Information Security Governance and Risk Manager in Nottingham

Step into the world where cutting‑edge science meets robust information security. Protect the technology that powers groundbreaking discoveries and be part of the team that safeguards the future of Big Science. Here, you’ll collaborate with leading engineers, researchers, and technologists to tackle the most pressing security challenges in a fast‑paced, innovative environment. Every day offers you the chance to defend vital data and systems, ensuring that the pursuit of scientific excellence continues securely and seamlessly. Discover the difference you can make when you bring your expertise in information security to an organisation at the forefront of global research – working alongside some of the brightest minds and most advanced facilities in the world.

Security: As a minimum, due to the nature of this role, candidates must be eligible for clearance in line with UK National vetting guidelines and willing to undertake the process. Please indicate eligibility in the written submission. Candidates not meeting this level of clearance will not be considered. The level of clearance required is security check.

About the role: The UKRI CIO Group plays a pivotal role in managing and optimising the organisations critical enterprise technical services that underpin and enable UKRI’s business capabilities. Within the group, a team of Information Security Professionals support the delivery of modern, secure, resilient and scalable services across a larger federated team of Digital, Data and Technology professionals to deliver impact across the organisation and the wider UK research and innovation system. Join us for this rare opportunity to apply your experience in information security governance, risk and assurance in a dynamic, fast‑paced strategic role in an organisation at the heart of research and innovation in the UK.

Your responsibilities:

• Own and lead UKRI’s Information Security Governance, Risk and Assurance framework.
• Own, operate and continuously improve the Information Security Management System (ISMS).
• Provide end‑to‑end security assurance for cloud and enterprise services (AWS and Azure).
• Define and maintain UKRI’s security policy and control framework.
• Enable and support risk ownership across UKRI’s federated technology and business teams.
• Develop and maintain meaningful security metrics, dashboards and management information.
• Define, deliver and track a multi‑year security governance, risk and assurance roadmap.
• Lead security assessment, testing and remediation activity.
• Provide ongoing oversight of supplier and third‑party security risk.
• Establish and maintain enterprise visibility of assets, services and data risk context.
• Provide governance leadership across incident management, people, suppliers and assurance partnerships.
• Ensure governance‑level oversight of significant security incidents.

Personal Specification: The below criteria will be scored during Shortlisting (S), Interview (I) or both (S&I). Applicants will be able to demonstrate skills in line with the cyber security risk manager roles using the Government Security Profession career framework.

Essential:

• Degree in a related subject or relevant comparable education. (S)
• A professional qualification (e.g., CISM, CISSP, CCSP, ISO 27001 Lead Implementer/Lead Auditor). (S)
• Effective decision‑making, communication and interpersonal skills, with the ability to adapt communication style and approach to different environments and audiences. (I)
• Self‑motivated, shows initiative and works with minimal direction, demonstrating strong customer focus. (S&I)
• Changing and improving processes, systems, and people to achieve positive outcomes. (S&I)
• Strong knowledge of information security governance, risk management and compliance, including operating within an ISO/IEC 27001 management system. (S&I)
• In‑depth understanding of cloud security principles and practices for AWS and Azure, including secure configuration, identity, logging, network controls and data protection. (S&I)
• Ability to coordinate and communicate security risk issues at a senior level and propose solutions that are appropriate, proportionate and effective. (S&I)
• Strong problem‑solving and analytical skills, including interpreting technical evidence and translating it into business risk. (S&I)

Behaviours:

• Managing a quality service
• Changing and improving
• Delivering at pace
• Seeing the Big Picture

Benefits:

• An outstanding defined benefit pension scheme
• 30 days' annual leave in addition to 10.5 public and privilege days (full time equivalent)
• Employee discounts and offers on retail and leisure activities
• Employee assistance programme, providing confidential help and advice
• Flexible working options

We recognise and value our employees as individuals and aim to provide a favourable pay and rewards package. We are committed to supporting employees' development and promote a culture of continuous learning!

We encourage candidates to apply as soon as possible, as we reserve the right to close this vacancy early.