Senior Cyber, Governance, Risk and Compliance Manager in Salford

The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways. Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly. Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements. Finally, we work in partnership with businesses every day, providing advance, finance and deal‑making support to those looking to start up, invest, export and grow.

The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission. The team have been nominated four times in a row for ‘Best Public Sector Employer’ at the Women in Tech awards and won the award in 2025!

Ready to move into a space where cyber isn’t an afterthought but a priority? Join DBT and help mature a security capability in a department that values expertise, moves quickly, and gives you the autonomy to drive meaningful change. This is a place where your skills won’t be sidelined, they’ll set the direction.

The GRC team plays a critical role in establishing governance, managing cyber risk, and maintaining system security assurance. They also deliver GovAssure, Secure by Design, security training and user education, maintain security policy, set compliance standards, and manage the delivery of cyber audits. Consequently, this role requires strong acumen across cyber security and corporate disciplines to actively shape governance practices and provide expert advice to inform decision‑makers.

Sitting at the heart of DBT’s Cyber Security function, as a Senior Cyber Governance, Risk and Compliance (GRC) Manager, you will play a central role in maturing the organisation’s cyber governance model, completing risk assessments, driving assurance activity, and helping to embed strong security culture across DBT. Working closely with Lead GRC Managers and collaborating with colleagues across Cyber Security, DDaT, and the wider Government Security Profession, this is a role that blends strategic thinking with hands on delivery. You will support the uplift of organisational cyber posture within a broad remit, providing strong opportunity for personal development through empowerment to deliver within a growing government department. Indeed, in DBT we prioritise the wellbeing and careers of our Cyber professionals, with access to industry recognised training and civil service development pathways.

Main responsibilities

• Risk Management: Undertake complex cyber risk assessments, including, where applicable, tailored threat analysis and supply chain assurance, in compliance with appropriate legislation, regulation and policy.
• Digital Programmes: Provide cyber expertise and actively contribute to the delivery of key digital programmes of work across the organisation, ensuring all works are conducted cognizant of risk and in compliance with governmental standards and best practice, including ISO 27001, NCSC guidance, NIST CSF, NIS regulations and internal policy requirements.
• Security Audits: Manage cyber audit activities, compliance reviews and penetration tests, including GovAssure and Secure by Design, collaborating with diverse stakeholders to implement mitigations throughout programme lifecycles.
• User Education: Deliver cyber security education and awareness training across the organisation, developing auditable datasets that identify key areas for improvement and evidence knowledge uplift iteratively.
• Policy and Strategy: Contribute to the production and delivery of cyber strategies, security policies, standards and procedures across the cyber governance, risk and compliance portfolio ensuring they remain responsive to evolving threats and business requirements.
• Third party engagement: Support arm's length bodies and partner organisations to uplift their cyber security posture, standardising and sharing knowledge to align with departmental approaches, governmental standards and best practice wherever possible.
• Provide specialist cyber guidance: Offer specialist cyber security and data protection guidance to risk owners and stakeholders, enabling informed, risk‑based decisions, while acting as an advocate for best practice within DBT and across government, engaging with peers in the public sector and industry.
• Stakeholder Engagement: Build strong relationships with internal and external stakeholders, including senior leaders, to enhance organisational cyber security capability.