Principal Cyber Risk Management and Assurance Advisor

Location - Bristol, London, ManchesterJob summaryThe Government Digital Service (GDS) is the digital centre of government. We are responsible for setting, leading and delivering the vision for a modern digital government.Our priorities are to drive a modern digital government, by:joining up public sector servicesharnessing the power of AI for the public goodstrengthening and extending our digital and data public infrastructureelevating leadership and investing in talentfunding for outcomes and procuring for growth and innovationcommitting to transparency and driving accountabilityWe are home to the Incubator for Artificial Intelligence (I.AI), the world-leading GOV.UK and at the forefront of coordinating the UK's geospatial strategy and activity. We lead the Government Digital and Data function and champion the work of digital teams across government.We're part of the Department for Science, Innovation and Technology (DSIT) and employ more than 1,000 people all over the UK, with hubs in Manchester, London and Bristol.The Information Security team at GDS protects the people, services and information used to deliver critical government digital infrastructure such as GOV.UK and One Login. We do this by supporting a secure software development lifecycle, setting and checking proportional organisation policies and building a positive, no-blame security culture across the organisation.The Government Digital Service is where talent translates into impact. From your first day, you'll be working with some of the world's most highly-skilled digital professionals, all contributing their knowledge to make change on a national scale.Join us for rewarding work that makes a difference across the UK. You'll solve some of the nation's highest-priority digital challenges, helping millions of people access services they needJob descriptionlead cyber and information security risk management, assurance, and architectural advisory for major applications and digital services during alpha, beta, and early live phasesdeliver critical security assessments and IT Health Checks, providing expert assurance across portfolio projects, with a focus on SaaS tooling compliance against NCSC Cloud Security Principlesfacilitate and oversee Security Working Groups throughout all key development and deployment stages, ensuring risks are tracked, logged, and reported to the Head of Cyber Risk and Assurance, with actionable recommendations providedproduce formal risk assessments and risk treatment plans (RTPs) for all digital services and associated tooling, ensuring robust protection in accordance with business risk appetitedevelop, review, and advise on Secure by Design policies/practices, including safe use of AI, secure coding, and regulatory compliance frameworks (e.g., OWASP, DPIA, GovAssure)coordinate cross-platform activities and enable secure delivery of new GDS services, including supporting incident management and continuous improvement of live service security practicesroutinely provide monthly (and ad-hoc) risk briefings to senior leaders, evidencing assurance, identifying risks outside tolerance, mapping exposure, and recommending mitigations and controlsmentor and train digital service teams and wider Information Security staff, sharing best practices and building internal capability for risk assessment and managementsupport implementation and ongoing usage of risk management tooling, ensuring all details are uploaded promptly and appropriately, such as the SureCloud risk registerengage proactively with senior internal and external stakeholders, promoting security culture and enabling confident delivery aligned with organisational prioritiesfuture line management activities as the team growsPerson specificationdemonstrable experience delivering high-quality, detailed cyber security risk assessments and assurance in large, fast moving, complex digital environments, ideally government or critical infrastructurein-depth understanding of cyber risk management, threat modelling, security architectural advice, and formal IT Health Checks, including experience with SaaS environments and cloud security principlesexperience interpreting and applying relevant cyber security standards, regulatory frameworks, and secure by design principles within a multi-disciplinary digital teama self-starter, using your considerable experience and skills to work independently and with confidencetrack record of building cross-functional relationships and leading multi-platform security initiatives, with the ability to brief, influence, and advise senior stakeholdersstrong written, verbal, and interpersonal communication skills, able to distil complex findings into actionable recommendations for non-technical and executive audiencesevidence of personal commitment to continuous learning and sharing of best practices, with experience mentoring, coaching, or enabling capability-building in othersability to assess the implications and risks of emerging technologies (such as AI, SaaS, cloud services) and proactively recommend security interventionsknowledge of Civil Service values: respect, collaboration, inclusivity, and commitment to public service, with a strong focus on organisational cultureIndicative professional qualifications / accreditationsrelevant industry qualifications and accreditations e.g. , CISSP or hold a Master's Degree in a relevant discipline.