Information Security Governance, Risk and Assurance Lead
Swindon, England, United Kingdom of Great Britain and Northern Ireland
Full Time
2 days ago
$46,743 GBP
No Sponsorship
Key skills
Cyber SecurityRisk Management
About this role
Role Overview
Operate and enhance UKRI’s security governance, risk and assurance framework, ensuring controls remain appropriate, effective and aligned to organisational risk.
Perform security risk assessments for systems, services, projects and suppliers, producing clear risk treatment recommendations.
Lead the coordination and delivery of assurance activities across operational security domains (e.g., SOC processes, vulnerability management, incident response, identity and access management).
Monitor operational security performance, control effectiveness and compliance against internal policies and external frameworks including NIST CSF, ISO 27001 and the Government Cyber Assessment Framework.
Manage and improve processes for evidence gathering, audit preparation, remediation planning and control validation.
Conduct gap analyses following audits, incidents or assessments, ensuring remediation actions are tracked and delivered.
Work closely with technology teams and service owners to integrate good governance and risk practices into operational workflows (“secure by design”).
Provide specialist advice to operational teams on risk, compliance obligations, and best‑practice implementation.
Produce enterprise‑level assurance reporting, including metrics, dashboards and trend analysis to support senior decision‑making.
Requirements
Experience in information security governance, risk management or security operations in a complex organisation.
Proven ability to conduct security risk assessments and operational assurance reviews.
Good knowledge of cyber security and information assurance frameworks (NIST CSF, ISO 27001, CAF).
Experience supporting audits, compliance assessments or continuous monitoring activities.
Ability to interpret complex technical and procedural information to provide clear recommendations.
Strong analytical skills and experience producing meaningful risk and assurance reporting.
Tech Stack
Cyber Security
Benefits
An outstanding defined benefit pension scheme
30 days' annual leave in addition to 10.5 public and privilege days (full time equivalent)
Employee discounts and offers on retail and leisure activities
Employee assistance programme, providing confidential help and advice