IT Security, Governance, Risk, and Compliance Manager
| Dyddiad hysbysebu: | 05 Medi 2025 |
|---|---|
| Cyflog: | £47,252 i £50,927 bob blwyddyn |
| Oriau: | Llawn Amser |
| Dyddiad cau: | 21 Medi 2025 |
| Lleoliad: | BS16 1EJ |
| Cwmni: | Government Recruitment Service |
| Math o swydd: | Parhaol |
| Cyfeirnod swydd: | 426283/1 |
Crynodeb
This exciting role within the wider IT Department/team is responsible for IT SGRC - Security, Governance, Risk and Compliance playing a leading role in ensuring all aspects of this critical function are delivered against strategic direction and align with our obligations as a government department and our duties to HMG and the public.
You will oversee our IT security strategy, ensuring it supports business objectives and meets legal, regulatory, and government standards. You will identify and manage security risks associated with our IT systems, promote a consistent approach to risk treatment, and embed a security-first culture. As our senior IT security advisor, you will be part of the IT Leadership Team and collaborate closely with internal teams, suppliers, consultants, and partners.
This is a hands-on team lead position where your efforts make a real difference across organisation. You will roll up your sleeves, leading by example, and applying your skills, knowledge, abilities, and experience in this crucial role.
Please see the job description below for more information and details about what we need from you.
Where you’ll work…
You must be within commutable distance of our National Office, north Bristol. This is a blended working role - 2 days per week or as required by the role and organisation with flexibility to work from home for the remainder. You will be required to visit sites across England and some overnight stays will be necessary. Other infrequent out of hours work may necessary, e.g. supporting resolution of incidents. You will be required to participate in infrequent planned on call rotas.
Security strategy; governance; policy, process, guidance ownership
• shape and steer the direction of IT security governance, ensuring alignment with business strategy,
HMG requirements, and evolving threat landscapes
• ensure the organisation meets the standards expected of a government department, embedding
capabilities to identify, detect, protect, respond, and recover in line with defined frameworks,
standards, and practices
• maintain and evolve IT security policies and procedures that reflect regulatory, and business
requirements, and promote compliance across the organisation
• stay informed of emerging threats, industry trends, and changes in best practice and government
guidance to ensure the role remains current and effective
• influence strategy and culture to promote information security, governance, risk, and compliance
principles
• provide pragmatic, risk-based IT security advice to colleagues across the IT Security function, wider
IT team, and stakeholders
• lead modern IT/cyber security thinking and deliverable initiatives
• work with our IT Business Partner and IT Security colleagues to create and deliver engaging security
comms to deliver engaging and varied security comms and campaigns, through a variety of existing
and new channels, guided by industry best practice and business requirements
Security risk and incident oversight and management
• understand the risk landscape affecting IT systems and information
• work alongside IT colleagues to influence the review and monitoring of systems, processes, and
solutions to reduce risk across the IT estate
• function as an escalation point for IT security risks and incidents. Evaluate IT security risks and
execute informed risk-based strategic decisions
• support working groups, and process that leverage and use your security, risk and compliance
expertise into technology lifecycle planning, delivery, and management across the organisation;
promoting awareness, escalation; understanding of risks, threats, and mitigations to help shape
outcomes and resilience across the technology environment
• collaborate with Knowledge and Information Management colleagues on enabling and supporting data
and information governance, security, policy, and process activities
• support HR led investigations as required of potential misconduct or policy breaches
Assurance and compliance oversight and management
• oversee and influence regular risk assessments, independent assurance activities, and security testing
• oversee and manage the internal IT Department Risk Register in collaboration with IT Leadership
colleagues
Area and team leadership and management
• manage the IT Security, Governance, Risk and Compliance team, ensuring clear direction, support,
and professional development
• create security processes and workflows that align with Incident Management and Disaster Recovery
plans and ensure the resilience of critical systems and services
• drive the alignment of Business Continuity and Disaster Recovery policies with Forestry England’s IT
Disaster Recovery and Information Management frameworks, ensuring resilience of critical systems
and services
• contributing toward developing wider aspects of the department to improve the service we provide;
how we operate; the ongoing development of the department and team against strategy and plans
And any other tasks, reasonably requested by your line manager.
Aelod balch o'r cynllun cyflogwyr Hyderus o ran Anabledd