Security Risk and Assurance Lead - #1795961

Job Title: Security Risk and Assurance Lead

Band: 5

Salary: £57,954 - £65,400

Location: Liverpool/Newport/Norwich/Birmingham

Terms: Permanent

Hours: Full Time/Compressed Hours

Closing Date: 17/07/25

Insight into CCS - Webinar

Don't miss out on gaining valuable insight into CCS and our recruitment process!

Join us on Monday 7th July at 5:30 PM. Please use this link to register your attendance for this session or any of our upcoming sessions.

Are you ready to lead on protective security, advising with authority, managing risk with precision and ensuring governance that protects CCS and upholds Government security standards?

Job Summary

The Security Risk and Assurance Lead will focus on protective security across various domains, including personnel, cyber, and supplier risks. This role will ensure adherence with Government standards and regulations while delivering assurance.

The successful candidate will provide expert security advice, develop risk management strategies, and foster a culture of awareness, building strong relationships with key stakeholders across the organisation and government.

Directorate Overview

Finance, Planning and Performance oversees our financial reporting, develops budgets and projections, formulates business plans, tracks implementation progress, measures success metrics and manages corporate risk.

Team Summary

The Security and Assurance Team is a multidisciplinary unit dedicated to maintaining holistic security within CCS. This team plays a crucial advisory role, encompassing governance, risk management, and assurance across various security pillars, including cyber, personnel and physical security, incident response, and supplier security. Through a collaborative approach, the team ensures that comprehensive security measures are integrated and effectively managed across all areas of the enterprise.

Key Accountabilities

• Lead the analysis and derivation of business-supporting security needs, undertake protective security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation
• Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures
• Provide assurance by identifying deficiencies in the testing, monitoring, and management of security controls, ensuring ongoing compliance with legal, regulatory, and organisational standards for robust data protection
• Provide expert security advice that highlights protective security related risks, so risk or service owners can make well-informed and auditable decisions
• Develop risk management-related policies and assurance frameworks, ensuring their ongoing relevance and compliance with regulatory standards as well as broader organisational and government policies
• Provide tailored expert advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise
• Review internal controls after a security breach, providing advice on fixing any vulnerabilities found. Agree on and oversee the most suitable remedial solutions, controls, and safeguards for the organisation
• Support the delivery of security awareness programs to educate staff on security best practices and promote a security first culture throughout the organisation
• Build and maintain strong relationships with internal and external stakeholders. Communicate effectively with senior leadership and other teams across CCS and wider Government
• Represent the security function at a senior level and act as an escalation point for business stakeholders

Essential Criteria (to be assessed at application stage):

• Strong understanding of the UK Government Security Policy framework and its application across Government. Familiar with supporting frameworks such as the Cyber Assessment Framework (CAF), ISO 27001, and NCSC and NPSA guidance to ensure integrated protective security
• Demonstrable experience in conducting threat and risk assessments, security audits and assurance activities to identify vulnerabilities and recommend proportionate mitigation. Skilled in applying risk-based approaches to inform protective security decisions and resilience planning
• Experience in developing and implementing security policies, standards and governance frameworks aligned with risk appetite and standards. Able to translate strategic security objectives into procedures that ensure compliance and accountability
• Proven ability to advise senior stakeholders on protective security matters, translating complex risks into actionable guidance. Effective communicator who promotes a strong security culture and aligns security priorities with business needs
• Demonstrated resilience in demanding situations, including the management of security incidents. Proficient in coordinating and handling security breaches, with experience in post-incident analysis to identify vulnerabilities and suggest remedial actions

Success Profiles (to be assessed at interview):

You will be assessed against the following Behaviours:

• Leadership
• Seeing the big picture
• Making effective decisions

You will also be assessed against the following Technical skills linked to the Government Security Profession Career Framework:

• Protective Security - Practitioner
• Risk understanding and mitigation - Practitioner
• Applied Security Capability - Practitioner

(A link to the Civil Service Success Profiles Framework is provided below)

Success Profiles Framework

What we will offer you, here are some of the benefits you can expect:

• Competitive salary
• Generous pension scheme
• A discretionary non-contractual performance related bonus
• Working remotely in addition to working in advertised office location
• Flexi time scheme (available for B1-B6)
• Minimum 25 days annual leave to a maximum service related 30 days excluding bank holidays

Explore fully how we will reward your work.

Want to make a difference? Find out more about the rewarding work that we do in our candidate pack.

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil ServiceD&I Strategy.

We want to make our recruitment process accessible to everyone, so if there is any way that we can support you, please contact [email protected]

Working flexibly, delivering outcomes

CCS is a flexible business with a smarter working model where our colleagues benefit from a mix of home and office working. Successful candidates are expected to work from one of the office locations listed. Our current office attendance approach requires a minimum of 26 days per quarter (approx 2 days per week, which may be subject to change) in CCS office locations or off site meetings with suppliers, customers, partners, networking / industry events. This is pro rata for those who work part time. Our smarter working principles mean that our people have the advantage of both office and offsite based collaboration and learning, as well as working from home. This way of working allows us to honour our commitment to being a responsible business, offer flexibility and better work life balance as well as ensuring we deliver our business with confidence and in accordance with our CCS values.

Selection Process

Candidates who are successful at sift will be contacted as soon as possible following the closing date and advised of the interview process in more detail. The sift will commence WC 21st July and interviews will be held WC 4th August either at one of our offices or via video with interview times and dates to be confirmed. (Subject to change)

To find out more about our recruitment process please click here

Please note: Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.

A reserve list may be held for up to 12 months, which the Civil Service may use to fill future suitably similar vacancies across government for candidates who are considered appointable following interview. Should you be placed on a reserve list and want to be removed please contact [email protected].

Complaints procedure

Our recruitment processes are underpinned by the principle of selection for appointment on merit on the basis of fair and open competition as outlined in the Civil Service Commissioners’ Recruitment Principles details of which can be found at http://civilservicecommission.independent.gov.uk

If you feel your application has not been treated in accordance with the Recruitment Principles, and you wish to make a complaint, you should contact [email protected] in the first instance.

If you remain unsatisfied with the response you receive you can then contact the Civil Service Commission at [email protected]