Head of Cyber and Information Security

We are currently looking for a Head of Cyber and Information Security to join our Technology & Service Operations Function within the Digital & Technology group.

This is a full-time opportunity, on a permanent basis. The role will be based in 10 South Colonnade, Canary Wharf London, E14 4PU or South Mimms, Hertfordshire. Please be aware that this role can only be worked in the UK and not overseas.

Government departments and agencies are working towards implementing a minimum 60% attendance in office sites.

We are currently implementing a flexible, hybrid way of working, with a minimum of 8 days per month working on site to enable the collaboration and contact with partners and stakeholders needed to deliver MHRA business. Attendance on site is driven by business needs so depending on the nature of the role, this can flex up to 12 days a month, with the remainder of time worked either remotely or in the office. Some roles will need to be on site more regularly.

This role will also be required to participate in the Agency’s out of hours on-call rota on a periodic basis. An on-call payment will be added to the salary depending on the frequency of participation in the rota.

A Digital Allowance of up to £20,000 per annum may be available for exceptional candidates based on our assessment of your skills and experience. This allowance is non-pensionable and may change on an annual basis.

Who are we?

The Medicines and Healthcare products Regulatory Agency enhance and improve the health of millions of people every day through the effective regulation of medicines and medical devices, underpinned by science and research.

The Digital and Technology Group (DTG) lies at the heart of the Agency and is responsible for delivering an optimised IT infrastructure and maximising the secure use of data to enable our scientists, inspectors, and the rest of the organisation to deliver world class services which can improve outcomes for patients and the public. The Group was essential in the race to approve COVID-19 vaccines in 2020 and in supporting the UK to set up its own medicines and devices approvals systems following our exit from the EU. The work we do matters!

Its centre of excellence is also responsible for delivering a broad portfolio of change initiatives, both to transform the Agency’s legacy technologies and to deliver innovative new solutions, designed around our customers’ needs. DTG works in a holistic way to combine digital and technology change, data and information management, project delivery, business process, product management and cultural change to maximise our impact and ensure sustainability.

We plan to be at the heart of one of the most digitally advanced medical regulators in the world and we need people who can help us deliver that ambition. DTG is a great place to build your career, and we are committed to enabling our people to do the best work of their lives.

The Technology & Service Operations function is responsible for managing the existing IT infrastructure including both software and hardware, databases, and other technology platforms; leading the support and maintenance of applications; development and testing of new applications and platforms; and cyber and information security for the Agency.

What’s the role?

The Head of Cyber and Information Security is responsible for leading the agency’s Cyber and information Security specialism. They provide strategic direction, security risk management, ensure compliance with security standards, anticipate challenges, drive performance and build the capability required to ensure the security of the Agency’s information and services. They also support the Agency’s Senior Information Risk Owner (SIRO) in securing and assuring the department’s information and data assets.

Key responsibilities:

• Provide strong leadership to the Cyber and Information Security team and act as a role model for MHRA’s Information Security community, modelling Civil Service values to foster and develop the profession.
• Lead the delivery of the MHRA’s cyber security strategy. Identify required workstreams, develop and monitor delivery plans, bid for required resources, and support other teams in their work to implement strategic initiatives. Provide technical input and assurance to both new and legacy capabilities, ensuring that they meet DTG\’s Secure by Design standards.
• Lead and manage the Cyber and Information Security team within DTG, managing the team’s budget to ensure efficient and effective use of public money and developing the team to ensure they have the skills and capabilities to excel and develop their careers.
• Lead the cyber programme and manage budget for programme and cyber and information security operations.
• Work proactively across other MHRA directorates to engage and advise on cyber security strategy. Providing advice to the SIRO, Security Risk Working Group, Board and senior department heads on MHRA’s information and cyber security posture and be the deputy and present as needed.
• Act as the key point of contact to a wide range of internal and external stakeholder including NCSC, DHSC, NHSE, other Arm’s Length Bodies (ALBs) within the cluster for all cyber security related matters.
• Manage relationships and contracts with external third parties delivering cyber and information security services for the Agency, ensuring they comply with relevant standards and deliver high quality outcomes on time and to budget.
• Evaluating and managing information and cyber security operational risks for MHRA, including trend analysis and data interpretation.
• Maintain a thorough understanding of the evolving cyber threat picture, particularly as it pertains to MHRA. Ensure that the information risk picture is continually updated.

Who are we looking for?

Our successful candidate will have:

• Membership of ISACA, or willingness to obtain membership of a relevant Professional Body such as The Security Institute
• Demonstrable experience in Leading Security investigations, including responding to incidents involving malware, data loss, or network intrusion
• Experience of in setting cyber and information security strategy, engaging, advising and influencing at all levels of an organisation
• Ability to lead the implementation of cyber and information security strategy.

If you would like to find out more about this fantastic opportunity, please read our Job Description and Person Specification!

The selection process:

We use the Civil Service Success Profiles to assess our candidates, find out more here .

• Online application form , including questions based on the Behaviour, Experience and Technical Success Profiles. Please ensure all application questions are completed in full; your application may not be considered if any responses are left blank. Our applications are CV blind, and our Hiring Managers will not be able to access your CV when reviewing your application.
• Presentation , to be prepared as part of your interview. Candidates will present using slides and will be assessed on the Behaviour criteria – Leadership and the Experience criteria – Significant experience of leading a multi-disciplinary team of cyber and information security professionals and leading the delivery of a cyber programme
• Interview , which can include questions based on the Behaviour, Experience, Technical and Strengths Success Profiles.

In the instance that we receive a high number of applications, we will hold an initial sift based on the lead criteria of Technical – membership of ISACA, or willingness to obtain membership of a relevant Professional Body such as The Security Institute .

Applicants are assessed on whether they meet any mandatory requirements as well as the necessary skills and experience for the role. Applications are scored based on the competency-based answers provided – ensure you have read these thoroughly and allow sufficient time. You can view the competencies for this role in the job description.

Use of AI in Job Applications

Applicants must ensure that anything submitted is factually accurate and truthful . Plagiarism can include presenting the ideas and experience of others, or generated by artificial intelligence, as your own.

If you require any disability related adjustments at any point during the process, please contact as soon as possible.

Closing date: 31 March 2025

Shortlisting date: 07 April 2025

Interview date: 22 – 25 April 2025

Candidates will be contacted within a week of the sift and the interviews completed to inform them of the outcome.

If you need assistance applying for this role or have any other questions, please contact

Candidates will be subject to UK immigration requirements as well as Civil Service nationality rules. Further information on whether you are able to apply is available here .

Successful candidates must pass a disclosure and barring security check as well as animal rights and pro-life activism checks. People working with government assets must complete basic personnel security standard checks . For this role, successful candidates must also meet additional security requirements before they can be appointed. The level of security needed is security clearance.

Applicants who are successful at interview will be, as part of pre-employment screening subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment. A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

Any move to the MHRA from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility here .

Successful candidates may be subject to annual Occupational Health reviews dependent on role requirements. If you have any queries, please contact .

In accordance with the Civil Service Commissioners’ Recruitment Principles our recruitment and selection processes are underpinned by the requirement of selection for appointment on the basis of merit by a fair and open competition. If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, you should firstly contact Mira Mepa, Head of Recruitment and Operations, .

If you are not satisfied with the response you receive, you can contact the Civil Service Commission at: civilservicecommission.independent.gov.uk

Civil Service Commission

Room G/8

1 Horse Guards Road

London

SW1A 2HQ

#J-18808-Ljbffr