Cyber Security Risk Manager – Information Security - £42,869 p.a. + benefits

at  Medicines and Healthcare products Regulatory Agency

JOB SUMMARY

We have an exciting opportunity for a Cyber Security Risk Manager in our Digital and Technology Group (DTG).

This is a full- time opportunity, on a permanent basis. The role will be based in Canary Wharf London, or South Mimms, Hertfordshire. Please be aware that these roles can only be worked in the UK and not overseas. We are currently operating a hybrid way of working, with a minimum of 40% of contracted hours working on site to enable the collaboration and contact with partners and stakeholders needed to deliver MHRA business. This may rise to 60% during the year. Attendance on site is driven by business needs so depending on the nature of the role, some roles will need to be on site more regularly.

• This role will also be required to participate in the Agency’s out of hours on-call rota on a periodic basis. An on-call payment will be added to the salary depending on the frequency of participation in the rota.

WHO ARE WE LOOKING FOR?

The successful candidate will be an experienced and confident information security risk manager, who has applied security risk management frameworks in a range of business situations to implement strong security.
You will have strong analytical skills and be confident in making decisions which support the business to make well informed security risk decisions that support the business direction.
You will be able to communication information security risks and threats in an engaging and clear manner so that non-technical colleagues can understand. You will also have a proven ability to build strong collaborative relationships with security stakeholders across the Agency and beyond, sharing best practice, putting security risk management into the business context and tackling areas of misunderstanding and challenge.
You will be a strong leader and manager, with experience of coaching and mentoring junior members of the team and colleagues, building their confidence and ability to improve the overall capability of the team.
If you would like to find out more about this fantastic opportunity, please read our Job Description and Person Specification!
Closing Date: 6th October 2024
Shortlisting: 7th – 11th October 2024
Interview Date: 23rd October 2024
Please note: The job description may not open in some internet browsers. Please use Chrome or Microsoft Edge. If you have any issue viewing the job description, please contact careers@mhra.gov.uk
Benefits

Alongside your salary of £42,869, Medicines and Healthcare Products Regulatory Agency contributes £12,419 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• Annual Leave: 25 days annual leave on entry, rising by one day for each completed year of service to a maximum of 30 days and pro-rata for part-time staff. PLUS 8 bank holidays
• Privilege Leave: 1 day
• Hours of Work: 37 hours (net) per week for full time staff in all geographical locations, including London and pro rata for part-time staff
• Occupational Sick Pay (OSP): One month full pay/one month half pay on entry, rising by one month for each completed year of service to a maximum of five months full pay/five months half pay
• Mobility: Mobility clause in contracts allowing staff to be mobile across the Civil Service
• Civil Service Pension Scheme. Please see the link for further information http://www.civilservicepensionscheme.org.uk/ For enquiries relating to the Civil Service Pension Schemes please contact MyCSP’s Pension Service Centre directly on 0300 123 6666
• Flexible working to ensure staff maintain a healthy work-life balance
• Interest free season ticket loan or bike loan
• Employee Assistance Services and access to the Civil Service Benevolent Fund
• Eligibility to join the Civil Service Motoring Association (CSMA)
• Variety of staff and Civil Service clubs
• On-going learning and development

Things you need to know

THE SELECTION PROCESS:

Application – please answer all the application questions, providing evidence of experience relevant to the specific Behaviour, Experience and Technical criteria marked ‘A’ in the Person Specification. Failure to answer the ‘Job Specific Questions’ on the application will result in our shortlisting panel having insufficient evidence to assess your application.
Our applications are CV blind, and our Hiring Managers will not be able to access your CV when reviewing your application.
Interview – aligned to the Behaviour, Experience and Strengths criteria marked ‘I’ in the job description
Applicants are assessed on whether they meet any mandatory requirements as well as the necessary skills and experience for the role.
In the instance that we receive a high number of applications, we will hold an initial sift based on the lead criteria of ‘Have proven practical experience implementing security risk management frameworks and principles for an organisation, demonstrably improving its security risk posture’.

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

WHAT’S THE ROLE?

This role is key to enabling the Agency to reduce its cyber security risk with a focus on Information Security, ensuring this remains front and centre in all of our business. Therefore, we need a skilled and experienced Information Security Risk Manager to play a lead role in the cyber security team, delivering the agency’s security agenda, embedding a strong information security risk management framework aligned to industry and government best practice.

This is a full- time opportunity, on a permanent basis. The role will be based in Canary Wharf London, or South Mimms, Hertfordshire. Please be aware that these roles can only be worked in the UK and not overseas. We are currently operating a hybrid way of working, with a minimum of 40% of contracted hours working on site to enable the collaboration and contact with partners and stakeholders needed to deliver MHRA business. This may rise to 60% during the year. Attendance on site is driven by business needs so depending on the nature of the role, some roles will need to be on site more regularly.

• This role will also be required to participate in the Agency’s out of hours on-call rota on a periodic basis. An on-call payment will be added to the salary depending on the frequency of participation in the rota