Information Security Risk Manager - £44,825 p.a. + benefits

at  Medicines and Healthcare products Regulatory Agency

JOB SUMMARY

We have an exciting opportunity for an Information Security Risk Manager in our Digital and Technology Group (DTG).

This is a full- time opportunity, on a permanent basis. The role will be based in Canary Wharf London, or South Mimms, Hertfordshire. Please be aware that these roles can only be worked in the UK and not overseas. We are currently operating a hybrid way of working, with a minimum of 40% of contracted hours working on site to enable the collaboration and contact with partners and stakeholders needed to deliver MHRA business. This may rise to 60% during the year. Attendance on site is driven by business needs so depending on the nature of the role, some roles will need to be on site more regularly.

• This role will also be required to participate in the Agency’s out of hours on-call rota on a periodic basis. An on-call payment will be added to the salary depending on the frequency of participation in the rota.

PERSON SPECIFICATION

The successful candidate will be an experienced and confident information security risk manager, who has applied security risk management frameworks in a range of business situations to implement strong security.
You will have strong analytical skills and be confident in making decisions which support the business to make well informed security risk decisions that support the business direction.
You will be able to communication information security risks and threats in an engaging and clear manner so that non-technical colleagues can understand. You will also have a proven ability to build strong collaborative relationships with security stakeholders across the Agency and beyond, sharing best practice, putting security risk management into the business context and tackling areas of misunderstanding and challenge.
You will be a strong leader and manager, with experience of coaching and mentoring junior members of the team and colleagues, building their confidence and ability to improve the overall capability of the team.
If you would like to find out more about this fantastic opportunity, please read our Job Description and Person Specification!
Please note: The job description may not open in some internet browsers. Please use Chrome or Microsoft Edge. If you have any issue viewing the job description, please contact careers@mhra.gov.uk
Benefits

Alongside your salary of £44,825, Medicines and Healthcare Products Regulatory Agency contributes £12,985 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• Annual Leave: 25 days annual leave on entry, rising by one day for each completed year of service to a maximum of 30 days and pro-rata for part-time staff. PLUS 8 bank holidays
• Privilege Leave: 1 day
• Hours of Work: 37 hours (net) per week for full time staff in all geographical locations, including London and pro rata for part-time staff
• Occupational Sick Pay (OSP): One month full pay/one month half pay on entry, rising by one month for each completed year of service to a maximum of five months full pay/five months half pay
• Mobility: Mobility clause in contracts allowing staff to be mobile across the Civil Service
• Civil Service Pension Scheme. Please see the link for further information http://www.civilservicepensionscheme.org.uk/ For enquiries relating to the Civil Service Pension Schemes please contact MyCSP’s Pension Service Centre directly on 0300 123 6666
• Flexible working to ensure staff maintain a healthy work-life balance
• Interest free season ticket loan or bike loan
• Employee Assistance Services and access to the Civil Service Benevolent Fund
• Eligibility to join the Civil Service Motoring Association (CSMA)
• Variety of staff and Civil Service clubs
• On-going learning and development

Things you need to know

SELECTION PROCESS DETAILS

Application – please answer all the application questions, providing evidence of experience relevant to the specific Behaviour, Experience and Technical criteria marked ‘A’ in the Person Specification. Failure to answer the ‘Job Specific Questions’ on the application will result in our shortlisting panel having insufficient evidence to assess your application.
Our applications are CV blind, and our Hiring Managers will not be able to access your CV when reviewing your application.
Interview – aligned to the Behaviour, Experience and Strengths criteria marked ‘I’ in the job description
Applicants are assessed on whether they meet any mandatory requirements as well as the necessary skills and experience for the role.
In the instance that we receive a high number of applications, we will hold an initial sift based on the lead criteria of ‘Have proven practical experience of applying security risk management frameworks, aligned to HM Government or Industry best practice such as ISO27001, NIST, CAF, for an organisation, demonstrably improving its security risk posture.’
Closing Date: 19 November 2024
Shortlisting: 20 November 2024
Interview Date: 27 – 29 November 2024
If you need assistance applying for this role or have any other questions, please contact careers@mhra.gov.uk
Candidates will be subject to UK immigration requirements as well as Civil Service nationality rules. Further information on whether you are able to apply is available here.
Successful candidates must pass a disclosure and barring security check as well as animal rights and pro-life activism checks. People working with government assets must complete basic personnel security standard checks.
Applicants who are successful at interview will be, as part of pre-employment screening subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment. A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.
Any move to the MHRA from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility here.
Successful candidates may be subject to annual Occupational Health reviews dependent on role requirements. If you have any queries, please contact careers@mhra.gov.uk.
In accordance with the Civil Service Commissioners’ Recruitment Principles our recruitment and selection processes are underpinned by the requirement of selection for appointment on the basis of merit by a fair and open competition. If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, you should firstly contact Mira Mepa, Head of Recruitment and Operations, Mira.Mepa@mhra.gov.uk.
If you are not satisfied with the response you receive, you can contact the Civil Service Commission at: civilservicecommission.independent.gov.uk
info@csc.gov.uk
Civil Service Commission
Room G/8
1 Horse Guards Road
London
SW1A 2HQ
Feedback will only be provided if you attend an interview or assessment.

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

WHAT’S THE ROLE?

This role is key to enabling the Agency to reduce its cyber security risk with a focus on Information Security, ensuring this remains front and centre in all of our business. Therefore, we need a skilled and experienced Information Security Risk Manager to play a lead role in the cyber security team, delivering the agency’s security agenda, embedding a strong information security risk management framework aligned to industry and government best practice.

This is a full- time opportunity, on a permanent basis. The role will be based in Canary Wharf London, or South Mimms, Hertfordshire. Please be aware that these roles can only be worked in the UK and not overseas. We are currently operating a hybrid way of working, with a minimum of 40% of contracted hours working on site to enable the collaboration and contact with partners and stakeholders needed to deliver MHRA business. This may rise to 60% during the year. Attendance on site is driven by business needs so depending on the nature of the role, some roles will need to be on site more regularly.

• This role will also be required to participate in the Agency’s out of hours on-call rota on a periodic basis. An on-call payment will be added to the salary depending on the frequency of participation in the rota