This role is a hybrid/office-based role at Canary Wharf, London. Our core HQ offices are modern and newly refurbished with excellent city centre transport link and benefit from benefit from co-location with other government departments such as the Department for Health and Social Care (DHSC).
Our core HQ offices are modern and newly refurbished with excellent city centre transport link and benefit from benefit from co-location with other government departments such as the Department for Health and Social Care (DHSC).
Job Summary
We are looking for an experienced Head of Cyber Governance, Risk and Compliance (GRC),with great leadership and technical skills and a drive to improve organisational understanding of cyber security risk.
In this role you will provide thought-leadership and insight to enable UKHSA’s organisational operations and outputs to be appropriately secure and resilient. You’ll need to understand UKHSA’s compliance against UK Government and industry standard cyber security frameworks, such as DSPT-CAF, Secure-By-Design, GovAssure and OG086. You’ll engage proactively with stakeholders including the Senior Information Risk Officer (SIRO), staff, and partners across the organisation in the governance of cyber security risk, ensuring that it is understood and effectively managed.
You’ll lead a team, developing the core skills and expertise, so that they can develop and maintain a wider understanding of cyber risks and capabilities, across UKHSAs complex and challenging environments.
This role reports to the Deputy Director of Cyber Security and forms part of the cyber security senior leadership team alongside the heads of cyber security architecture and operations.
Job Description
The successful individual will be expected to carry out the requirements in the “Cyber Security Risk Management” Role Family outlined in Government Security Profession Career Framework:
Cyber Risk Management Principal
In this role you will
- lead and undertake risk management activities against the hardest or most novel scenarios, while applying the fundamental principles of risk management to a range of complex scenarios and lead regulatory or legislative compliance activities.
- guide and direct specialist activities of others, actively promoting development in the applicable skills, providing leadership to other risk managers, and sharing best practice widely across government, the public sector, and industry.
- lead the analysis and derivation of complex security needs
- lead cyber security related risk assessments and other expert risk management activities, including providing guidance on establishing the organisation’s cyber security related governance arrangements.
- provide guidance to ensure ongoing confidence that fundamental organisational security needs have been met, including integrating a range of assurance approaches and techniques to give continued confidence to the risk, service or system owner.
* Please note that this list is not exhaustive*
Requirements
The successful individual will be expected to carry out the requirements in the “Cyber Security Risk Management” Role Family outlined in Government Security Profession Career Framework:
Cyber Risk Management Principal
In this role you will
- lead and undertake risk management activities against the hardest or most novel scenarios, while applying the fundamental principles of risk management to a range of complex scenarios and lead regulatory or legislative compliance activities.
- guide and direct specialist activities of others, actively promoting development in the applicable skills, providing leadership to other risk managers, and sharing best practice widely across government, the public sector, and industry.
- lead the analysis and derivation of complex security needs
- lead cyber security related risk assessments and other expert risk management activities, including providing guidance on establishing the organisation’s cyber security related governance arrangements.
- provide guidance to ensure ongoing confidence that fundamental organisational security needs have been met, including integrating a range of assurance approaches and techniques to give continued confidence to the risk, service or system owner.
* Please note that this list is not exhaustive*
Person specification
Shape Leadership Decision-making Through
- effective reporting and communication regarding the effectiveness of security processes across an organisation
- providing recommendations to highly complex problems
- acting as an SME for complex cyber risk management concerns, issues and problems
In addition to the above the successful individual will be expected to:
- manage individuals within the Cyber Governance, Risk and Compliance (GRC) team which may include UKHSAs external Cyber Security partners that provide additional resourcing.
- ensure we have the right contracts in place to extend the capability and capacity of your civil servant team, including defining contract deliverables and statements of work.
- Any other responsibilities appropriate for this grade.
Essential Criteria
The essential skills for this role, defined in the Government Security Profession Career Framework are:
- Risk understanding and mitigation at an expert level
- Information risk assessment and risk management at an expert level
- Relevant industry qualifications and accreditations e.g. Cyber Security Professional, Certified Information Systems Professional, ISO27001 Lead Auditor
Desirable Criteria
In addition to the essential skills above, the successful individual will need to have or develop the following additional skills defined in the Government Security Profession Career Framework:
- Legal and Regulatory Compliance
- Threat Understanding
- Secure Supply Chain Management
- Relevant membership of professional bodies e.g. UK Cyber Security Council Principal or Chartered status in Cyber Security Governance and Risk Management.
Alongside your salary of £75,104, UK Health Security Agency contributes £21,757 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
We pride ourselves as being an employer of choice, promoting equality of opportunity to actively encourage applications from everyone, including groups currently underrepresented in our workforce. UKHSA's ethos is to be an inclusive organisation for all our staff and stakeholders. To create, nurture and sustain an inclusive culture, where differences drive innovative solutions to meet the needs of our workforce and wider communities. We do this through celebrating and protecting differences by removing barriers and promoting equity and equality of opportunity for all.
- Learning and development tailored to your role
- An environment with flexible working options
- A culture encouraging inclusion and diversity
- A Civil Service pension with an employer contribution of 28.97%
Selection process details
Selection Process
Stage 1: Application & Sift
This vacancy is using Success Profiles
You Will Be Required To Complete An
- Application form (‘Employer/ Activity history’ section on the application)
- Up to 1000 word supporting statement
Healthjobs UK has a word limit of 1500, but your supporting statement must be no more than 1000 words.
This should outline how your skills, experience, and knowledge, provide evidence of your suitability for the role.
You will receive a joint score for your application form and statement. (The application form is the kind of information you would put into your C.V –please be advised you will not be able to upload your CV. Please complete the application form in as much detail as possible)
If we receive a large number of applications an initial sift against the "Leadership" behaviour will be conducted.
Longlisting: In the event of a large number of applications we may longlist into 3 piles of:
- Meets all essential criteria
- Meets some essential criteria
- Meets no essential criteria
We will take through those who meet ALL essential criteria
Desirable criteria may be used if we receive a large number of applications.
Please note feedback will not be provided at this stage.
Stage 2: Interview (success profiles)
You will be invited to a remote interview via Teams.
Interviews will be held week commencing 5th January 2026, please note these dates are subject to change.
This vacancy is being assessed using Success Profiles. During the interview we will assess you against the below:
Behaviours
- Making Effective Decisions
- Leadership
- Communicating and Influencing
- Delivering at Pace
You will also be assessed on Strengths
You will be asked to prepare and present a 5-minute presentation on the subject of: Proportionate Risk Mitigation in Government Services.
It should cover: why proportionate risk management in government services matters, an outline approach, and a real-life example you have worked on (may be outside of government services).
The presentation will be timed to 5 minutes, and there will be an additional 2 minutes for questions.
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.
Eligibility Criteria
Open to all external applicants (anyone) from outside the Civil Service (including internal applicants).
Salary Information
If you are successful at interview, and are moving from another government department, NHS, or Local Authority, the relevant starting salary principles for level transfers or promotions will apply. Otherwise, roles are offered at the pay scale minimum for the grade, but in exceptional circumstances there may be flexibility if you are able to demonstrate you are already in receipt of an existing, higher salary. Pay increases are through the relevant annual pay award for the role and terms.
Future location
UKHSA is investing in a new state-of-the-art National Biosecurity Centre in Harlow, Essex, which will eventually bring together teams currently based at Canary Wharf, Colindale and Porton Down. For more details, please see: Huge biosecurity centre investment to boost pandemic protection - GOV.UK.
The new facilities will start becoming operational in the mid-2030s, with full completion by 2038. Staff will move in phases as facilities become available. If you're appointed to a role currently based at Canary Wharf, Colindale or Porton Down, please note that we'll continue investing in these sites for the next decade. As we get closer to the transition, we'll provide full information about relocation support available to staff.
Reasonable Adjustments
The Civil Service is committed to making sure that our selection methods are fair to everyone. To help you during the recruitment process, we will consider any reasonable adjustments that could help you. An adjustment is a change to the recruitment process or an adjustment at work. This is separate to the Disability Confident Scheme. If you need an adjustment to be made at any point during the recruitment process you should contact the recruitment team in confidence as soon as possible to discuss your needs.
You can find out more information about reasonable adjustments across the Civil Service here: https://www.civil-service-careers.gov.uk/reasonable-adjustments/
International Police check
If you have spent more than 6 months abroad over the last 3 years you may need an International Police Check. This would not necessarily have to be in a single block, and it could be time accrued over that period.
Artificial Intelligence (AI)
Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.
Link Below
Artificial intelligence and recruitment , Civil Service Careers
Internal Fraud check
If successful for this role as one aspect of pre-employment screening, applicant’s personal details – name, national insurance number and date of birth - will be checked against the Cabinet Office Internal Fraud Hub and anyone included on the database will be refused employment unless they can show exceptional circumstances. Currently this is only for External candidates to the Civil Service.
Market Pay Supplement
This post may be eligible for a market pay supplement of up to £20,000
Security Clearance Level Requirement
Successful candidates must meet the security requirements before they can be appointed.
- The level of security needed is Basic Personnel Security Standard
- Successful candidates must pass a Standard disclosure and barring security check
- For this role you will also need to meet Security Clearance (SC)
For meaningful National Security Vetting checks to be carried out individuals need to have lived in the UK for a sufficient period of time. You should normally have been resident in the United Kingdom for the last 5 years as the role requires Security Check (SC) clearance.UK residency less than the outlined periods may not necessarily bar you from gaining national security vetting and applicants should contact the Vacancy Holder / Recruiting Manager listed in the advert for further advice.
Careers website
Please visit our careers site for more information https://gov.uk/ukhsa/careers
Feedback will only be provided if you attend an interview or assessment.
Security
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Nationality requirements
This Job Is Broadly Open To The Following Groups
- UK nationals
- nationals of the Republic of Ireland
- nationals of Commonwealth countries who have the right to work in the UK
- nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
- nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
- individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
- Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)
Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).
The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.
Contact point for applicants
Job Contact
- Name : John Inglis
- Email : john.inglis@ukhsa.gov.uk
Recruitment team
- Email : recruitment@ukhsa.gov.uk
Further information
The law requires that selection for appointment to the Civil Service is on merit on the basis of fair and open competition as outlined in the Civil Service Commission's Recruitment Principles.
If you feel your application has not been treated in accordance with the Recruitment Principles, and you wish to make a complaint, in the first instance, you should contact UKHSA Public Accountability Unit via email: Complaints@ukhsa.gov.uk
If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission: Visit the Civil Service Commission website: https://civilservicecommission.independent.gov.uk
