The risks facing government and the public sector mirror the scale and complexity of government. There are risks that exist in aggregate across government and the public sector, risks that need management to stop them impacting multiple areas or becoming a national security issue. Risk management across such a vast landscape of public organisations and supply chains creates a significant and critical challenge to define who should be responsible for, and involved in, the management of cyber security and digital resilience risks.
Role Overview
The Head of Technology Risk is a pivotal leadership role at the heart of government's digital and data function. You will lead the design, implementation and continuous improvement of the cross‑government Technology Risk Framework, helping departments and public bodies better identify, manage and report technology risks in line with government‑wide standards and expectations. You will shape the government's position on systemic technology risk, articulate and elevate risk in areas such as legacy IT, digital resilience, third‑party risk and emerging technologies, and ensure senior leaders have the insight and capability to take informed action.
Key Responsibilities
* Establish and lead the technology risk function, building a team to deliver the responsibilities below.
* Lead the development and rollout of the cross‑government Technology Risk Framework, ensuring it aligns with government risk policy, standards and guidance.
* Work closely with the Head of Assurance to integrate the TRF with existing governance and assurance mechanisms such as GovAssure.
* Work closely with the Heads of Policy and Services to embed a smooth process for feeding technology risks into targeted policy and service interventions.
* Consult and advise on the management of cross‑government technology risks, including cyber security and digital resilience, to support decisions by technology risk owners.
* Create clear, consistent approaches to identifying, categorising and measuring technology risk including legacy IT, digital resilience, supply chain and emerging technologies.
* Work with departments to improve their capability to assess, manage and report technology risks, including articulating, setting and monitoring risk appetites.
* Provide expert advice to senior leaders and boards on critical, systemic and aggregate technology risks.
* Coordinate with assurance, policy and operational leads to ensure technology risk is considered in decision‑making and portfolio planning, using insights from data, assessments and engagement to drive accountability and investment.
* Represent GDS in cross‑government forums, working closely with HMT, Cabinet Office, NCSC, GSG and other stakeholders to align technology risk management with wider risk, cyber and resilience strategies.
* Provide input on cross‑government risk processes such as the National Security Risk Assessment.
* Develop and support capability building across the risk profession, including training, guidance and peer learning.
Qualifications and Experience
* Strong experience managing technology or operational risk in a complex environment with an understanding of cyber security issues.
* Understanding of risk appetite, assessment, and treatment, and ability to apply them in large organisations. A cyber security risk certification such as CISM, CRISC or IRM is an advantage.
* Confident influencing and advising senior stakeholders, including boards and executive teams.
* Ability to work across organisational boundaries to drive consensus, alignment and action.
* Comfortable designing policy, frameworks or guidance that support consistent implementation at scale.
* Experience creating and implementing risk management frameworks.
* Understanding of digital service delivery, legacy systems, resilience and technical debt.
* Use of data and insights to support decision‑making, governance and performance monitoring.
* Commitment to building capability and improving maturity across people, processes and systems.
* Good working knowledge of the HM Treasury Orange Book and Government Functional Standard 007.
Behaviours
* Changing and Improving
* Making Effective Decisions
* Communicating and Influencing
Benefits
* Flexible hybrid working with flexi‑time and the option to work part‑time or condensed hours.
* A Civil Service Pension with an average employer contribution of 28.5 %.
* 25 days of annual leave, increasing by a day each year up to a maximum of 30 days.
* An extra day off for The King’s birthday.
* An in‑year bonus scheme to recognise high performance.
* Career progression and coaching, including a training budget for personal development.
* Paid volunteering leave.
* Well‑being support with access to an employee assistance programme.
* Job satisfaction from making government services easier to use and more inclusive for people across the UK.
* Advances on pay, including for travel season tickets.
* Cycle‑to‑work scheme and facilities.
* Access to children’s holiday play schemes across different locations in central London.
* Access to an employee discounts scheme.
* Learning days and volunteering opportunities.
* Access to the Civil Service learning suite.
#J-18808-Ljbffr