Security Risk and Assurance Lead

Job descriptionJob Title: Security Risk and Assurance LeadBand: 5Salary: £57,954 - £65,400Location: Liverpool/Newport/Norwich/BirminghamTerms: PermanentHours: Full Time/Compressed HoursClosing Date: 17/07/25Insight into CCS - WebinarDon't miss out on gaining valuable insight into CCS and our recruitment process!Join us on Monday 7th July at 5:30 PM. Please use this link to register your attendance for this session or any of our upcoming sessions.Are you ready to lead on protective security, advising with authority, managing risk with precision and ensuring governance that protects CCS and upholds Government security standards?Job SummaryThe Security Risk and Assurance Lead will focus on protective security across various domains, including personnel, cyber, and supplier risks. This role will ensure adherence with Government standards and regulations while delivering assurance. The successful candidate will provide expert security advice, develop risk management strategies, and foster a culture of awareness, building strong relationships with key stakeholders across the organisation and government.Directorate OverviewFinance, Planning and Performance oversees our financial reporting, develops budgets and projections, formulates business plans, tracks implementation progress, measures success metrics and manages corporate risk.Team SummaryThe Security and Assurance Team is a multidisciplinary unit dedicated to maintaining holistic security within CCS. This team plays a crucial advisory role, encompassing governance, risk management, and assurance across various security pillars, including cyber, personnel and physical security, incident response, and supplier security. Through a collaborative approach, the team ensures that comprehensive security measures are integrated and effectively managed across all areas of the enterprise.Key AccountabilitiesLead the analysis and derivation of business-supporting security needs, undertake protective security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislationIndependently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structuresProvide assurance by identifying deficiencies in the testing, monitoring, and management of security controls, ensuring ongoing compliance with legal, regulatory, and organisational standards for robust data protectionProvide expert security advice that highlights protective security related risks, so risk or service owners can make well-informed and auditable decisionsDevelop risk management-related policies and assurance frameworks, ensuring their ongoing relevance and compliance with regulatory standards as well as broader organisational and government policiesProvide tailored expert advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertiseReview internal controls after a security breach, providing advice on fixing any vulnerabilities found. Agree on and oversee the most suitable remedial solutions, controls, and safeguards for the organisationSupport the delivery of security awareness programs to educate staff on security best practices and promote a security first culture throughout the organisationBuild and maintain strong relationships with internal and external stakeholders. Communicate effectively with senior leadership and other teams across CCS and wider GovernmentRepresent the security function at a senior level and act as an escalation point for business stakeholdersEssential Criteria (to be assessed at application stage):Strong understanding of the UK Government Security Policy framework and its application across Government. Familiar with supporting frameworks such as the Cyber Assessment Framework (CAF), ISO 27001, and NCSC and NPSA guidance to ensure integrated protective securityDemonstrable experience in conducting threat and risk assessments, security audits and assurance activities to identify vulnerabilities and recommend proportionate mitigation. Skilled in applying risk-based approaches to inform protective security decisions and resilience planningExperience in developing and implementing security policies, standards and governance frameworks aligned with risk appetite and standards. Able to translate strategic security objectives into procedures that ensure compliance and accountabilityProven ability to advise senior stakeholders on protective security matters, translating complex risks into actionable guidance. Effective communicator who promotes a strong security culture and aligns security priorities with business needsDemonstrated resilience in demanding situations, including the management of security incidents. Proficient in coordinating and handling security breaches, with experience in post-incident analysis to identify vulnerabilities and suggest remedial actionsSuccess Profiles (to be assessed at interview):You will be assessed against the following Behaviours:LeadershipSeeing the big pictureMaking effective decisionsYou will also be assessed against the following Technical skills linked to the Government Security Profession Career Framework:Protective Security - PractitionerRisk understanding and mitigation - PractitionerApplied Security Capability - Practitioner(A link to the Civil Service Success Profiles Framework is provided below)Success Profiles FrameworkWhat we will offer you, here are some of the benefits you can expect:Competitive salary Generous pension schemeA discretionary non-contractual performance related bonus Working remotely in addition to working in advertised office locationFlexi time scheme (available for B1-B6)Minimum 25 days annual leave to a maximum service related 30 days excluding bank holidaysExplore fully how we will rewardyour work.Want to make a difference? Find out more about the rewarding work that we do in our candidate pack.The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil ServiceD&I Strategy.We want to make our recruitment process accessible to everyone, so if there is any way that we can support you, please contact [email protected] flexibly, delivering outcomesCCS is a flexible business with a smarter working model where our colleagues benefit from a mix of home and office working. Successful candidates are expected to work from one of the office locations listed. Our current office attendance approach requires a minimum of 26 days per quarter (approx 2 days per week, which may be subject to change) in CCS office locations or off site meetings with suppliers, customers, partners, networking / industry events. This is pro rata for those who work part time. Our smarter working principles mean that our people have the advantage of both office and offsite based collaboration and learning, as well as working from home. This way of working allows us to honour our commitment to being a responsible business, offer flexibility and better work life balance as well as ensuring we deliver our business with confidence and in accordance with our CCS values.Selection ProcessCandidates who are successful at sift will be contacted as soon as possible following the closing date and advised of the interview process in more detail. The sift will commence WC 21st July and interviews will be held WC 4th August either at one of our offices or via video with interview times and dates to be confirmed. (Subject to change)To find out more about our recruitment process please click herePlease note: Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.A reserve list may be held for up to 12 months, which the Civil Service may use to fill future suitably similar vacancies across government for candidates who are considered appointable following interview. Should you be placed on a reserve list and want to be removed please contact [email protected] procedureOur recruitment processes are underpinned by the principle of selection for appointment on merit on the basis of fair and open competition as outlined in the Civil Service Commissioners’ Recruitment Principles details of which can be found athttp://civilservicecommission.independent.gov.uk If you feel your application has not been treated in accordance with the Recruitment Principles, and you wish to make a complaint, you should contact [email protected] in the first instance.If you remain unsatisfied with the response you receive you can then contact the Civil Service Commission at [email protected] Working for the Civil ServiceThe Civil Service Code sets out the standards of behaviour expected of civil servants. Complaints ProcedureOur recruitment processes are underpinned by the principle of selection for appointment on merit on the basis of fair and open competition as outlined in the Civil Service Commission’s Recruitment Principles details of which can be found athttps://civilservicecommission.independent.gov.uk/recruitment/recruitment-principles/If you feel your application has not been treated in accordance with the Recruitment Principles, and you wish to make a complaint, you should contact [email protected] in the first instance.If you remain unsatisfied with the response you receive you can then contact the Civil Service Commission at [email protected] candidates should apply using theirWorkday account. Please use the careers hub for your application.Originally posted on Himalayas

Apply Now