Cyber Security Risk and Assurance Manager

On behalf of UKRI we are looking for a Cyber Security Risk and Assurance Manager (Inside IR35) for a 5 month contract. Hybrid working with 1 day per week in Swindon.

We are seeking an experienced cyber security professional with a risk and assurance background underpinned with good technical knowledge to support the IT Service Readiness and Assurance project and facilitate the transition of the Simpler Better Funding Platform to Business as Usual (BAU). This role is pivotal in ensuring that security risks are identified, managed, and mitigated, and that assurance activities are conducted to uphold the integrity and security of IT services.

As a Cyber Security Risk and Assurance Manager your main responsibilities will be to:

* Develop, implement, and maintain security risk management frameworks, standards, and procedures in alignment with industry best practices and organisational objectives.
* Lead risk assessments and security reviews, identifying potential threats and vulnerabilities within a cloud software development environment.
* Coordinate the development and execution of risk mitigation plans, ensuring risks are appropriately managed prior to transition to BAU.
* Work with the Principle Security Architect and Enterprise Architecture function to ensure alignment to architectural best practice.
* Design and implement assurance processes to ensure compliance with security standards and regulatory requirements.
* Conduct audits, reviews, and assessments of services to ensure they meet security and assurance criteria.
* Prepare detailed reports and presentations on the status of security risks and assurance activities for senior management and stakeholders.
* Work closely with project teams to ensure appropriate security controls are integrated into the service transition process and risks are effectively captured and managed.
* Provide expert guidance and support during the transition to BAU, ensuring a secure and smooth handover of IT services.
* Develop and maintain a comprehensive risk register and assurance plan for the project, tracking progress and ensuring timely resolution of issues.
* Build and maintain strong relationships with internal and external stakeholders, ensuring clear communication and alignment on security and assurance matters.
* Act as a point of escalation for security-related issues, providing expert advice and resolution strategies.
* Support the Chief Information Security Officer and represent them as appropriate within the organisation.

Skills and Experience:

* Bachelor's degree in Information Security, Computer Science, or a related field.
* Professional certifications such as CISSP, CCSP, CISM, or CRISC.
* Extensive experience in cyber security risk management, preferably within a complex IT environment.
* Proven track record in conducting security assessments, audits, and assurance activities.
* Strong understanding of regulatory requirements and industry standards (e.g., ISO 27001, NIST, Cyber Assessment Framework).
* Agile Software Development Lifecycle experience.
* AWS knowledge and experience.
* Good leadership, communication, and stakeholder management skills.
* Strong analytical and problem-solving abilities, with a focus on delivering high-quality security and assurance outcomes.
* Public Sector experience.

Please be aware that this role can only be worked within the UK and not Overseas.

Disability Confident

As a member of the Disability Confident Scheme, UKRI guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. This scheme encourages candidates with a disability and/or neurodivergence to apply.

In applying for this role, you acknowledge the following "this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different".