Information Security Governance, Risk and Assurance Lead in Swindon

Information Security Governance, Risk and Assurance Lead in Swindon

Swindon Full-Time 46743 - 46743 £ / year (est.) Home office (partial)
UKRI

At a Glance

  • Tasks: Enhance security governance and manage risk in a dynamic research environment.
  • Company: Join a leading organisation at the forefront of global research and innovation.
  • Benefits: Enjoy 30 days annual leave, flexible working, and a defined benefit pension scheme.
  • Other info: Opportunity for career growth in a fast-paced, innovative setting.
  • Why this job: Make a real impact on information security while collaborating with top professionals.
  • Qualifications: Experience in information security governance and risk management is essential.

The predicted salary is between 46743 - 46743 £ per year.

Salary: £46,743

Band: UKRI Band E

Contract Type: Open Ended – Permanent

Hours: Full-time (Compressed hours & flexible working patterns available)

Location: Keyworth, Nottingham or Polaris House, Swindon – Hybrid working available

Closing Date: Sunday 19th July 2026

Step into the world where cutting‑edge science meets robust information security. Protect the technology that powers groundbreaking discoveries and be part of the team that safeguards the future of Big Science. Here, you’ll collaborate with leading engineers, researchers, and technologists to tackle the most pressing security challenges in a fast‑paced, innovative environment. Every day offers you the chance to defend vital data and systems, ensuring that the pursuit of scientific excellence continues securely and seamlessly.

Discover the difference you can make when you bring your expertise in information security to an organisation at the forefront of global research – working alongside some of the brightest minds and most advanced facilities in the world.

Security: Due to the nature of this role, candidates must be eligible for clearance in line with UK National vetting guidelines and be willing to undertake the process. Candidates not meeting this level of clearance will not be considered.

About the Role: The UKRI CIO Group plays a pivotal role in managing and optimising the organisation’s critical enterprise technical services that underpin and enable UKRI’s business capabilities. Within the group, a team of Information Security Professionals supports the delivery of modern, secure, resilient and scalable services across a larger federated team of Digital, Data and Technology professionals to deliver impact across the organisation and the wider UK research and innovation system.

Join us for this rare opportunity to apply your expertise in information security in a dynamic, fast‑paced security operational, risk, compliance and assurance role at the heart of research and innovation in the UK. Working as part of a team of technical specialists, your broad remit is to drive the implementation of our ambitious information security roadmap and support the Information Security Governance and Risk Manager and Head of Information Security to mature our information security function.

This Band E role focuses on strengthening governance, risk management and assurance across UKRI’s security operations, ensuring that information assets remain protected, risks are understood and mitigated, and security processes operate effectively across a complex federated environment.

Your Responsibilities:

  • Operate and enhance UKRI’s security governance, risk and assurance framework, ensuring controls remain appropriate, effective and aligned to organisational risk.
  • Perform security risk assessments for systems, services, projects and suppliers, producing clear risk treatment recommendations.
  • Lead the coordination and delivery of assurance activities across operational security domains (e.g., SOC processes, vulnerability management, incident response, identity and access management).
  • Monitor operational security performance, control effectiveness and compliance against internal policies and external frameworks including NIST CSF, ISO 27001 and the Government Cyber Assessment Framework.
  • Manage and improve processes for evidence gathering, audit preparation, remediation planning and control validation.
  • Conduct gap analyses following audits, incidents or assessments, ensuring remediation actions are tracked and delivered.
  • Work closely with technology teams and service owners to integrate good governance and risk practices into operational workflows (“secure by design”).
  • Provide specialist advice to operational teams on risk, compliance obligations, and best‑practice implementation.
  • Produce enterprise‑level assurance reporting, including metrics, dashboards and trend analysis to support senior decision‑making.

Personal Specification: The below criteria will be scored during Shortlisting (S), Interview (I) or both (S&I).

Essential:

  • Experience in information security governance, risk management or security operations in a complex organisation. (S&I)
  • Proven ability to conduct security risk assessments and operational assurance reviews. (S&I)
  • Good knowledge of cyber security and information assurance frameworks (NIST CSF, ISO 27001, CAF). (S&I)
  • Experience supporting audits, compliance assessments or continuous monitoring activities. (S&I)
  • Ability to interpret complex technical and procedural information to provide clear recommendations. (I)
  • Strong analytical skills and experience producing meaningful risk and assurance reporting. (S&I)

Benefits:

  • An outstanding defined benefit pension scheme
  • 30 days’ annual leave in addition to 10.5 public and privilege days (full time equivalent)
  • Employee discounts and offers on retail and leisure activities
  • Employee assistance programme, providing confidential help and advice
  • Flexible working options

Information Security Governance, Risk and Assurance Lead in Swindon employer: UKRI

Join a pioneering organisation at the forefront of global research, where your expertise in information security will play a crucial role in safeguarding vital data and systems. With a strong commitment to employee growth, flexible working options, and an outstanding benefits package including a defined benefit pension scheme and generous annual leave, UKRI fosters a collaborative and innovative work culture that empowers you to make a meaningful impact alongside some of the brightest minds in science. Experience the unique advantage of contributing to groundbreaking discoveries while enjoying a supportive environment that prioritises your professional development.

UKRI

Contact Details:

UKRI Recruitment Team

StudySmarter Expert Advice🤫

We think this is how you could land Information Security Governance, Risk and Assurance Lead in Swindon

Get Involved in the Cybersecurity Community

Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!

Show Off Your Skills with Capture the Flag Competitions

Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including UKRI, love seeing candidates who actively engage in these challenges.

Tailor Your Online Presence

Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!

Apply Directly Through UKRI

Don’t forget to head straight to our website and check out any openings for cybersecurity roles at UKRI. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.

We think you need these skills to ace Information Security Governance, Risk and Assurance Lead in Swindon

Information Security Governance
Risk Management
Security Operations
Security Risk Assessments
Operational Assurance Reviews
Cyber Security Frameworks (NIST CSF, ISO 27001, CAF)
Audit Support

Some tips for your application 🫡

Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!

Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!

Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at UKRI insight into your practical problem-solving abilities and makes your application memorable.

Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to UKRI that you’re committed to staying ahead in the game.

How to prepare for a job interview at UKRI

Sharpen Your Technical Skills

For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.

Prepare for Scenario-Based Questions

Expect the interviewers at UKRI to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.

Highlight Your Certifications

Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at UKRI.

Show Your Passion for Cybersecurity

Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.