Skip to content
This vacancy is only available to existing Civil Servant employees and employees of accredited non-departmental public bodies (NDPBs). Please review the "Eligibility" section before you apply.

General Information

Salary
The national salary range is £42,914 - £46,182, London salary range is £49,325 - £53,081. Your salary will be dependent on your base location
Working Pattern
Full Time, Flexible Working
Vacancy Approach
Cross Government
Location
National
Region
National
Closing Date
16-Feb-2026
Post Type
Permanent
Civil Service Grade
SEO
Number of jobs available
1
Reserve List
12 Months
Job ID
14422

Descriptions & requirements

Job description

Security Risk and Assurance Lead (SEO) 

The MoJ Information Security Team sits at the heart of the Ministry of Justice, enabling good security practices through the provision of security policies, guidance and education, by understanding cyber security risks from all parts of the Ministry of Justice and providing assurance to the departmental SIRO, the Permanent Secretary and other senior stakeholders that these risks are being effectively managed in the delivery of MoJ objectives. 

The role of a Security Risk and Assurance Lead is to lead the programme of cyber security assurance for their assigned area of the organisation, highlighting non-compliance with required standards and providing appropriate challenge to the owners of cyber security risks arising from control gaps.   

A Security Risk and Assurance Lead may also mentor and support others in good risk management practices to enable them to manage residual risk well, identify trends resulting from risk and assurance activities and use these to initiate and lead improvements to processes, policies and guidance, and own the resolution of tactical requests to the team. 

All members of our team are expected to help develop the MoJ Security Function as a centre of excellence for the department and to contribute to building a brilliant and diverse team that is a welcoming place for all. 

Typical role expectations and responsibilities 

As a Security Risk and Assurance Lead, you will get involved in a wide range of tasks. Here are examples of typical things you might work on: 

Lead the implementation and delivery of security assurance processes, including GovAssure and supplier assurance activities for your assigned area, to support the overarching assurance programme. Communicate assessment and assurance outcomes to stakeholders in ways that enable effective security, risk management and decision-making. Advise stakeholders on their approach to risk assessment in the context of their business outcomes. 

Manage significant cybersecurity incidents and coordinate response efforts across business and technical teams. Oversee the full incident lifecycle, from notification through to resolution, ensuring swift action and embedding lessons learned for continuous improvement. Depending on the situation, you will lead triage or support teams performing triage. Act as a key driver for clear, timely communication with senior stakeholders during major incidents. You will document incidents, support investigations and root cause analysis, and ensure compliance with relevant policies. 

Engage with Justice Digital and Information Assurance colleagues (or supervise third-party suppliers) to gather evidence of technical service and organisational process performance against security baselines, controls and requirements, using key performance indicators. 

Analyse data to assess the quality of evidence and effectiveness of controls, focusing on business-critical services and associated operational areas. 

Identify and report on trends from assurance assessments in your assigned area and ensure appropriate remediation plans are in place and actively managed. 

Align risk decisions and advice with relevant regulation, policy and standards, providing proportional, practical guidance tailored to the local environment. Advise on residual risk, escalate risks when necessary, and take responsibility for closing follow-up actions. 

Contribute to the development and enablement of security policy and culture, collaborating with the Security Policy, Culture, Awareness and Education team through insights from assurance activities. Assure ongoing appropriateness of policy in line with regulation and wider departmental and government requirements. Lead risk-related work and enable compliance and governance. 

Build and maintain a network of security partners across government, national technical authorities and industry. 

Contribute to submissions and reports for senior MoJ officials, and lead efforts to respond to requests and advisories from government partners. 

Monitor the efficiency and effectiveness of security processes across the organisation and lead continuous improvement initiatives, including enhancing escalation and reporting methods where necessary. 

This role may include line management responsibilities for more junior team members. 

About you: 
You will need experience of working well within a security, technology and risk team, and be able to demonstrate successful prior experience of leading, mentoring and motivating a small team. You will be able to demonstrate examples of your own motivation to grow your leadership and management skills and abilities. 

You will be able to evidence people management skills with experience leading and motivating teams. Mentor team members, fostering a collaborative and high-performing environment. 

You will be able to demonstrate the ability to translate technical risk into business impact and influence decisions at senior levels. 

You will demonstrate an understanding of cyber security and technology, showing willingness to continue to grow your awareness of current and emerging technologies and their impact on existing security practices. 

You will be able to communicate well and confidently with a variety of stakeholders, up to board level, and relay technical information to a non-technical audience. Represent MoJ in high-stakes situations internally and with external partners You will possess excellent analytical and problem-solving skills, adopt a positive approach and display flexibility of mind when encountering new situations.  

You will display attention to detail and discretion in dealing with confidential topics and senior stakeholders.  

You will need to be analytical and inquisitive, probing for information where appropriate to understand business context and reasoning. You will be a trusted partner for your areas of the organisation and demonstrate an understanding of how to appropriately challenge security decisions, including those made by senior stakeholders. 

Essential Skills 

A proven track record in incident response leadership, the ability to translate technical risk into business impact, and the confidence to challenge constructively and influence outcomes at all levels.  

The post holder will be expected to understand cloud security concepts such as, Azure, AWS, network and endpoint security, cyber-attack vector and threat actor tactics. 

This role acts as a bridge between technical responders and senior management and requires strong analytical and problem-solving skills. 

You will have experience of gathering and analysing data from various sources (internal systems, supply chain, public bodies) to identify vulnerabilities and trends. 

Behaviours 

We'll assess you against these behaviours during the selection process: 

  • Leadership 
  • Managing a Quality Service 
  • Delivering at Pace 
  • Making Effective Decisions 
  • Changing and improving 
  • Developing Self and Others 

Technical skills 

We may assess your current level of knowledge of cyber security and risk management during the selection process. 

Additional Information

Working Arrangements & Further Information

The MoJ offers Hybrid Working arrangements where business need allows. This is an informal, non-contractual form of flexible working that blends working from your base location, different MoJ sites and / or from home (please be aware that this role can only be worked in the UK and not overseas). All employees will be expected to spend a minimum of 60% of their working time in an office, subject to local estate capacity.

Some roles will not be suitable for Hybrid Working. Similarly, Hybrid Working will not suit everyone’s circumstances. Arrangements will be discussed and agreed with the successful candidate(s) and subject to regular review.

For nationally advertised roles: All successful candidates will be appointed to the nearest viable office nearest to their home postcode and on its respective pay scale.  This will be at either a HQ building (subject to desk allocation, a Justice Collaboration Centre (JCC) or a Justice Satellite Office (JSO) – See Map. All employees will be expected to spend a minimum of 60% of their working time in an office, subject to local estate capacity). 

For current MoJ employees, your base location will need to be changed to the nearest viable office (to your home postcode), either at a HQ building, JCC or JSO within the National Office Network and moved its location’s respective pay scale (any legacy arrangements/locations will need to be amended).

Some of MoJ’s terms and conditions of service are changing as part of Civil Service reform. The changes will apply to staff joining MoJ who are new to the Civil Service. Staff joining MoJ from other civil service employers will transfer onto the new MoJ terms if they are already on 'modernised' terms in their current post or onto 'unmodernised' MoJ terms if they are on 'unmodernised' terms at their current post. Details will be available if an offer is made.

MoJ candidates who are on a specialist grade, will be able to retain their grade on lateral transfer.

All candidates who are currently in receipt of Mark Time / Pay Protection should ensure they are familiar with the new policy on permanent and temporary promotion which can be found on the employee intranet.

Flexible working hours 

The Ministry of Justice offers a flexible working system in many offices. Standard full time working hours are 37 hours per week. MoJ welcomes part-time, flexible and job-sharing working patterns, where they meet the demands of the role and business needs. All applications for part-time, flexible and job-sharing working patterns will be considered in accordance with the MoJ’s Flexible Working policy.

Benefits 

The MoJ offers a range of benefits:

Annual Leave

Annual leave is 25 days on appointment and will increase to 30 days after five years’ service.

There is also a scheme to allow qualifying staff to buy or sell up to three days leave each year. Additional paid time off for public holidays and 1 privilege day. Leave for part-time and job share posts will be calculated on a pro-rata basis.

Pension 

The Civil Service offers a choice of pension schemes, giving you the flexibility to choose the pension that suits you best.

Training 

The Ministry of Justice is committed to staff development and offers an extensive range of training and development opportunities.

Networks 

The opportunity to join employee-run networks that have been established to provide advice and support and to enable the views of employees from minority groups to be expressed direct to senior management. There are currently networks for employees of minority ethnic origin, employees with disabilities, employees with caring responsibilities, women employees, and lesbian, gay, bisexual and transgender employees.

Eligibility

Staff on fixed term appointments must have been recruited through fair and open competition.

Vacancies advertised “cross-government” are only open to all Civil Service employees and employees of accredited non-departmental public bodies (NDPBs) who were appointed on merit following a fair and open competition; or were appointed to a permanent post through an exception in the Civil Service Commissioners' rules.

Support

  • A range of ‘Family Friendly’ policies such as opportunities to work reduced hours or job share.
  • Access to flexible benefits such as voluntary benefits, retail vouchers and discounts on a range of goods and services.
  • For moves to or from another employer or moves across the Civil Service this can have implications on your eligibility to carry on claiming childcare vouchers. You may however be eligible for alternative government childcare support schemes, including Tax Free Childcare. More information can be found on www.www.GOV.UK or Childcare Choices. You can determine your eligibility at https://www.childcarechoices.gov.uk/.
  • Paid paternity, adoption and maternity leave.
  • Free annual sight tests for employees who use computer screens.

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles. Should you feel that the recruitment process has breached the recruitment principles you are able to raise a formal complaint in the following order

As a Disability Confident employer, MoJ are committed to providing everyone with the opportunity to demonstrate their skills, talent and abilities, by making adjustments throughout all elements of the recruitment process and in the workplace. MoJ are able to offer an interview to disabled candidates who meet the minimum selection criteria, except in a limited number of campaigns.

You will be able to request reasonable adjustments to the recruitment process within the application form. If you need additional help completing the application form, please contact the TBS Recruitment Enquiries Team.

For more information on applying for a role as a candidate with a disability or long-term condition, please watch our animated videos.

Diversity & Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service Diversity and Inclusion Strategy.

Redeployment Interview Scheme

Civil Service departments are expected to explore redeployment opportunities before making an individual redundant. The MoJ is committed, as part of the Redeployment Interview Scheme, to providing opportunities to those who are 'at risk of redundancy'.

MoJ is able to offer an interview to eligible candidates who meet the minimum selection criteria, except in a limited number of campaigns. Candidates will not be eligible for the Redeployment Interview Scheme if they are applying on promotion.

Civil Service Nationality Rules

This job is broadly open to the following groups:

Further information on nationality requirements (opens in a new window) https://www.gov.uk/government/publications/nationality-rules

Reserve list

A reserve list may be held for up to 12 months from which further appointments may be made for the same or similar roles.

Contact Information

MoJ:

If you require any assistance please call 0345 241 5359 (Monday to Friday 8am - 6pm) or e mail moj-recruitment-vetting-enquiries@resourcing.soprasteria.co.uk

Please quote the job reference 14422

HMPPS

If you require any assistance please call 0345 241 5358 (Monday to Friday 8am - 6pm) or e mail moj-recruitment-vetting-enquiries@resourcing.soprasteria.co.uk

Please quote the job reference

Allowance

This role aligns against the Cyber Security Risk Manager role at Lead level as defined by the Government Security Profession framework. 

We recruit using a combination of the Government Security Profession Capability and Success Profiles Frameworks linked to the role. We will assess your Experience, Technical Skills and the following Behaviours during the assessment process.

Application form stage assessments

Experience
We will assess your experience for this role via the following methods
CV or Work History, Statement of Suitability
Statement of Suitability
Guidance for the Statement of Suitability
When writing your Statement of Suitability, make sure you demonstrate how your relevant experience and skills align with the job description and the required behaviours, using specific, evidence-based examples.
Evidence of Experience
CV or Work History, Statement of Suitability

Interview stage assessments

Interview Dates
Expected: We aim to interview week commencing 2nd March 2026.
Behaviours
Leadership
Managing a Quality Service
Delivering at Pace
Making Effective Decisions
Changing and Improving

Other Assessments

Which assessment methods will be used?
Presentation
Level of security checks required
DBS Basic
Security Clearance (SC)

Use of Artificial Intelligence (Al)

Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action.  Please see our candidate guidance for more information on appropriate and inappropriate use.