Head of Detect and Response - Home Office Cyber Security

Posting date:	28 July 2025
Salary:	£73,900 to £81,290 per year
Additional salary information:	New entrants to the Civil Service will start their role on the salary band minimum: £73,900 for National based Roles. You may be eligible for an additional non-pensionable allowance, pending a Capability and Skills assessment, with a value of up to £21,7
Hours:	Full time
Closing date:	07 August 2025
Location:	Manchester
Company:	Government Recruitment Service
Job type:	Permanent
Job reference:	418751/1

Summary

Cyber Security Detect and Response at the Home Office plays a vital role in protecting one of the UK’s largest government departments and its nationally critical digital infrastructure.

This Head of Detect and Response position demands strong leadership, technical acumen, and clear communication to manage and enhance cyber incident response procedures. The role involves leading a high-performing security function, shaping strategy and policy, and managing incidents in collaboration with senior stakeholders across government.

Working within a team of cyber professionals, the post holder will contribute to safeguarding complex systems, supported by a culture of continuous development. Responsibilities include identifying, containing, and remediating incidents, driving process improvements, and ensuring the organisation remains prepared for evolving threats through regular exercises and robust governance.

As the Head of Detect and Response your main day-to-day responsibilities will include;

• Developing a detect and response strategy aligned with business objectives, risk appetite, and continuity planning.

• Creating, reviewing and updating response policies, standards and processes in line with regulatory and industry requirements; oversee implementation.

• Conducting technical assessments to identify vulnerabilities and threats; using findings to inform strategy and incident response planning.

• Managing the full incident response lifecycle, ensuring effective communication with cross-government stakeholders; leading post-incident reviews and implementing exercising strategies to maintain organisational resilience.

• Determining and managing resources, including budget, personnel and technology; driving continuous improvement to address emerging threats and best practice.

• Developing and reviewing strategic, operational and technical KPIs and KRIs to inform decision-making.

• Leading the detect and response team, supporting professional development, and ensuring service readiness.

The successful candidate will be expected to work full-time (37 hours per week), in line with the requirements of the role.

Due to the 24/7 nature of the Cyber Security Operations Centre, this role will at times, require some out of hours and on call availability.

Hybrid Working

DDaT is geographically spread across multiple locations with most staff working in line with the Department’s hybrid working arrangements (a minimum of 60% of time in an office location, with the remainder working from home). The successful candidate will be based at Manchester Soapworks and there may be a requirement for occasional travel to other locations.

Proud member of the Disability Confident employer scheme

About Disability Confident

A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident.