Government Digital Service

gds.blog.gov.uk

1 Job

835 Employees

About the Company

The Government Digital Service (GDS) is the digital centre of government — we are responsible for setting, leading and delivering the vision for a modern digital government.

Our priorities are to drive a modern digital government, by:

1. joining up public sector services
2. harnessing the power of AI for the public good
3. strengthening and extending our digital and data public infrastructure
4. elevating leadership and investing in talent
5. funding for outcomes and procuring for growth and innovation
6. committing to transparency and driving accountability

We are home to the Incubator for Artificial Intelligence (I.AI), the world-leading GOV.UK and at the forefront of coordinating the UK’s geospatial strategy and activity.

We lead the Government Digital and Data function and champion the work of digital teams across government.

We’re part of the Department for Science, Innovation and Technology (DSIT) and employ more than 1,000 people all over the UK, with hubs in Manchester, London and Bristol.

The Government Digital Service is where talent translates into impact. From your first day, you’ll be working with some of the world’s most highly-skilled digital professionals, all contributing their knowledge to make change on a national scale.

Join us for rewarding work that makes a difference across the UK. You'll solve some of the nation’s highest-priority digital challenges, helping millions of people access services they need.

Learn more about a rewarding career in digital government: https://www.civil-service-careers.gov.uk/professions/working-in-digital-data-and-technology/

Listed Jobs

Company Name: Government Digital Service
Job Title: Principal Cyber Risk Management and Assurance Advisor
Job Description: **Job title** Principal Cyber Risk Management and Assurance Advisor **Role Summary** Lead cyber risk management, assurance, and architectural advisory for major GDS applications and digital services from alpha through early live stages. Deliver security assessments, IT Health Checks, and SaaS compliance reporting while guiding teams through secure-by-design practices, risk treatment planning, and continuous improvement of live service security. **Expectations** - Produce detailed risk assessments, treatment plans, and monthly risk briefings to senior leadership. - Mentor and upskill cross‑functional development teams on security best‑practice and risk capability. - Influence policy, standards, and security culture across the department. - Manage and grow an internal cyber risk assurance team as the portfolio expands. **Key Responsibilities** 1. Lead cyber and information security risk management and assurance for key applications from development to early live. 2. Conduct IT Health Checks and deliver critical security assessments with focus on SaaS tooling compliance to NCSC Cloud Security Principles. 3. Facilitate Security Working Groups covering all development and deployment stages; track, log, and report risks to the Head of Cyber Risk and Assurance. 4. Draft and review Secure by Design policies/practices: safe use of AI, secure coding, OWASP, DPIA, GovAssure. 5. Coordinate cross‑platform activities to enable secure delivery of new GDS services; support incident management and continuous improvement. 6. Provide risk briefings, exposure mapping, and mitigation recommendations to senior leaders. 7. Mentor and train digital service and Information Security staff, sharing best‑practice knowledge. 8. Oversee implementation, usage, and data integrity of risk management tools (e.g., SureCloud risk register). 9. Engage proactive stakeholder communication, reinforcing security culture and alignment with organisational priorities. 10. Prepare for future line‑management responsibilities as the team scales. **Required Skills** - Extensive experience delivering cyber security risk assessments and assurance in large, fast‑moving digital environments (government or critical infrastructure). - In‑depth knowledge of cyber risk management, threat modelling, security architecture, and formal IT Health Checks, especially SaaS/cloud environments. - Ability to interpret and apply cyber security standards, regulatory frameworks, and secure‑by‑design principles in multidisciplinary teams. - Strong independent work ethic, self‑starter with proven ability to take initiative. - Demonstrated track record of building cross‑functional relationships, influencing senior stakeholders, and briefing non‑technical audiences. - Excellent written, verbal, and interpersonal communication skills. - Commitment to continuous learning, mentoring, and capability building. **Required Education & Certifications** - Bachelor’s degree in Computer Science, Cyber Security, Information Assurance, or related field (or equivalent professional experience). - Relevant certifications such as CISSP, CISM, ISO/IEC 27001 Lead Implementer/Lead Auditor, GRC or Cloud Security certifications (e.g., CCSO, AWS/Azure Certified Security – Specialty) preferred. ---

Manchester, United kingdom

Hybrid

Senior

11-03-2026