Security Risk and Assurance Lead

Are you ready to lead on protective security, advising with authority, managing risk with precision and ensuring governance that protects CCS and upholds Government security standards?

The Security Risk and Assurance Lead will focus on protective security across various domains, including personnel, cyber, and supplier risks. This role will ensure adherence with Government standards and regulations while delivering assurance.

The successful candidate will provide expert security advice, develop risk management strategies, and foster a culture of awareness, building strong relationships with key stakeholders across the organisation and government.

Directorate Overview

Finance, Planning and Performance oversees our financial reporting, develops budgets and projections, formulates business plans, tracks implementation progress, measures success metrics and manages corporate risk.

Team Summary

The Security and Assurance Team is a multidisciplinary unit dedicated to maintaining holistic security within CCS. This team plays a crucial advisory role, encompassing governance, risk management, and assurance across various security pillars, including cyber, personnel and physical security, incident response, and supplier security. Through a collaborative approach, the team ensures that comprehensive security measures are integrated and effectively managed across all areas of the enterprise.

Job Description Key Accountabilities

• Lead the analysis and derivation of business-supporting security needs, undertake protective security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation.
• Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures.
• Provide assurance by identifying deficiencies in the testing, monitoring, and management of security controls, ensuring ongoing compliance with legal, regulatory, and organisational standards for robust data protection.
• Provide expert security advice that highlights protective security related risks, so risk or service owners can make well-informed and auditable decisions.
• Develop risk management-related policies and assurance frameworks, ensuring their ongoing relevance and compliance with regulatory standards as well as broader organisational and government policies.
• Provide tailored expert advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise.
• Review internal controls after a security breach, providing advice on fixing any vulnerabilities found. Agree on and oversee the most suitable remedial solutions, controls, and safeguards for the organisation.
• Support the delivery of security awareness programs to educate staff on security best practices and promote a security first culture throughout the organisation.
• Build and maintain strong relationships with internal and external stakeholders. Communicate effectively with senior leadership and other teams across CCS and wider Government.
• Represent the security function at a senior level and act as an escalation point for business stakeholders.

Person specification Essential Criteria

• Strong understanding of the UK Government Security Policy framework and its application across Government. Familiar with supporting frameworks such as the Cyber Assessment Framework (CAF), ISO 27001, and NCSC and NPSA guidance to ensure integrated protective security.
• Demonstrable experience in conducting threat and risk assessments, security audits and assurance activities to identify vulnerabilities and recommend proportionate mitigation. Skilled in applying risk-based approaches to inform protective security decisions and resilience planning.
• Experience in developing and implementing security policies, standards and governance frameworks aligned with risk appetite and standards. Able to translate strategic security objectives into procedures that ensure compliance and accountability.
• Proven ability to advise senior stakeholders on protective security matters, translating complex risks into actionable guidance. Effective communicator who promotes a strong security culture and aligns security priorities with business needs.
• Demonstrated resilience in demanding situations, including the management of security incidents. Proficient in coordinating and handling security breaches, with experience in post-incident analysis to identify vulnerabilities and suggest remedial actions.

Behaviours

We will assess you against these behaviours during the selection process: Leadership, Seeing the Big Picture, Making Effective Decisions.

Technical skills

We will assess you against these technical skills during the selection process: Protective Security - Practitioner, Risk understanding and mitigation - Practitioner, Applied Security Capability - Practitioner.

Alongside your salary of £57,954, Crown Commercial Service contributes £16,789 towards you being a member of the Civil Service Defined Benefit Pension scheme.

What we will offer you

• Competitive salary
• Generous pension scheme
• A discretionary non-contractual performance related bonus
• Working remotely in addition to working in advertised office location
• Flexi time scheme (available for B1-B6)
• Minimum 25 days annual leave to a maximum service related 30 days excluding bank holidays

The Civil Service is committed to attract, retain and invest in talent wherever it is found. We want to make our recruitment process accessible to everyone, so if there is any way that we can support you, please contact us.

Selection process details

This vacancy is using Success Profiles, and will assess your Behaviours and Technical skills. Candidates who are successful at sift will be contacted as soon as possible following the closing date and advised of the interview process in more detail.

Security

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check.

Nationality requirements

This Job Is Broadly Open To The Following Groups: UK nationals, nationals of the Republic of Ireland, nationals of Commonwealth countries who have the right to work in the UK, nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS).

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles.

Diversity and Inclusion

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.