Location: Bristol, London, Manchester
The Government Digital Service (GDS) is looking for a Cyber Security Governance and Risk Management Principal to lead security assurance across critical national digital infrastructure.
About the role
You’ll join GDS, the digital centre of government, working at the heart of services like GOV.UK and One Login.
Responsibilities
In this role, you will:
* Lead cyber risk and security assurance across major digital services
* Work across teams delivering services in alpha, beta and live phases
* Influence how security is embedded across government digital delivery
* Support a strong “secure by design” culture across the organisation
What you’ll be doing
You’ll play a key role in protecting and strengthening government digital services, including:
* Leading cyber and information security risk management and assurance
* Conducting security assessments and IT Health Checks across services
* Ensuring SaaS and cloud solutions meet NCSC security principles
* Facilitating security working groups across delivery stages
* Producing formal risk assessments and risk treatment plans (RTPs)
* Advising on secure by design practices, including AI and secure coding
* Supporting incident management and live service security improvements
* Delivering risk briefings to senior leaders, with clear recommendations
* Mentoring teams and building capability across security practices
* Promoting a positive, collaborative security culture
What we’re looking for
We’re looking for an experienced cyber security professional who can operate at a senior level:
* Strong experience delivering cyber risk assessments and assurance
* Deep understanding of threat modelling, cloud security and SaaS environments
* Experience applying security standards and regulatory frameworks
* Confident working in complex, fast-paced digital environments
* Strong stakeholder engagement, able to influence senior leaders
* Excellent communication skills, translating complex risks into clear actions
* Experience mentoring, coaching or building team capability
* Ability to assess risks across emerging technologies (AI, cloud, SaaS)
* Commitment to continuous learning and best practice sharing
#J-18808-Ljbffr