Security Risk and Assurance Lead
Security Risk and Assurance Lead
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Job description
Job Title: Security Risk and Assurance Lead
Band: 5
Salary: 57954 - 65400
Location: Liverpool/Newport/Norwich/Birmingham
Terms: Permanent
Hours: Full Time/Compressed Hours
Closing Date: 17/07/25
Insight into CCS - Webinar
Dont miss out on gaining valuable insight into CCS and our recruitment process!
Join us on Monday 7th July at 5:30 PM. Please use this link to register your attendance for this session or any of our upcoming sessions.
Are you ready to lead on protective security advising with authority managing risk with precision and ensuring governance that protects CCS and upholds Government security standards
Job Summary
The Security Risk and Assurance Lead will focus on protective security across various domains including personnel cyber and supplier risks. This role will ensure adherence with Government standards and regulations while delivering assurance.
The successful candidate will provide expert security advice develop risk management strategies and foster a culture of awareness building strong relationships with key stakeholders across the organisation and government.
Directorate Overview
Finance Planning and Performance oversees our financial reporting develops budgets and projections formulates business plans tracks implementation progress measures success metrics and manages corporate risk.
Team Summary
The Security and Assurance Team is a multidisciplinary unit dedicated to maintaining holistic security within CCS. This team plays a crucial advisory role encompassing governance risk management and assurance across various security pillars including cyber personnel and physical security incident response and supplier security. Through a collaborative approach the team ensures that comprehensive security measures are integrated and effectively managed across all areas of the enterprise.
Key Accountabilities
Lead the analysis and derivation of business-supporting security needs undertake protective security related risk assessments conduct tailored threat assessment and other risk management activities and ensure activities are consistent with applicable regulations and legislation
Independently undertake risk management activities within a given area of practice or expertise usually within established security and risk management governance structures
Provide assurance by identifying deficiencies in the testing monitoring and management of security controls ensuring ongoing compliance with legal regulatory and organisational standards for robust data protection
Provide expert security advice that highlights protective security related risks so risk or service owners can make well-informed and auditable decisions
Develop risk management-related policies and assurance frameworks ensuring their ongoing relevance and compliance with regulatory standards as well as broader organisational and government policies
Provide tailored expert advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities using published guidance standards and drawing on a range of experts as well as personal expertise
Review internal controls after a security breach providing advice on fixing any vulnerabilities found. Agree on and oversee the most suitable remedial solutions controls and safeguards for the organisation
Support the delivery of security awareness programs to educate staff on security best practices and promote a security first culture throughout the organisation
Build and maintain strong relationships with internal and external stakeholders. Communicate effectively with senior leadership and other teams across CCS and wider Government
Represent the security function at a senior level and act as an escalation point for business stakeholders
Essential Criteria (to be assessed at application stage):
Strong understanding of the UK Government Security Policy framework and its application across Government. Familiar with supporting frameworks such as the Cyber Assessment Framework (CAF) ISO 27001 and NCSC and NPSA guidance to ensure integrated protective security
Demonstrable experience in conducting threat and risk assessments security audits and assurance activities to identify vulnerabilities and recommend proportionate mitigation. Skilled in applying risk-based approaches to inform protective security decisions and resilience planning
Experience in developing and implementing security policies standards and governance frameworks aligned with risk appetite and standards. Able to translate strategic security objectives into procedures that ensure compliance and accountability
Proven ability to advise senior stakeholders on protective security matters translating complex risks into actionable guidance. Effective communicator who promotes a strong security culture and aligns security priorities with business needs
Demonstrated resilience in demanding situations including the management of security incidents. Proficient in coordinating and handling security breaches with experience in post-incident analysis to identify vulnerabilities and suggest remedial actions
Success Profiles (to be assessed at interview):
You will be assessed against the following Behaviours:
Leadership
Seeing the big picture
Making effective decisions
You will also be assessed against the following Technical skills linked to the Government Security Profession Career Framework:
Protective Security - Practitioner
Risk understanding and mitigation - Practitioner
Applied Security Capability - Practitioner
(A link to the Civil Service Success Profiles Framework is provided below)
What we will offer you here are some of the benefits you can expect:
Competitive salary
Generous pension scheme
A discretionary non-contractual performance related bonus
Working remotely in addition to working in advertised office location
Flexi time scheme (available for B1-B6)
Minimum 25 days annual leave to a maximum service related 30 days excluding bank holidays
Explore fully how we will reward your work.
Want to make a difference Find out more about the rewarding work that we do in our candidate pack.
The Civil Service is committed to attract retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil ServiceD&I Strategy.
We want to make our recruitment process accessible to everyone so if there is any way that we can support you please contact
Working flexibly delivering outcomes
CCS is a flexible business with a smarter working model where our colleagues benefit from a mix of home and office working. Successful candidates are expected to work from one of the office locations listed. Our current office attendance approach requires a minimum of 26 days per quarter (approx 2 days per week which may be subject to change) in CCS office locations or off site meetings with suppliers customers partners networking / industry events. This is pro rata for those who work part time. Our smarter working principles mean that our people have the advantage of both office and offsite based collaboration and learning as well as working from home. This way of working allows us to honour our commitment to being a responsible business offer flexibility and better work life balance as well as ensuring we deliver our business with confidence and in accordance with our CCS values.
Selection Process
Candidates who are successful at sift will be contacted as soon as possible following the closing date and advised of the interview process in more detail. The sift will commence WC 21st July and interviews will be held WC 4th August either at one of our offices or via video with interview times and dates to be confirmed. (Subject to change)
To find out more about our recruitment process please click here
Please note: Artificial Intelligence can be a useful tool to support your application however all examples and statements provided must be truthful factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others or generated by artificial intelligence as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.
A reserve list may be held for up to 12 months which the Civil Service may use to fill future suitably similar vacancies across government for candidates who are considered appointable following interview. Should you be placed on a reserve list and want to be removed please contact
Complaints procedure
Our recruitment processes are underpinned by the principle of selection for appointment on merit on the basis of fair and open competition as outlined in the Civil Service Commissioners Recruitment Principles details of which can be found at
If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint you should contact in the first instance.
If you remain unsatisfied with the response you receive you can then contact the Civil Service Commission at
Working for the Civil Service
The Civil Service Code sets out the standards of behaviour expected of civil servants.
Complaints Procedure
Our recruitment processes are underpinned by the principle of selection for appointment on merit on the basis of fair and open competition as outlined in the Civil Service Commissions Recruitment Principles details of which can be found at you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint you should contact in the first instance.
If you remain unsatisfied with the response you receive you can then contact the Civil Service Commission at
Internal candidates should apply using their Workday account. Please use the careers hub for your application.
Employment Type
Full-Time
