Senior Cyber Security Risk Manager - Information Security
2 Days Old
Senior Cyber Security Risk Manager - Information Security
Join to apply for the Senior Cyber Security Risk Manager - Information Security role at Medicines and Healthcare products Regulatory Agency
Senior Cyber Security Risk Manager - Information Security
1 day ago Be among the first 25 applicants
Join to apply for the Senior Cyber Security Risk Manager - Information Security role at Medicines and Healthcare products Regulatory Agency
Job Description
We are currently looking for a
Job Description
We are currently looking for a Senior Cyber Security Risk Manager – Information Security to join our Technology & Service Operations within the Digital & Technology group.
This is a full-time opportunity, on a permanent basis. The role will be based in 10 South Colonnade, Canary Wharf London, E14 4PU or South Mimms, Hertfordshire. Please be aware that this role can only be worked in the UK and not overseas.
Government departments and agencies are working towards implementing a minimum 60% attendance in office sites.
We are currently implementing a flexible, hybrid way of working, with a minimum of 8 days per month working on site to enable the collaboration and contact with partners and stakeholders needed to deliver MHRA business. Attendance on site is driven by business needs so depending on the nature of the role, this can flex up to 12 days a month, with the remainder of time worked either remotely or in the office. Some roles will need to be on site more regularly.
This role will also be required to participate in the Agency’s out of hours on-call rota on a periodic basis. An on-call payment will be added to the salary depending on the frequency of participation in the rota.
A Digital Allowance of up to £15,000 per annum may be available for exceptional candidates based on our assessment of your skills and experience. This allowance is non-pensionable and may change on an annual basis.
Who are we?
The Medicines and Healthcare products Regulatory Agency enhance and improve the health of millions of people every day through the effective regulation of medicines and medical devices, underpinned by science and research.
The Digital and Technology Group (DTG) lies at the heart of the Agency and is responsible for delivering an optimised IT infrastructure and maximising the secure use of data to enable our scientists, inspectors, and the rest of the organisation to deliver world class services which can improve outcomes for patients and the public. The Group was essential in the race to approve COVID-19 vaccines in 2020 and in supporting the UK to set up its own medicines and devices approvals systems following our exit from the EU. The work we do matters!
The Technology & Service Operations function is responsible for managing the existing IT infrastructure including both software and hardware, databases, and other technology platforms; leading the support and maintenance of applications; development and testing of new applications and platforms; and cyber and information security for the Agency.
What’s the role?
This is an exciting role where you will drive the agency’s information security agenda.
You will play a central role in delivering the Agency’s strategic objectives by embedding robust governance, risk, and compliance practices. You will lead and develop a high-performing team, building capability and maturity to ensure that information security remains integral to our digital, data, and information transformation.
You will work closely with the Head of Cyber and Information Security, the Senior Information Risk Owner (SIRO), Board members, and delivery teams to continuously improve the management of information risk. You will also represent the Agency in engagements with external stakeholders, including other government health bodies and IT and security delivery partners.
In this role, you will collaborate with the Cyber Defence Team and the Data Protection Team to make informed, risk-based decisions on both strategic and operational matters. You will be expected to quickly understand the Agency’s culture and processes, enabling you to influence and embed a strong, pragmatic security and privacy culture across the organisation.
Key Responsibilities
- Lead the development and implementation of the Agency’s information security governance framework, ensuring alignment with strategic objectives and regulatory expectations.
- Maintain and enforce security policies, standards, and guidelines that support consistent risk-based decision-making.
- Promote a culture of accountability and security awareness across the Agency.
- Own and operate the information security risk management process, ensuring risks are identified, assessed, and treated proportionately.
- Ensure security controls are selected and maintained based on business context and threat landscape, using recognised frameworks (e.g. ISO 27001, NCSC CAF).
- Lead or support internal and third-party assurance activities, including audits and compliance reviews.
- Monito emerging threats, vulnerabilities, and regulatory changes to inform the Agency’s risk posture and control strategy.
- Ensure lessons learned from incidents, audits, and assessments are captured and used to improve controls, processes, and response capabilities.
- Act as a trusted advisor to business and technical stakeholders, translating risk into actionable insights.
Our successful candidate will be able to demonstrate that they meet the following criteria:
- Holds a recognised professional security certification (e.g. CISM, CISSP) and at least four years’ experience in an information security or GRC role.
- Communication between Technical and Non-technical - Skilled in articulating complex cybersecurity concepts in a clear and accessible manner for diverse stakeholders across the organisation.
- Leadership - Leads and motivates multidisciplinary teams, fostering a collaborative and inclusive environment. Builds and maintains effective relationships with internal teams and external partners, including suppliers, to deliver security outcomes. Acts as a visible and credible leader within the wider security function, modelling professionalism and integrity.
- Demonstrates a strong understanding of security frameworks and standards, governance, risk management, and compliance practices, and a commitment to continuous professional development.
- Delivering at Pace - Manages multiple priorities in a fast-paced environment, balancing operational security responsibilities with strategic initiatives and project work. Demonstrates resilience and flexibility, ensuring timely delivery of high-quality outcomes while aligning with agile delivery practices .
- Information Risk Management - Applies deep expertise in identifying and evaluating threats, vulnerabilities, and potential impacts to information assets. Advises senior stakeholders on risk treatment and acceptance strategies, ensuring alignment with the organisation’s risk appetite and regulatory obligations.
Please note: The job description may not open in some internet browsers. Please use Chrome or Microsoft Edge. If you have any issue viewing the job description, please contact careers@mhra.gov.uk
The Selection Process
We use the Civil Service Success Profiles to assess our candidates, find out more here .
- Online application form, including questions based on the Behaviour, Experience and Technical Success Profiles. Please ensure all application questions are completed in full; your application may not be considered if any responses are left blank. Our applications are CV blind, and our Hiring Managers will not be able to access your CV when reviewing your application.
- Presentation, to be prepared as part of your interview, with further information being supplied when you reach this stage.
- Interview, which can include questions based on the Behaviour, Experience, Technical and Strengths Success Profiles.
Applicants are assessed on whether they meet any mandatory requirements as well as the necessary skills and experience for the role. Applications are scored based on the competency-based answers provided- ensure you have read these thoroughly and allow sufficient time. You can view the competencies for this role in the job description.
Use of AI in Job Applications
Applicants must ensure that anything submitted is factually accurate and truthful. Plagiarism can include presenting the ideas and experience of others, or generated by artificial intelligence, as your own.
If you require any disability related adjustments at any point during the process, please contact careers@mhra.gov.uk as soon as possible.
Closing date: 31 August 2025
Shortlisting date: 07 September 2025
Interview date: 21 September 2025
Candidates will be contacted within a week of the sift and the interviews completed to inform them of the outcome.
If you need assistance applying for this role or have any other questions, please contact careers@mhra.gov.uk
Candidates will be subject to UK immigration requirements as well as Civil Service nationality rules. Further information on whether you are able to apply is available here .
Successful candidates must pass a disclosure and barring security check as well as animal rights and pro-life activism checks. People working with government assets must complete basic personnel security standard checks . For this role, successful candidates must also meet additional security requirements before they can be appointed. The level of security needed is security clearance.
Role
Certain roles within the MHRA will require post holders to have vaccinations, and in some circumstances, routine health surveillance. These roles include:
- Laboratory-based roles working directly with known pathogens
- Maintenance roles, particularly those required to work in laboratory settings
- Roles that involve visiting other establishments where vaccination is required
- Roles required to travel overseas where specific vaccination may be required.
Any move to the MHRA from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility here .
Successful candidates may be subject to annual Occupational Health reviews dependent on role requirements. If you have any queries, please contact careers@mhra.gov.uk .
In accordance with the Civil Service Commissioners’ Recruitment Principles our recruitment and selection processes are underpinned by the requirement of selection for appointment on the basis of merit by a fair and open competition. If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, you should firstly contact Florentina Oyelami, Head of Talent Acquisition – Florentina.Oyelami@mhra.gov.uk .
If you are not satisfied with the response you receive, you can contact the Civil Service Commission at: civilservicecommission.independent.gov.uk
info@csc.gov.uk
Civil Service Commission
Room G/8
1 Horse Guards Road
London
SW1A 2HQ
About Us
ABOUT US
The Medicines and Healthcare products Regulatory Agency enhance and improve the health of millions of people every day through the effective regulation of medicines and medical devices, underpinned by science and research.
The agency is made up of c.1300 staff working across two main centres and peripatetically across the UK and abroad.
The agency consists of Corporate, Digital & Technology, Enablement, Healthcare Quality & Access, Partnerships, Safety & Surveillance and Scientific Research & Innovation.
About The Team
Digital & Technology
The Digital and Technology Group (D&T) lies at the heart of the Agency and is responsible for delivering an optimised IT infrastructure and maximising the secure use of data to enable our scientists, inspectors, and the rest of the organisation to deliver world class services which can improve outcomes for patients and the general public. The Group was essential in the race to approve COVID-19 vaccines in 2020 and in supporting the UK to set up its own medicines and devices approvals systems following our exit from the EU. This is an exciting time for the Group as we develop and build a new Regulatory Management System. The work we do matters!
Seniority level
Seniority level
Mid-Senior level
Employment type
Employment type
Full-time
Job function
Job function
Information TechnologyIndustries
Government Administration
Referrals increase your chances of interviewing at Medicines and Healthcare products Regulatory Agency by 2x
Sign in to set job alerts for “Security Risk Manager” roles.
Senior Cyber Security Risk Manager - Information Security - £58,983 p.a. + Digital Allowance + benefits
London, England, United Kingdom 1 week ago
Kingston Upon Thames, England, United Kingdom 57 minutes ago
London Area, United Kingdom £60,000.00-£70,000.00 20 hours ago
London, England, United Kingdom 1 month ago
Security & Information Officer (Defence)
Greater London, England, United Kingdom 15 hours ago
London, England, United Kingdom 3 weeks ago
London, England, United Kingdom 5 days ago
Regional Manager Health & Safety, Security, Quality & Compliance
London, England, United Kingdom 1 week ago
London, England, United Kingdom 1 week ago
London, England, United Kingdom 20 hours ago
London, England, United Kingdom 2 months ago
London, England, United Kingdom 1 week ago
Security Manager - One Hyde Park Residences
London, England, United Kingdom 6 days ago
London, England, United Kingdom 1 month ago
Gatwick, England, United Kingdom 1 week ago
London, England, United Kingdom 12 hours ago
Kingston Upon Thames, England, United Kingdom 1 week ago
London, England, United Kingdom 4 days ago
London, England, United Kingdom 1 week ago
London, England, United Kingdom 2 weeks ago
London Colney, England, United Kingdom 1 week ago
Information Security Manager - ISO 27001, Microsoft Purview, GDPR
London, England, United Kingdom 1 day ago
Security Resilience & Business Continuity Manager
Harlow, England, United Kingdom 6 days ago
Information Security Analyst - Audit, Compliance & Cybersecurity
London, England, United Kingdom 3 days ago
Business Information Security Officer (BISO)
London, England, United Kingdom 6 days ago
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr- Location:
- London, England, United Kingdom
- Salary:
- £125,000 - £150,000
- Job Type:
- FullTime
- Category:
- IT & Technology