Back to search

Senior Cyber Security Risk Manager - Home Office Cyber Security

Civil Service

Job Description

Job summary

Home Office Digital designs, builds and develops services for the rest of the department and for government. Every year our systems support up to 3 million visa applications, checks on 100 million border crossings, up to 8 million passport applications and deliver 140 million police checks on people, vehicles and property.

As Senior Cyber Security Risk Manager in the Audit team, you will play a key role in evaluating and strengthening cyber security risk management across the organisation. You will help to evaluate the security risks to information and processes in our supply chain, critical national infrastructure and business critical systems. You will use your expertise and draw on a range of evidence to provide advice to stakeholders across the organisation to support well-informed risk-based decision making and organisational resilience. You will be responsible for conducting either external audits against Home Office suppliers or internal audits against other business areas.

Youll be joining an expert team of cyber professionals, committed to reducing the exposure to cyber-attack of new and existing digital systems. Youll be aided in your role by a diverse and supportive organisational culture, and a commitment to further your continuous development.

This campaign includes two distinct roles:

  • An Internal Audit Role, providing independent, second line assurance over cyber security governance, risk management, and control effectiveness across Home Office business areas.
  • A Supplier Audit role, focused on assessing third-party and supply chain cyber security arrangements to ensure they meet required security, compliance, and risk management standards.

Where business needs allow some roles may be suitable for a combination of office and home-based working. Where this is the case, employees will be expected to spend a minimum of 60% of their working time in the office. Days spent visiting a Home Office or supplier site will also be considered as days in the office. There may be a requirement for occasional travel to other locations.

Watch this short video to hear from members of Home Office Digital talking about the projects they work on and their experience of working here: Working for Home Office Digital.

Job description

The Senior Cyber Security Risk Manager is responsible for delivering independent cyber security assurance across Home Office business areas and suppliers. The role supports the protection of critical government systems and data by identifying, assessing, and mitigating risks across the Home Office and its supply chain.

For the Internal Audit role, this includes providing second line assurance over the effectiveness of governance, risk management, and controls across Home Office business areas, offering insight and challenge to senior stakeholders.

For the Supplier Audit role, this includes assessing third-party and supply chain cyber security arrangements to ensure they meet required security, compliance, and risk management standards.

As a Senior Cyber Security Risk Manager, your main day to day responsibilities will be:

  • Working within established security and risk governance frameworks, supporting and conducting risk management activities such as system and supplier risk assessments, reviewing security schedules and artefacts, and performing supply chain and internal audits including validation of mitigation measures.
  • Communicating effectively with senior stakeholders to ensure they recognise the importance of security considerations and advising senior stakeholders on their approach to risk management, communicating risk assessment outcomes clearly to enable effective decision-making.
  • Contributing to the development and maintenance of cyber security policies, standards, and processes, ensuring alignment with regulations and organisational requirements.
  • Providing advice on cyber security risks and mitigating measures by applying recognised standards and guidance. Assisting risk and service owners in making informed decisions through clear security advice and reporting.
  • Building functional relationships across departments, government bodies, and third-party stakeholders. Collaborating with commercial teams, security specialists and business areas to embed cyber security requirements throughout the procurement and systems/products lifecycle.
  • Planning and delivering Risk based Cyber Security Audits aligned to organisational priorities. Providing independent challenge to Risk owners and stakeholders on the effectiveness of Governance, Risk Management and Control Frameworks.

Person specification

Essential Skills

Youll have a demonstrable experience in, and passion for, Cyber Security including the following skills or experience in:

  • Experience delivering independent audits, including planning, fieldwork, control testing, and reporting.
  • Applying structured audit methodologies, including risk-based planning, control testing, evidence documentation, and reporting.
  • Maintaining integrity of records to support and satisfy audit trails.
  • Working knowledge of industry standards (e.g. ISO 27001, NIST, Government Security Classification).
  • Ability to champion cyber security risk and ensure ongoing appropriateness or practices. 
  • Communicating technical requirements effectively to both technical and non-technical stakeholders.
  • Possess a recognised audit qualification (e.g. CISA, CIA, ISO 27001 Lead Auditor), actively working towards one or willingness to train and obtain the required certification. This is particularly relevant to the Internal Audit role.

SFIA capability framework

Skills for the Information Age (SFIA) is the technical framework that sets the standard capability and development of all levels in the Home Office. This is a link to the capability framework:  All skills A - Z English (sfia-online.org).

We use set SFIA technical skills to form our interview questions and we will assess you against these technical skills during the selection process.

The essential skills listed above are reflective of the Home Office Government Digital and Data Profession Career Framework (based on the industry standard SFIA framework). Use the SFIA levels of responsibilityto understand what would be expected for each of the technical skills listed below.

Strategy and architecture:

Relationships and Engagement:

Yodel are hiring now

Working at Yodel, they promise to support you, develop you and give you all the tools you need to do a great job. They have a range of opportunities across the UK now - why not see if Yodel have the perfect role for you?

See Yodel jobs

Good luck with your application