Senior Information Security Risk Manager

We are currently looking for a Senior Information Security Risk Managerto join our Technology & Service OperationsFunction within the Digital & Technology group.

This is a fulltime opportunity on a permanent basis. The role will be based in 10 South Colonnade Canary Wharf London E14 4PU or South Mimms Hertfordshire. Please be aware that this role can only be worked in the UK and not overseas.

Government departments and agencies are working towards implementing a minimum 60 attendance in office sites.

We are currently implementing a flexible hybrid way of working with a minimum of 8 days per month working on site to enable the collaboration and contact with partners and stakeholders needed to deliver MHRA business. Attendance on site is driven by business needs so depending on the nature of the role this can flex up to 12 days a month with the remainder of time worked either remotely or in the office. Some roles will need to be on site more regularly.

A Digital Allowance of up to 15000 per annum may be available for exceptional candidates based on our assessment of your skills and experience. This allowance is nonpensionable and may change on an annual basis.

Who are we

The Medicines and Healthcare products Regulatory Agency enhance and improve the health of millions of people every day through the effective regulation of medicines and medical devices underpinned by science and research.

The Digital and Technology Group (DTG) lies at the heart of the Agency and is responsible for delivering an optimised IT infrastructure and maximising the secure use of data to enable our scientists inspectors and the rest of the organisation to deliver world class services which can improve outcomes for patients and the public. The Group was essential in the race to approve COVID19 vaccines in 2020 and in supporting the UK to set up its own medicines and devices approvals systems following our exit from the EU. The work we do matters!

Its centre of excellence is also responsible for delivering a broad portfolio of change initiatives both to transform the Agencys legacy technologies and to deliver innovative new solutions designed around our customers needs. DTG works in a holistic way to combine digital and technology change data and information management project delivery business process product management and cultural change to maximise out impact and ensure sustainability.

We plan to be at the heart of one of the most digitally advanced medical regulators in the world and we need people who can help us deliver that ambition. DTG is a great place to build your career and we are committed to enabling our people to do the best work of their lives.

The Technology & Service Operations function is responsible for managing the existing IT infrastructure including both software and hardware databases and other technology platforms; leading the support and maintenance of applications; development and testing of new applications and platforms; and cyber and information security for the Agency.

Whats the role

This is an exciting role where you will drive the agencys information security agenda. You will be a skilled and experienced Information Security Manager looking for a rewarding and challenging role with the ability to lead and develop our team and build capability and capacity. This role exists to ensure that information security remains front and centre in our digital data and information transformation.

We need someone who can build relationships across the organisation to continuously improve the management of information risk. You will also build relationships with stakeholders outside the Agency including other Government health bodies and IT and Security delivery partners. Your role will include working with the Cyber Security Risk Manager and Data Protection Team to make riskbased decisions on strategic and tactical issues

The postholder will be expected to quickly get up to speed with agency culture and processes so you are in a stronger position to share and develop the culture around cyber security and privacy.

Key responsibilities:

• Provide management leadership development and strategic direction for the Information Security function and driving a culture of continuous improvement
• Horizon scanning for emerging information security risks and control technologies procuring and managing services and tooling and manage responses to security incidents and data breaches
• Review securityand privacy risks designs and decisions for new and existing technology solutions working closely with programme managers and digital delivery partners managing our information security architecture service and provide risk management and assurance to the Senior Information Risk Owner (SIRO) Security Risk Working Group (SRWG) and the Risk Assurance Group (RAG)
• Own maintain and embed appropriate cultural values of the agencys security strategy ensure continuous professional development through training communication and educational activities.

Who are we looking for

Oursuccessful candidatewill have:

• Certified CISM or CISSP qualifications or significant senior experience within the UK government security profession.
• Significant experience of working within a risk management framework making threat assessments and advising senior stakeholders on risk acceptance.
• A track record of providing strategic advice to senior leaders within a complex organisation providing constructive challenge and successfully influencing decisions using data and strategic insight to deliver wider objectives.
• Proven ability to develop and implement processes that ensure security and also meet the needs of the organization.

If you would like to find out more about this fantastic opportunity please read our Job Description and Person Specification!

Please note: The job description may not open in some internet browsers. Please use Chrome or Microsoft Edge. If you have any issue viewing the job description please contact

The selection process:

We use the Civil Service Success Profiles to assess our candidatesfind out more here.

• Online application form including questions based on theBehaviour Experience and Technical Success Profiles.Please ensure all application questions are completed in full; your application may not be considered if any responses are left blank. Our applications are CV blind and our Hiring Managers will not be able to access your CV when reviewing your application.
• Presentation to be prepared as part of your interview. Candidates will present using slides and will be assessed on the Experience criteria Communication between Technical and Nontechnical.
• Interview which can include questions based on theBehaviour Experience Technical and Strengths Success Profiles.

In the instance that we receive a high number of applications we will hold an initial sift based on the lead criteria of Delivering at Pace.

Applicants are assessed on whether they meet any mandatory requirements as well as the necessary skills and experience for the role. Applications are scored based on the competencybased answers provided ensure you have read these thoroughly and allowsufficienttime. You can view the competencies for this role in the job description.

Use of AI in Job Applications

Applicants must ensure that anything submitted is factually accurate and truthful. Plagiarism can include presenting the ideas and experience of others or generated by artificial intelligence as your own.

If you require any disability related adjustments at any point during the process please contact as soon as possible.

Closing date:24 March 2025

Shortlisting date: 28 March 2025

Interview date:7 April 2025

Candidates will be contacted within a week of the sift and the interviews completed to inform them of the outcome.

If you need assistance applying for this role or have any other questionsplease contact

Candidates will be subject to UK immigration requirements as well as Civil Service nationality rules.Further information on whether you are able to apply is availablehere.

Successful candidates must pass a disclosure and barring security check as well as animal rights and prolife activism checks. People working with government assets must completebasic personnel security standard checks. For this role successful candidates must also meet additional security requirements before they can be appointed. The level of security needed is security check.

Applicants who are successful at interview will be as part of preemployment screening subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicants details held on the IFD will be refused employment. A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

Any move to the MHRA from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes including TaxFree Childcare. Determine your eligibilityhere.

Successful candidates may be subject to annual Occupational Health reviews dependent on role requirements. If you have any queries please contact.

In accordance with the Civil Service Commissioners Recruitment Principles our recruitment and selection processes are underpinned by the requirement of selection for appointmenton the basis ofmerit by a fair and open competition. If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint you should firstly contact Mira Mepa Head of Recruitment and Operations.

If you are not satisfied with the response you receive you can contact the Civil Service Commission at:civilservicecommission.independent

Civil Service Commission

Room G/8

1Horse Guards Road

London

SW1A 2HQ