UK Health Security Agency

About the Company

The UK Health Security Agency (UKHSA) is an executive agency of the Department of Health and Social Care.

The UK Health Security Agency (UKHSA) is responsible for planning, preventing and responding to external health threats, and providing intellectual, scientific and operational leadership at national and local level, as well as on the global stage.

Listed Jobs

Company Name

UK Health Security Agency

Job Title

Physical Security Advisor

Job Description

**Job Title:** Physical Security Advisor **Role Summary:** Lead the security workstream for a large-scale, high‑containment research facility development project, embedding physical, personnel, and cyber‑security principles across the programme lifecycle. **Expectations:** - Deliver a comprehensive security strategy aligned with national public‑health and biosecurity priorities. - Assure continuous identification, assessment, and mitigation of security risks. - Build and maintain a security culture and management system for all design, construction, and operational phases. **Key Responsibilities:** - Partner with the Programme Director to manage the security workstream and integrate security design into all programme stages. - Define and enforce security requirements for information, personnel, construction, and cyber controls. - Liaise with national authorities (APHA, Counter‑Terrorism Security Advisor), suppliers, and internal stakeholders to develop high‑level security designs. - Monitor supplier delivery against contractual and security plans, including procurement and contract management. - Develop transition roadmaps from current to future sites, prioritising short‑term controls that mitigate immediate risks. - Oversee the development, implementation, and continuous improvement of the programme’s Security Management System. - Provide regular risk reports and updates to programme and organisational leadership. - Promote and sustain a robust security culture across all project teams. **Required Skills:** - Strategic security planning and risk management in large infrastructure projects. - Knowledge of physical, personnel, and cyber‑security best practices and frameworks (e.g., ISO/IEC 27001, NIST, UKSF). - Experience liaising with government security authorities and procurement processes. - Strong stakeholder management and communication skills. - Capability to develop and maintain security documentation, policies, and training programmes. - Project management experience within capital construction or similarly complex programmes. **Required Education & Certifications:** - Bachelor’s degree in Security Management, Information Security, Civil Engineering, or a related field. - Professional security qualifications such as Certified Protection Professional (CPP), Certified Information Systems Security Professional (CISSP), or equivalent. - Experience in public‑health or biosecurity environments preferred.

London, United kingdom

On site

19-12-2025

Company Name

UK Health Security Agency

Job Title

Security Architect – Cloud Risk and Controls

Job Description

**Job Title** Security Architect – Cloud Risk and Controls **Role Summary** Lead the design, implementation, and continuous improvement of a comprehensive Cloud Control Framework that aligns cloud services with regulatory requirements (ISO 27001, DSPT, CAF, CIS, GDS, NCSC). Act as the primary security and risk advisor for cloud delivery teams, ensuring that security controls and risk mitigation are embedded throughout the technical lifecycle and that the organization meets internal and external audit expectations. **Expectations** - Architect scalable security controls and governance processes that meet public‑sector standards. - Translate regulatory and policy requirements into actionable technical controls. - Maintain and evolve a centralised risk register, control library, and assurance evidence repository. - Deliver clear, data‑driven dashboards and KPIs to demonstrate risk posture and control effectiveness. - Facilitate secure innovation by promoting proportionate, agile security practices across cloud initiatives. - Provide expert guidance to auditors, regulators, and stakeholders on compliance readiness and control assurance. **Key Responsibilities** - Design and maintain the Cloud Control Framework and implementation roadmaps for control maturity. - Conduct risk assessments, security impact reviews, and threat analyses for new cloud services and designs. - Lead technical control reviews, compliance validation activities, and internal audit readiness. - Act as the liaison between engineering, audit, and governance teams to close control gaps. - Develop and sustain governance processes for testing, monitoring, reporting, and evidence management. - Train and upskill cloud engineering and product teams on secure architecture and operational risk. - Contribute to architecture boards, change control boards, and cloud steering groups. - Execute regulatory and audit interactions, providing evidence and corrective action plans as required. **Required Skills** - Proven experience in IT security architecture, cloud risk management, or GRC in large‑scale public‑sector cloud environments. - Deep knowledge of AWS and Azure platform security features, best practices, and control mappings. - Strong understanding of ISO 27001, DSPT, CAF, CIS, GDS, and NCSC frameworks. - Experience with threat modelling, risk assessments, and incident response within cloud services. - Ability to develop dashboards, metrics, and reporting for risk and compliance status. - Excellent stakeholder management, communication, and facilitation skills. - Familiarity with governance, change control, and architecture review processes. - Scalable architecture design and secure deployment practices in multi‑cloud or hybrid environments. **Required Education & Certifications** - Degree (Level 6) or equivalent experience in Cyber‑Security, Computer Science, Information Systems, or related technical field. - Professional certifications such as CISSP, CISM, ISO 27001 Lead Implementer, or equivalent are strongly preferred.

London, United kingdom

Hybrid

19-12-2025

Company Name

UK Health Security Agency

Job Title

Lead Product Manager – ServiceNow

Job Description

**Job Title** Lead Product Manager – ServiceNow **Role Summary** Senior leader responsible for defining and executing the strategic vision, roadmap, and operational excellence of the ServiceNow platform. Acts as the primary owner of product direction, stakeholder engagement, supplier governance, licensing, and commercial accountability within a digital and data environment. Drives user‑centred, agile product delivery across multidisciplinary teams and ensures compliance, performance, and continuous improvement. **Expectations** - Translate organisational priorities into a clear, actionable ServiceNow product roadmap. - Maintain governance structures and transparent decision‑making. - Ensure agile delivery standards, licensing compliance, and supplier performance. - Foster stakeholder alignment, user adoption, and continuous service improvement. **Key Responsibilities** - Develop and maintain long‑term product vision and roadmap aligned with business needs. - Establish and chair product governance boards with cross‑functional representation. - Manage full agile delivery lifecycle: backlog refinement, sprint planning, releases, retrospectives. - Identify and implement workflow automation opportunities across internal departments. - Lead licensing strategy, audit readiness, and contractual compliance. - Collaborate with Commercial and Legal teams to draft Statements of Work, evaluate suppliers, and support procurement. - Monitor third‑party vendor performance against KPIs and SLAs; enforce accountability. - Work closely with service owners, business analysts, developers, and technical leads to ensure secure, effective implementations. - Design and operate user feedback mechanisms and performance reporting for continuous improvement. - Support a community of practice for product managers and ensure alignment with GDS product management standards. **Required Skills** - Proven product management experience (5+ years) with ServiceNow platforms. - Deep understanding of ServiceNow modules, licensing, and governance. - Strong agile (Scrum/Kanban) and product delivery expertise. - Excellent stakeholder, vendor, and commercial relationship management. - Ability to craft SOWs, negotiate contracts, and guide procurement processes. - Data‑driven decision‑making; KPI and SLA definition and monitoring. - Leadership, communication, and facilitation skills for cross‑functional teams. - Knowledge of security, compliance, and GDS product standards. **Required Education & Certifications** - Bachelor’s degree in Computer Science, Information Systems, Business Administration, or related field (or equivalent experience). - ServiceNow certification (e.g., System Administrator, Implementation Specialist, or Developer). - Agile/Scrum certification (e.g., Scrum Master, AgilePM) and/or PRINCE2/PMP desirable. - ITIL Foundation or higher preferred. - Ability to obtain and maintain SC (Security Check) clearance.

London, United kingdom

On site

Senior

15-01-2026

Company Name

UK Health Security Agency

Job Title

Senior Specialist - Power Platform

Job Description

**Job Title:** Senior Specialist – Power Platform **Role Summary:** Lead technical specialist for Microsoft Power Platform (Power Apps, Power Automate, Power BI, Power Virtual Agents, Dataverse, APIs, Connectors). Design, deploy, and maintain secure, scalable, high‑availability platform environments. Provide expert guidance, incident response, training, and continuous improvement across the organization. **Expectations:** - Deliver 24/7 platform reliability, meeting defined SLAs/OLAs. - Act as single source of truth for Power Platform strategy, governance, and best practices. - Mentor and supervise junior engineers; collaborate with cross‑functional technology teams. **Key Responsibilities:** 1. Deliver subject‑matter expertise: advise on architecture, security, governance, and integration. 2. Respond to incidents/outages, perform root‑cause analysis, restore service, and document findings. 3. Design, configure, and deploy Power Platform environments; enforce DLP, compliance, and licensing rules. 4. Integrate Power Platform solutions with internal systems and third‑party services via connectors, APIs, and custom integration. 5. Optimize platform performance: capacity planning, tuning, scalability, and resource allocation. 6. Manage product licenses, monitor usage, and recommend cost‑optimization measures. 7. Own disaster‑recovery procedures, develop and maintain business‑continuity plans. 8. Produce and maintain technical documentation, SOPs, knowledge‑base entries, and training materials. **Required Skills:** - Proficient in Power Platform core components (Apps, Automate, BI, Virtual Agents, Dataverse, connectors). - Strong background in platform configuration, deployment, security, governance, and scalability. - Incident response, troubleshooting, and root‑cause analysis. - Scripting/automation (PowerShell, JavaScript, SQL). - Familiarity with Azure services, API Management, and data integration patterns. - Excellent written and verbal communication, including documentation and training. - Project management, estimation, and SLA monitoring. **Required Education & Certifications:** - Bachelor’s degree in Computer Science, Information Technology, or equivalent professional experience. - Microsoft Certified: Power Platform Solution Architect Expert (or Power Platform Developer Associate) preferred. - Azure certifications (e.g., Azure Administrator Associate) are a plus.

London, United kingdom

On site

Senior

19-01-2026