JOB SUMMARY

The Infected Blood Compensation Authority (IBCA) is responsible for delivering a compensation scheme that has been long awaited by the infected blood community to provide financial compensation to victims of infected blood on a UK-wide basis.
This role will be accountable for the implementation and management of various security projects that will help to improve the security posture of organisational and operational components needed to provide the IBCA compensation service.
The role will work alongside the Head of Cyber and Information Security to manage the various complex security projects that are currently underway to further improve the security posture of the IBCA estate. The successful individual will be capable of working independently at pace to manage projects, stakeholders, and ensure progress is made under challenging conditions.
Working at IBCA gives you a huge opportunity to make an impact on those who deserve compensation. This role suits a highly adaptable and resilient project manager with security experience who excels at communication, empowers diverse teams, strategically navigates complexity, and proactively solves problems to drive continuous security improvement.

JOB DESCRIPTION

The Cyber Security Project Lead is responsible for leading and managing the successful delivery of cybersecurity projects across the organization. This role ensures that all initiatives related to information security, risk management, and regulatory compliance are strategically aligned with business goals and executed effectively.
The Cyber Security Project Lead works closely with technical teams, business stakeholders, and external vendors to plan, coordinate, and oversee a wide range of cybersecurity initiatives—including system upgrades, security tool implementations, incident response improvements, and compliance audits. They ensure that projects are delivered on time, within scope, and within budget, while maintaining the highest standards of security and data protection.
Key responsibilities include defining project objectives and requirements, developing detailed project plans, managing risks and dependencies, and ensuring that all deliverables meet security standards and industry best practices. This role also involves tracking progress, preparing status reports for senior management, and adapting project plans in response to changing priorities or threats.
The ideal candidate will have a strong background in project management, excellent leadership and communication skills, and a working understanding of the principles of cyber security. They must be able to translate complex technical concepts into actionable plans and effectively drive cross-functional collaboration.

TECHNICAL SKILLS

We’ll assess you against these technical skills during the selection process:

• Project Management https://projectdelivery.gov.uk/dpdcf-role/project-manager-g7/#section-4

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements

MAIN RESPONSIBILITIES

• Project Leadership: Lead, manage, and ensure the successful delivery of security-focused projects related to the compensation scheme. Develop and maintain a delivery plan of all ongoing and future security projects. Projects may involve introduction of new technology, secure data systems, privacy measures, and protection of personal data.
• Stakeholder Engagement: Collaborate with internal teams (e.g. IT, legal, and claims management), external vendors, and government stakeholders to ensure all security initiatives meet the necessary requirements and align with IBCA’s objectives.
• Security Risk Management: Identify, assess, and mitigate security risks related to the compensation process, including handling of sensitive claimant data, ensuring compliance with data protection laws (e.g., GDPR), and managing digital security threats.
• Compliance and Regulatory Oversight: Ensure that all security practices, policies, and systems are fully compliant with relevant regulations, including the Data Protection Act, GDPR, and UK government security standards such as CAF and Secure by Design.
• Cybersecurity Management: Oversee the security of the IT systems and infrastructure used to manage compensation claims, ensuring the implementation of best practices in cybersecurity. Work with IT teams to safeguard against data breaches, hacking attempts, and insider threats.
• Vendor and Contractor Management: Manage external vendors and contractors involved in security projects, ensuring that they meet contractual security standards and comply with all data protection regulations.
• Documentation and Reporting: Maintain accurate and comprehensive project documentation, including risk assessments, incident reports, security protocols, and post-project reviews. Provide regular status updates to senior leadership.
• Incident Response: In the event of a security breach or data incident, lead the response efforts, including investigating the breach, implementing remedial actions, and liaising with the Information Commissioner’s Office (ICO) and other regulatory bodies.
• Training and Awareness: Develop and deliver security training programs for IBCA staff, ensuring awareness of data protection policies, cybersecurity practices, and security best practices.
• Foster a positive and inclusive team environment that promotes wellbeing, collaboration, and a supportive culture aligned with departmental values