Security Governance & Cloud Risk Lead in Radcliffe on Trent

Corporate Hub Salary: £58,589 Band UKRI Band F Contract Type Open Ended‑Permanent (Compressed hours & flexible working patterns available) Hours Full‑time (flexible working available) Location Keyworth, Nottingham or Polaris House, Swindon – Hybrid working available. Closing Date Sunday 14th June 2026.

Step into the world where cutting‑edge science meets robust information security. Protect the technology that powers groundbreaking discoveries and be part of the team that safeguards the future of Big Science. Collaborate with leading engineers, researchers, and technologists to tackle the most pressing security challenges in a fast‑paced, innovative environment.

Role Summary: The UKRI CIO Group manages and optimises the organisation’s critical enterprise technical services. Within the group, a team of Information Security Professionals support the delivery of modern, secure, resilient and scalable services across a federated team of Digital, Data and Technology professionals to deliver impact across the organisation and the wider UK research and innovation system.

Key Responsibilities:

• Own and lead UKRI’s Information Security Governance, Risk and Assurance framework.
• Operate and continuously improve the Information Security Management System (ISMS).
• Provide end‑to‑end security assurance for cloud and enterprise services (AWS and Azure).
• Define and maintain UKRI’s security policy and control framework.
• Enable and support risk ownership across UKRI’s federated technology and business teams.
• Develop and maintain meaningful security metrics, dashboards and management information.
• Define, deliver and track a multi‑year security governance, risk and assurance roadmap.
• Lead security assessment, testing and remediation activity.
• Provide ongoing oversight of supplier and third‑party security risk.
• Establish and maintain enterprise visibility of assets, services and data risk context.
• Provide governance leadership across incident management, people, suppliers and assurance partnerships.
• Ensure governance‑level oversight of significant security incidents.

Security Clearance: Applicants must be eligible for clearance in line with UK National vetting guidelines and willing to undertake the process. Candidates not meeting this level of clearance will not be considered.

Personal Specification (Essential):

• Degree in a related subject or relevant comparable education.
• Professional qualification (e.g., CISM, CISSP, CCSP, ISO 27001 Lead Implementer/Lead Auditor).
• Effective decision‑making, communication and interpersonal skills, with the ability to adapt communication style and approach to different environments and audiences.
• Self‑motivated, shows initiative and works with minimal direction, demonstrating strong customer focus.
• Changing and improving processes, systems, and people to achieve positive outcomes.
• Strong knowledge of information security governance, risk management and compliance, including operating within an ISO/IEC 27001 management system.
• In‑depth understanding of cloud security principles and practices for AWS and Azure, including secure configuration, identity, logging, network controls and data protection.
• Ability to coordinate and communicate security risk issues at a senior level and propose solutions that are appropriate, proportionate and effective.
• Strong problem‑solving and analytical skills, including interpreting technical evidence and translating it into business risk.

Benefits:

• An outstanding defined benefit pension scheme.
• 30 days annual leave in addition to 10.5 public and privilege days (full‑time equivalent).
• Employee discounts and offers on retail and leisure activities.
• Employee assistance programme, providing confidential help and advice.
• Flexible working options.
• Many more benefits and wellbeing initiatives that enable our employees to have a great work‑life balance.