Location
Bristol, London, Manchester
About the job
Job summary
The Government Digital Service (GDS) is the digital centre of government. We are responsible for setting, leading and delivering the vision for a modern digital government.
Our priorities are to drive a modern digital government, by:
joining up public sector services
harnessing the power of AI for the public good
strengthening and extending our digital and data public infrastructure
elevating leadership and investing in talent
funding for outcomes and procuring for growth and innovation
committing to transparency and driving accountability
We are home to the Incubator for Artificial Intelligence (I.AI), the world-leading GOV.UK and at the forefront of coordinating the UK’s geospatial strategy and activity. We lead the Government Digital and Data function and champion the work of digital teams across government.
We’re part of the Department for Science, Innovation and Technology (DSIT) and employ more than 1,000 people all over the UK, with hubs in Manchester, London and Bristol.
The Information Security team at GDS protects the people, services and information used to deliver critical government digital infrastructure such as GOV.UK and One Login. We do this by supporting a secure software development lifecycle, setting and checking proportional organisation policies and building a positive, no-blame security culture across the organisation.
The Government Digital Service is where talent translates into impact. From your first day, you’ll be working with some of the world’s most highly-skilled digital professionals, all contributing their knowledge to make change on a national scale.
Join us for rewarding work that makes a difference across the UK. You'll solve some of the nation’s highest-priority digital challenges, helping millions of people access services they need
Job description
lead cyber and information security risk management, assurance, and architectural advisory for major applications and digital services during alpha, beta, and early live phases
deliver critical security assessments and IT Health Checks, providing expert assurance across portfolio projects, with a focus on SaaS tooling compliance against NCSC Cloud Security Principles
facilitate and oversee Security Working Groups throughout all key development and deployment stages, ensuring risks are tracked, logged, and reported to the Head of Cyber Risk and Assurance, with actionable recommendations provided
produce formal risk assessments and risk treatment plans (RTPs) for all digital services and associated tooling, ensuring robust protection in accordance with business risk appetite
develop, review, and advise on Secure by Design policies/practices, including safe use of AI, secure coding, and regulatory compliance frameworks (e.g., OWASP, DPIA, GovAssure)
coordinate cross-platform activities and enable secure delivery of new GDS services, including supporting incident management and continuous improvement of live service security practices
routinely provide monthly (and ad-hoc) risk briefings to senior leaders, evidencing assurance, identifying risks outside tolerance, mapping exposure, and recommending mitigations and controls
mentor and train digital service teams and wider Information Security staff, sharing best practices and building internal capability for risk assessment and management
support implementation and ongoing usage of risk management tooling, ensuring all details are uploaded promptly and appropriately, such as the SureCloud risk register
engage proactively with senior internal and external stakeholders, promoting security culture and enabling confident delivery aligned with organisational priorities
future line management activities as the team grows
Person specification
demonstrable experience delivering high-quality, detailed cyber security risk assessments and assurance in large, fast moving, complex digital environments, ideally government or critical infrastructure
in-depth understanding of cyber risk management, threat modelling, security architectural advice, and formal IT Health Checks, including experience with SaaS environments and cloud security principles
experience interpreting and applying relevant cyber security standards, regulatory frameworks, and secure by design principles within a multi-disciplinary digital team
a self-starter, using your considerable experience and skills to work independently and with confidence
track record of building cross-functional relationships and leading multi-platform security initiatives, with the ability to brief, influence, and advise senior stakeholders
strong written, verbal, and interpersonal communication skills, able to distil complex findings into actionable recommendations for non-technical and executive audiences
evidence of personal commitment to continuous learning and sharing of best practices, with experience mentoring, coaching, or enabling capability-building in others
ability to assess the implications and risks of emerging technologies (such as AI, SaaS, cloud services) and proactively recommend security interventions
knowledge of Civil Service values: respect, collaboration, inclusivity, and commitment to public service, with a strong focus on organisational culture
Indicative professional qualifications / accreditations
relevant industry qualifications and accreditations e.g. , CISSP or hold a Master’s Degree in a relevant discipline.
Do you agree to our terms & conditions & privacy statement?
Receive updates & notifications from Ex-MilitaryCareers.com
