Lead Cyber Governance Risk and Compliance Manager

About us

The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.

• Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.
• Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.
• Finally, we work in partnership with businesses every day, providing advance, finance and deal‑making support to those looking to start up, invest, export and grow.

The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission. The team have been nominated four times in a row for ‘Best Public Sector Employer’ at the Women in Tech awards and won the award in 2025!

About the role

Ready to break out of environments where cyber is an afterthought? Join DBT and help mature a security capability in a department that values expertise, moves quickly, and gives you the autonomy to drive meaningful change. This is a place where your skills won’t be sidelined, they’ll set the direction.

As part of DBT’s Cyber Security team, you will lead delivery of Cyber Governance, Risk and Compliance within the Governance, Risk and Compliance (GRC) function. Reporting to the Head of Cyber Governance, Risk and Compliance you will work with colleagues across Digital, Data and Technology (DDaT), and the wider Government Security Profession across government.

The GRC team plays a critical role in establishing governance, managing cyber risk, and maintaining system security assurance. They also deliver GovAssure, security training and user education, maintain security policy, set compliance standards, and manage the delivery of cyber audits. Consequently, this role requires strong leadership and acumen across cyber security and corporate disciplines to actively shape governance practices and provide expert advice to inform senior decision‑makers.

You will lead and support the uplift of organisational cyber posture within a broad remit, providing strong opportunity for personal development through empowerment to deliver within a growing government department. Indeed, in DBT we prioritise the wellbeing and careers of our Cyber professionals, with access to industry recognised training and civil service development pathways.

Main responsibilities

The post holder will be responsible for delivery across multiple areas within a complex cyber security portfolio. Experience across as many of the below as possible is desirable:

• Risk Management: Undertake and lead complex cyber risk assessments, including, where applicable, tailored threat analysis, supply chain risk assessment, and compliance with legislation, regulation and policy.
• Supplier Assurance and standards: Integrate assurance approaches to provide confidence that organisational security needs are met, aligning with UK Government standards such as the Government Security Policy Framework, ISO 27001, and NCSC Cyber Governance Code of Practice.
• Digital Programmes: Provide cyber expertise and lead cyber delivery of key digital programmes of work across the organisation, ensuring all works are conducted cognisant of risk and in compliance with governmental standards and best practice.
• Security Audits: Lead cyber audit activities, compliance reviews and penetration tests, including GovAssure and Secure by Design, collaborating with diverse stakeholders to implement mitigations through the programme lifecycle.
• User Education: Lead the strategic delivery of cyber security education and awareness across the organisation, developing auditable datasets that identify key areas for improvement and evidence knowledge uplift iteratively.
• Policy and Strategy: Champion and develop strategies, security policies, standards and procedures across the cyber governance, risk and compliance portfolio ensuring they remain responsive to evolving threats and business requirements.
• Third Party engagement: Support arm's length bodies and partner organisations to uplift their cyber security posture, standardising and sharing knowledge to align with departmental approaches, governmental standards and best practice wherever possible.
• Provide Expert Advice: Offer specialist cyber security and data protection guidance to risk owners and stakeholders, enabling informed, risk‑based decisions.
• Stakeholder Engagement: Build strong relationships with internal and external stakeholders, including senior leaders, to enhance organisational cyber security capability.
• Promote Best Practice: Act as an advocate for cyber security best practice within DBT and across government, engaging with peers in the public sector and industry.

If you have some, but not all of the above, we would like to hear from you!