Principal Cyber Risk Management and Assurance Advisor

The Government Digital Service (GDS) is the digital centre of government. We are responsible for setting, leading and delivering the vision for a modern digital government.

Our priorities are to drive a modern digital government, by:

1. joining up public sector services
2. harnessing the power of AI for the public good
3. strengthening and extending our digital and data public infrastructure
4. elevating leadership and investing in talent
5. funding for outcomes and procuring for growth and innovation
6. committing to transparency and driving accountability

We are home to the Incubator for Artificial Intelligence (I.AI), the world-leading GOV.UK and at the forefront of coordinating the UK’s geospatial strategy and activity. We lead the Government Digital and Data function and champion the work of digital teams across government.

We’re part of the Department for Science, Innovation and Technology (DSIT) and employ more than 1,000 people all over the UK, with hubs in Manchester, London and Bristol.

The Information Security team at GDS protects the people, services and information used to deliver critical government digital infrastructure such as GOV.UK and One Login. We do this by supporting a secure software development lifecycle, setting and checking proportional organisation policies and building a positive, no-blame security culture across the organisation.

The Government Digital Service is where talent translates into impact. From your first day, you’ll be working with some of the world’s most highly-skilled digital professionals, all contributing their knowledge to make change on a national scale.

Join us for rewarding work that makes a difference across the UK. You'll solve some of the nation’s highest-priority digital challenges, helping millions of people access services they need

Job description

• lead cyber and information security risk management, assurance, and architectural advisory for major applications and digital services during alpha, beta, and early live phases
• deliver critical security assessments and IT Health Checks, providing expert assurance across portfolio projects, with a focus on SaaS tooling compliance against NCSC Cloud Security Principles
• facilitate and oversee Security Working Groups throughout all key development and deployment stages, ensuring risks are tracked, logged, and reported to the Head of Cyber Risk and Assurance, with actionable recommendations provided
• produce formal risk assessments and risk treatment plans (RTPs) for all digital services and associated tooling, ensuring robust protection in accordance with business risk appetite
• develop, review, and advise on Secure by Design policies/practices, including safe use of AI, secure coding, and regulatory compliance frameworks (e.g., OWASP, DPIA, GovAssure)
• coordinate cross-platform activities and enable secure delivery of new GDS services, including supporting incident management and continuous improvement of live service security practices
• routinely provide monthly (and ad-hoc) risk briefings to senior leaders, evidencing assurance, identifying risks outside tolerance, mapping exposure, and recommending mitigations and controls
• mentor and train digital service teams and wider Information Security staff, sharing best practices and building internal capability for risk assessment and management
• support implementation and ongoing usage of risk management tooling, ensuring all details are uploaded promptly and appropriately, such as the SureCloud risk register
• engage proactively with senior internal and external stakeholders, promoting security culture and enabling confident delivery aligned with organisational priorities
• future line management activities as the team grows

Person specification

• demonstrable experience delivering high-quality, detailed cyber security risk assessments and assurance in large, fast moving, complex digital environments, ideally government or critical infrastructure
• in-depth understanding of cyber risk management, threat modelling, security architectural advice, and formal IT Health Checks, including experience with SaaS environments and cloud security principles
• experience interpreting and applying relevant cyber security standards, regulatory frameworks, and secure by design principles within a multi-disciplinary digital team
• a self-starter, using your considerable experience and skills to work independently and with confidence 
• track record of building cross-functional relationships and leading multi-platform security initiatives, with the ability to brief, influence, and advise senior stakeholders
• strong written, verbal, and interpersonal communication skills, able to distil complex findings into actionable recommendations for non-technical and executive audiences
• evidence of personal commitment to continuous learning and sharing of best practices, with experience mentoring, coaching, or enabling capability-building in others
• ability to assess the implications and risks of emerging technologies (such as AI, SaaS, cloud services) and proactively recommend security interventions
• knowledge of Civil Service values: respect, collaboration, inclusivity, and commitment to public service, with a strong focus on organisational culture

Indicative professional qualifications / accreditations

• relevant industry qualifications and accreditations e.g. , CISSP or hold a Master’s Degree in a relevant discipline.

Benefits

Alongside your salary of £67,126, Government Digital Service contributes £19,446 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

There are many benefits of working at GDS, including:

• flexible hybrid working with flexi-time and the option to work part-time or condensed hours
• a Civil Service Pension with an average employer contribution of 28.97%
• 25 days of annual leave, increasing by a day each year up to a maximum of 30 days
• an extra day off for the King’s birthday
• an in-year bonus scheme to recognise high performance
• career progression and coaching, including a training budget for personal development
• paid volunteering leave
• a focus on wellbeing with access to an employee assistance programme
• job satisfaction from making government services easier to use and more inclusive for people across the UK
• advances on pay, including for travel season tickets
• death in service benefits
• cycle to work scheme and facilities
• access to an employee discounts scheme
• 10 learning days per year
• volunteering opportunities (5 special leave days per year)
• access to a suite of learning activities through Civil Service learning

Any move to Government Digital Service from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk 

Office attendance
The Department operates a discretionary hybrid working policy, which provides for a combination of working hours from your place of work and from your home in the UK. The current expectation for staff is to attend the office or non-home based location for 40-60% of the time over the accounting period.
DSIT does not normally offer full home working (i.e. working at home); but we do offer a variety of flexible working options (including occasionally working from home).

Things you need to know

Selection process details

The standard selection process for roles at GDS consists of:

• a simple application screening process - We only ask for a CV and answers to three specific questions
• a 75 minute video interview

Depending on how many applications we get, there might also be an extra stage before the video interview, for example a phone interview or a technical exercise.

Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action.  Please see our candidate guidance for more information on appropriate and inappropriate use.

In the event we receive a high volume of applications, we will conduct the initial sift against the lead criteria which is: 

• Demonstrable experience delivering high-quality, detailed cyber security risk assessments and assurance in large, fast moving, complex digital environments, ideally government or critical infrastructure.

Please note that this role requires SC clearance, which would normally need 5 years’ UK residency in the past 5 years. This is not an absolute requirement, but supplementary checks may be needed where individuals have not lived in the UK for that period. This may mean your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible.In the Civil Service, we use Success Profiles to evaluate your skills and ability. This gives us the best possible chance of finding the right person for the job, increases performance and improves diversity and inclusivity. We’ll be assessing your technical abilities, skills, experience and behaviours that are relevant to this role.

For this role we’ll be assessing you against the following Civil Service Behaviours:

• changing and improving
• seeing the bigger picture
• communicating and influencing
• working at pace

We’ll also be assessing your experience and specialist technical skills against the following skills defined in the Government Security Profession’s Cyber Security Risk Manager Principal Professional Career framework (see pages 122-125 inclusive) for the Cyber Security Risk Manager Principal role.

• Information risk assessment & risk management
• Applied security capability
• Protective security
• Threat understanding

Recruitment Timeline

Sift completion: 9/12/2025

Panel interviews: starts 16/12/2025

Candidates that do not pass the interview but have demonstrated an acceptable standard may be considered for similar roles at a lower grade.

A reserve list will be held for a period of 12 months, from which further appointments can be made.

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service D&I Strategy.

Sponsorship

DSIT cannot offer Visa sponsorship to candidates through this campaign. DSIT holds a Visa sponsorship licence but this can only be used for certain roles and this campaign does not qualify.

Feedback will only be provided if you attend an interview or assessment.