Principal Cyber Security Risk Manager

Job title - Cyber Security Risk Manager Principal (£54,857 - £80,400) 

Business area - Policy, Digital and Data 

Working pattern - Flexible working, Full-time, Job share, Part-time 

Number of jobs available - 1 

Locations: Bristol, Swansea, Leeds, Nottingham, Newcastle, Oldham or Birmingham. 

Salary: £54,857 plus an additional allowance up to £25,543 

Job summary 

The DVSA are continuing to strengthen security capability across the business. This role will form a part of a growing Cyber function continuing to embed and maintain an assurance and response function protecting our Services and customer data.

Our work also supports the DVSA Data Strategy which has recently been refreshed. This sets the direction for making the Agency an evidence based and data driven organisation whilst maintaining an appropriate level of security of our services and data.

You will work with the wider Security function as well as supporting Service Owners and multi-disciplinary teams to ensure that security is built into the service development lifecycle and strategic planning. You will be responsible for providing the consolidated risk picture for the Products within that Service and recommending risk acceptance aligning with defined risk appetites. You will lead a small service group team of security professionals to support the assurance as well as engage as necessary with the Enterprise Architecture processes via the Security Architecture function to influence pattern adoption.

If this challenge is attractive, we'd love to hear from you!

Joining our department comes with many benefits, including:

• Employer pension contribution of 28.97% of your salary. Read more about Civil Service Pensions here
• 25 days annual leave, increasing by 1 day each year of service (up to a maximum of 30 days annual leave), plus 8 bank holidays a privilege day for the King's birthday
• Flexible working options where we encourage a great work-life balance.

Read more in the Benefits section below!

Find out more about what it's like working at DVSA: Driver and Vehicle Standards Agency - Department for Transport Careers

Job description 

Responsibilities include but are not limited to:

• Lead and undertake risk management activities against the hardest or most novel scenarios, while applying the fundamental principles of risk management to a range of complex scenarios, and lead regulatory or legislative compliance activities
• Guide and direct specialist activities of others, actively promoting development in the applicable skills, providing leadership to other risk managers, and sharing best practice widely across government, the public sector, and industry
• Lead the analysis and derivation of complex security needs
• Lead Cyber Security related risk assessments and other expert risk management activities, including providing guidance on establishing the organisation's Cyber Security related governance arrangements
• Provide guidance to ensure ongoing confidence that fundamental organisational security needs have been met, including integrating a range of assurance approaches and techniques to give continued confidence to the risk, service or system owner
• Shape leadership decision-making through:

1. effective reporting and communication regarding the effectiveness of security processes across an organisation
2. providing recommendations to highly complex problems
3. acting as an SME for complex cyber risk management concerns, issues and problems

Great line management is important to us as an organisation, and we will equip and support line managers to develop the skills they need. We aim to empower line managers to create teams where people can flourish and deliver excellent outcomes for the public. 

For further information on the role, please read the attached role profile. Please note that the role profile is for information purposes only - whilst all elements are relevant to the role, they may not all be assessed during the recruitment process. This job advert will detail exactly what will be assessed during the recruitment process.

Person Specification

Qualifications/licenses:

• A Chartered Cyber Professional or be willing to work towards becoming Chartered.
• Demonstrate experience in cloud security across at least one platform of AWS or Azure and be willing to undertake formal training and certifications in this area.

Required experience:

As a Principal Cyber Risk Manager you are inquisitive and enjoy understanding the context of the full service and product suite you are supporting. You work in a matrix team with roles such as developers, User experience and service design, business analysis to bring a rounded approach to a Service.

You are good at making evidenced based recommendations to both Service Owners and Senior Security Leadership roles around the level of security risk being managed within each Product.

You enjoy learning about new technology.

You are part of a wider Security profession and support the development of that profession as part of a leadership role in the organisation and are able to bring strategic influence to your local Services and Products.

Additional Information

This role is part of the Government Security Profession and utilises an enhanced Capability Based Pay Framework which provides access to a Digital and Data allowance. 

The base pay is £54,857. In addition to this the role includes a Digital and Data allowance of up to £25,543.

The value of allowance awarded will be based on an assessment of your skills and experience as demonstrated through the selection process.   

Here are more details on the pay framework.  

Working hours, office attendance and travel requirements

Full time roles consist of 37 hours per week. Whilst we welcome applications from those looking to work with us on a part time basis, there is a business requirement for the successful candidate to be able to work at least 30 hours per week.

This role is suitable for hybrid working, which is a non-contractual arrangement where a combination of workplace and home-based working can be accommodated subject to business requirements. For more information on how this works for this role, please contact the Vacancy Holder (see below for contact details).

The expectation at present is a minimum of 60% of your working time a month will be spent at either your principal workplace (one of the locations cited in the advert) or, when required for business reasons, visiting stakeholders and colleagues, or carrying out detached duty in another DfT or agency workplace. The chosen principal workplace will be the designated place of work and any remote or home working arrangement does not constitute a change to the designated place of work or contractual terms and conditions. There may be occasions where you are required to attend above the minimum expectation. Applicants can request further information on how this may work in their team from the Vacancy Holder (see below for contact details).

Occasional travel to other offices will be required, which may involve overnight stays. 

If you have questions regarding how hybrid working is practiced within the business area, or any reasonable adjustments or flexible working arrangements you may currently have or need in place if successful in your application, please contact the Vacancy Holder (see advert for contact details).

Visa Sponsorship

Please note that we do not hold a UK Visa & Immigration (UKVI) Skilled Worker Licence sponsor and are unable to sponsor any individuals for Skilled Worker Sponsorship. Candidates should ensure they have the appropriate rights to work in the UK before application.

Offered Benefits 

Being part of our brilliant Civil Service means you will have access to a wide range of fantastic benefits:

• Employer pension contribution of 28.97% of your salary. Read more about Civil Service Pensions here
• 25 days annual leave, increasing by 1 day each year of service (up to a maximum of 30 days annual leave).
• 8 Bank Holidays plus an additional Privilege Day to mark the King's birthday.
• Access to the staff discount portal.
• Excellent career development opportunities and the potential to undertake professional qualifications relevant to your role paid for by the department, such as CIPD, Prince2, apprenticeships, etc.
• Joining a diverse and inclusive workforce with a range of staff communities to support all our colleagues.
• 24-hour Employee Assistance Programme providing free confidential help and advice for staff.
• Flexible working options where we encourage a great work-life balance.

Find out more about the benefits of working at DfT and its agencies (opens in a new window)

How to apply:

Our selection process ensures a comprehensive assessment of each applicant's qualifications, skills, and potential fit within our organisation.

The selection process for this role will be:

Stage 1: Sift of CV and personal statement

Stage 2: Interview & assessment

You must be successful at each stage to progress to the next stage.

Stage 1: Sift

At sift, you will be assessed against the following Success Profile elements:

Experience

• You will be asked to provide a CV (unlimited wordcount) and;
• A personal statement (1000-words max).

Please provide detailed evidence against each of the following within your personal statement:

• Provide an example when you have gathered and derived meaningful security requirements to support an identified need.
• Provide an example of a time when you have delivered a comprehensive risk assessment for a complicated scenario using appropriate methodologies.

The sift will take place week commencing W/C 22nd September 2025.

Stage 2: Interview

At interview stage, you will be assessed against the following Success Profile elements:

Behaviours -

• Seeing the Big Picture
• Communicating and Influencing

Technical -

• Information Risk Assessment and Risk Management - Expert level
• Threat Understanding - Practitioner level
• Protective Security - Expert level
• Applied Security Capability - Practitioner level

You will also be required to complete an Assessment to assess the following Success Profile elements:

Technical skills

• Applied Security Capability - Practitioner level
• Security architecture - Expert level

Guidance will be provided if you are invited to interview.

The interviews will take place week commencing from 6^th October.

This interview will be conducted online via Microsoft Teams. Further details will be provided to you should you be selected for interview.

You can find out more about our hiring process, how to apply, and application and interview guidance on our careers site (opens in a new window).

Please note that we will try to meet the dates set out in the advert. There may be occasions when these dates will change.

Further information on the selection process

Feedback on your application can only be provided if you attend an interview or assessment.

We may also hold a 12 month reserve list for this role. You can read more about our reserve lists here.

Should we receive a large number of applications, we may invite a shortlist of the highest performing candidates to interview.  This means that some applications that meet the required standard could be placed 'on hold' after the sift and invited to interview if the vacant position(s) remain unfilled.  You will be notified if your application is being put 'on hold' once the sift has been completed. 

Appointments for this position will be made in order of merit. If you are successful in the selection process but there are no further available posts for the advertised role, you may be contacted to discuss an offer for a lower graded role (with similar experience and responsibility requirements).

If you are unsuccessful in the selection process, your application may be considered for a lower graded position if your demonstrated skills and experience meet the requirements of the alternative position. Candidates will be considered in order of merit. 

AI Tools and Platforms

During the application process candidates are allowed to utilise AI (artificial intelligence) tools and platforms to support them in writing their Behaviours, CVs and Personal Statements. However, you must ensure that any evidence submitted as part of your application or used during interview is truthful and factually accurate. Applications may be rejected if plagiarism is detected. Examples of plagiarism can include presenting the ideas and experiences of others, or concepts generated by artificial intelligence, as your own. You can read more here.

Further information

If you feel your application has not been treated
in accordance with the Recruitment Principles and you wish to make a complaint, in the first instance, you should contact Government Recruitment Services via email: dftrecruitment.grs@cabinetoffice.gov.uk If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission: Click here (https://civilservicecommission.independent.gov.uk/) to visit Civil Service Commission

How to Apply

For further information please contact Daniel Berry at Sellick Partnership.

Sellick Partnership is proud to be an inclusive and accessible recruitment business and we support applications from candidates of all backgrounds and circumstances. Please note, our advertisements use years' experience, hourly rates, and salary levels purely as a guide and we assess applications based on the experience and skills evidenced on the CV. For information on how your personal details may be used by Sellick Partnership, please review our data processing notice on our website.