HM Courts and Tribunals Service

Directorate: Digital Technology Services (DTS)

Pay Band: Grade 6

Job Title: Head of Cyber Risk

Location: London / National

Successful applicants will be expected to be office based 3 days per week in any HMCTS Office (subject to business availability).

Term: Permanent

Interview: Video conference via Teams

Level of Clearance: To apply for this role, you will be required to successfully complete Security Clearance (SC) level as a condition of appointment.

Important salary details:

New recruits to the Civil Service joining MoJ are expected to join at the band minimum.

Existing Civil Servants applying on promotion, will usually be appointed on the salary minimum of the new pay band, or receive an increase of 10 percent on the current base salary, whichever is higher (This is restricted to the pay maximum of the new band).

Government Digital and Data (GDD) Profession Capability Framework and Success Profiles Frameworks. Using GDD we will then determine if you will be paid an additional allowance, on top of your basic salary.  This role is within the Technical job family and is a Security Architect Job roles at Principal Security Architect level and carries the title but carries the title Head of Cyber Risk DTS. 

Introduction:

These are exciting times at HM Court and Tribunals Service (HMCTS). As an agency of the MoJ, we support the judiciary across England and Wales to deliver justice by running courts and tribunals and processing outcomes, and we are looking for talented people to help us achieve our ambitions. It will be challenging, important and rewarding.

HMCTS Digital and Technology Services (DTS) is a specialist technology directorate which provides support to HMCTS in the use of IT and Digital.

DTS is committed to being a great place to work and part of our offer is brilliant training opportunities and support from expert colleagues. As well as that you’ll find flexible working, an inclusive culture and a place where your opinion is valued.

Please follow the link below for further information about HMCTS. www.gov.uk/government/organisations/hm-courts-and-tribunals-service

Job Description:

As Head of Cyber Risk, you will lead HMCTS’s cyber risk strategy, ensuring that digital and technology programmes are delivered with robust risk management embedded throughout. You will oversee the identification, analysis, escalation, and mitigation of cyber risks, aligning all activities with HMCTS’s strategic objectives and the Senior Information Risk Owner’s (SIRO) risk appetite.

This role is central to building a mature cyber risk culture across HMCTS, integrating risk awareness into delivery frameworks, and enabling informed decision-making at all levels. You will lead a blended team of civil servants and managed service providers, and act as a senior advisor on cyber risk to technical, delivery, and governance teams.

Key Responsibilities:

• Lead the development and implementation of HMCTS’s cyber risk strategy and framework.

• Oversee cyber risk governance, including reporting to the Risk Advisory Committee and other senior bodies.

• Embed cyber risk management into digital delivery processes, ensuring alignment with SIRO risk appetite and tolerances.

• Develop and maintain Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to monitor organisational risk posture.

• Conduct risk assessments and controls gap analyses to identify vulnerabilities and recommend improvements.

• Provide expert guidance to delivery teams on risk mitigation strategies and proportionate controls.

• Influence organisational decision-making by articulating complex cyber risks in accessible terms.

• Collaborate with cross-functional teams to embed risk awareness into planning, prioritisation, and retrospectives.

• Lead and develop the Cyber Risk team, fostering a high-performance culture and capability across a blended team of Civil Servants and Managed Service Providers.

• Research and apply innovative risk management approaches to emerging threats and technologies.

Essential Criteria:

• Strong understanding of cyber risk frameworks, governance models, and assurance practices.

• Proven leadership in managing cyber risk or information assurance teams.

• Ability to communicate complex risk concepts to technical and non-technical audiences.

• Experience in risk analysis, reporting, and escalation within large organisations.

• Skilled in prioritising and managing multiple complex and urgent tasks.

• Familiarity with system architectures and the impact of vulnerabilities on business operations.

• Ability to influence senior stakeholders and drive cultural change around cyber risk.

• Hold either a full Membership of Charted Institute of Information Security or Principal membership of the UK Syber Security Council.

Desirable Criteria:

• Experience embedding risk management into agile and digital delivery environments.

• Knowledge of Secure by Design principles and their relationship to risk mitigation.

• Understanding of the legal, policy, and business implications of cyber risk decisions.

Application process:

This role will be recruited using a combination of Government Digital and Data (GDD) Profession Capability Framework and Success Profiles Frameworks during the sift and interview process.

• Experience - As demonstrated in your application form.

• Technical - As demonstrated at interview. During the interview, you will be assessed against the Government Digital and Data (GDD) Capability Framework.

• Strengths - The interview will involve a discussion around 2 strengths.

• Presentation - You will be required to prepare a short presentation based on your Experience. Details will be provided when invited to/or on the day of the interview.

• Behaviours - You will be required to provide evidence of the following key behaviours at Grade 6 level at interview. Your answers should also align with the GDD framework:

• Seeing the bigger picture

• Leadership

• Making Effective Decisions

• Communicating and Influencing

• Changing and Improving

• Level of Clearance - To apply for this role, you will be required to successfully complete Security Clearance (SC) level as a condition of appointment. To meet these requirements, you will normally need to have been resident in the UK for at least:

• SC - 5 years

Reserve List:

HMCTS run a Reserve List, where candidates who are unsuccessful at interview by only a few points, can be offered other roles, at the same band, for up to 12 months. You will be able to view your status via the application screen. If you have been added to the Reserve List, your status will show either Merit or Reserve list.