of third‑party risk management or commercial processes is helpful but not essential.

In return, we offer a flexible, hybrid working environment (DWP operates currently on 60% office attendance) with opportunities to travel to other DWP sites. We offer first rate training and support to help you develop your expertise and you’ll be part of a welcoming and inclusive team where your ideas and contributions are truly valued.

Given the geographic spread of our team, DWP customers, cross‑government stakeholders and industry suppliers, you'll need to be willing to travel to other DWP locations, with periodic overnight stays required.

Specific day‑to‑day responsibilities will vary based on customer demand and strategic priorities, but will include a blend of the following:

• Undertake evidence based security risk assessment and assurance activities across suppliers and internal services to support and deliver effective security risk and assurance capabilities
• Support the development of risk treatment plans, track their implementation and monitor mitigation effectiveness
• Apply structured analytical techniques to assess threats, vulnerabilities, and impacts, providing holistic and robust opinion on the security posture of people, processes, and technology
• Contribute to the development, assessment and updating of enterprise‑level security risks.

• Assist in the development of security requirements for contracts and procurement processes
• Support the analysis of supplier security posture using available data and intelligence
• Identify opportunities for enhanced assurance whilst conducting timely pre‑contract security assurance reviews of suppliers to DWP to inform contract award, risk mitigation and in‑contract security risk management requirements.

• Build effective working relationships with internal and external stakeholders
• Communicate risk and assurance findings clearly and succinctly to non‑expert audiences, including at senior governance levels
• Support the promotion of a risk‑aware culture across DWP and its partners
• Aid development of services to ensure we continue to meet end user needs, stakeholder requirements, and align to wider departmental risk and control assessment practices.

• Contribute to team objectives and continuous improvement of ESRM services
• Share knowledge and support the development of junior colleagues
• Participate in cross‑government communities of practice where appropriate.