Overview
To contribute to MHRA's cyber security mission. To work in an ambitious, modern digital environment with meaningful impact.
About Our Client
We are currently implementing a flexible, hybrid way of working, with a minimum of 8 days per month on site to enable collaboration with partners and stakeholders. Attendance on site is driven by business needs and can flex up to 12 days per month; the remainder of time may be remote or in the office. Some roles will need to be on site more regularly. Please discuss this with the recruiting manager before accepting an appointment.
The Medicines and Healthcare products Regulatory Agency (MHRA) enhances health through the regulation of medicines and medical devices, underpinned by science and research. The Digital and Technology Group (DTG) delivers an optimised IT infrastructure and maximises the secure use of data to enable scientists, inspectors, and the organisation to deliver world class services. DTG also delivers a broad portfolio of change initiatives to transform legacy technologies and deliver innovative solutions aligned with customer needs. The Technology & Service Operations function manages the IT infrastructure, applications, and cyber and information security for the Agency.
Job Description
This is an exciting role where you will drive the agency's information security agenda. As a skilled and experienced Cyber Security Manager, you will play a central role in delivering the Agency's strategic objectives by embedding governance, risk, and compliance practices. You will lead and develop a high-performing team, building capability and maturity to ensure that information security remains integral to our digital, data, and information transformation.
Key responsibilities:
Provide management, leadership, development and strategic direction for the Cyber Security function and driving a culture of continuous improvement.
Horizon scanning for emerging security risks and control technologies; procuring and managing services and tooling; and managing responses to security incidents with a proactive and effective response.
Responsible for Cyber Security within the Agency including risk assessment and assurance, working closely with Data Protection and Information Security colleagues.
Lead and manage the security testing and operational service delivery from third party partners, ensuring good value for money for the agency.
Maintain and embed appropriate cultural values of the agency's cyber and information security strategy; ensure continuous professional development through training and communications.
Manage and maintain the framework of policies and procedures to support effective cyber security in the Agency.
The Successful Applicant
Person Specification:
Method of assessment: A=Application, T=Test, I=Interview, P=Presentation
Behaviour Criteria:
Making Effective Decisions (I)
Communicating and Influencing (I)
Leadership (I)
Delivering at Pace (I)
Experience Criteria:
Communication between Technical and Non-technical audiences; ability to articulate cybersecurity concepts clearly for diverse stakeholders; experience engaging across levels to drive security awareness and informed decisions.
Designing, implementing, and improving security governance and risk processes; enabling business operations while maintaining security controls.
Information Risk Management; advising on risk treatment and alignment with risk appetite; regular risk reviews and governance reporting.
Collaborative Working; cross-organisational collaboration with technical and non-technical stakeholders.
Strategic Advice; providing strategic security insight to senior leaders and aligning with organisational objectives.
Technical Criteria:
Certification and Professional Alignment; recognised security certification (e.g., CISM, CISSP, CRISC) and several years of information security or governance, risk, and compliance experience.
Understanding of security frameworks, governance, risk management, and compliance practices; commitment to ongoing development.
Technical Infrastructure; ability to assess and challenge infrastructure work from a risk perspective across cloud, network and applications.
Strengths Criteria
Enabler
Additional Information
If you would like to find out more about this opportunity, please discuss further with the recruitment team.
The selection process uses Civil Service Success Profiles. Details will be provided during the process.
Online application form with questions based on Behaviour, Experience and Technical Success Profiles.
Presentation to be prepared as part of the interview process.
Interview including questions on Behaviour, Experience, Technical and Strengths Success Profiles.
Our successful candidate will benefit from:
Salary of £57,028 - £64,672
Access to Alpha pension scheme (enrolled automatically at 28.97%)
What’s on Offer
Digital Allowance up to £21,948 per annum may be available for exceptional candidates, non-pensionable and may change annually.
Developing - £5,888; Proficient - £13,918; Accomplished - £21,948
Closing date: 10am on 8th April. Shortlisting date: from 16th April. Interview date: 29th & 30th April.
Applicants must meet UK immigration and Civil Service nationality requirements. Successful candidates may be subject to security checks and other pre-employment screenings as applicable.
In accordance with Civil Service Recruitment Principles, our process is merit-based and open to qualified applicants.
#J-18808-Ljbffr