Cyber Security Risk Manager - Lead x2

Job Title: Cyber Security Risk Manager - Lead x2
Contract Type: Contract
Location: England
Salary: Up to £0.00 per annum
Start Date: ASAP
Reference: BBBH30070_1650447698
Contact Name: Tara Hibbott
Contact Email:
Job Published: April 20, 2022 10:41

Job Description

Cyber Security Risk Manager - Lead
SC Clearance ideally
Remote (anywhere inside the UK)
6 months

The Role

The Cyber Security Risk Manager - Lead role forms part of the Advisory Security team within the Security and Information Management Division at the organisation. The role reports to the Cyber Security Risk Manager

The primary focus of the role is to provide the Organisation with security advice and best practice to develop 'Secure by Design' protections for organisational assets and embed the ONS Security Framework - principles; policies; processes; threat model; security risk management into the ONS.

Key outcomes from the role are the identification of security risk within the business context, the identification of appropriate mitigation approaches for business selection and the management of these options through to implementation within the live service. The security advice provided will be informed by threat, vulnerability and risk analysis for business and third parties.

The focus, outcomes and responsibilities are aligned to the Government Security Profession framework of the Cyber Security Risk Manager and Security Architect.

Key Responsibilities

  1. Supporting the development of business-focused security solutions for digital products and business operations that cover data collection, storage and processing, deployed both internally and externally.
  2. Identifying security threat and risk to the Organisation's digital products and business operations being developed through Agile methodologies and Supplier processes.
  3. Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation.
  4. Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures.
  5. Liaising with the Organisation's business, technology and security colleagues to ensure various business needs are understood and applied, including providing general security architecture, guidance and advice to the stakeholders.
  6. Advising on opportunities for using secure and open-source products and any implications of such an approach
  7. Ensure that security policies and security controls remain appropriate and proportionate to the assessed risks, and are responsive and adaptable to the changing threat environment, business requirements and ONS policies.
  8. Provide tailored advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise.
  9. Provide expert security advice that highlights Cyber Security related risks, so risk or service owners can make well-informed and auditable decisions.
  10. Capable of supporting ONS Security customers by recommending and applying security architecture, principles and practices to guide the organisation and business through the information security process and technology changes necessary to achieve the business objectives security.

Person Specification


  • Expert knowledge of application, infrastructure and networking security controls and systems covering physical, procedural and technical (ICT) areas, particularly in relation to data management.
  • Experienced in providing detailed security advice and technical security solutions in a UK Government Department.
  • Good knowledge of UK Government Security Policy Framework, Information Assurance Standards, e.g. ISO 27001, DPA.
  • Track record in working as part of a multi divisional team covering a multi-discipline environment.
  • HMG Vetting at Security Clearance (SC) and if appropriate Developed Vetting (DV) level will be required once in role.


  • Willing to work towards or obtain relevant professional qualifications and memberships e.g. Senior Practitioner level within the CESG Certified Professional scheme (CCP), SFIA Level 4-6, Institute of Information Security Professionals (IISP), British Computer Society (BCS).
  • Willing to work towards or obtain appropriate Cloud Security industry recognised qualifications e.g. Certified Cloud Security Professional (CCSP), CSA Certificate of cloud security knowledge (CCSK).