Save Job Back to Search Job Description Summary Similar JobsTo contribute to MHRA's cyber security missionTo work in an ambitious, modern digital environment with meaningful impact.About Our ClientWe are currently implementing a flexible, hybrid way of working, with a minimum of 8 days per month working on site to enable the collaboration and contact with partners and stakeholders needed to deliver MHRA business. Attendance on site is driven by business needs so depending on the nature of the role, this can flex up to 12 days a month, with the remainder of time worked either remotely or in the office. Some roles will need to be on site more regularly. Please discuss this with the recruiting manager before accepting an appointment. The Medicines and Healthcare products Regulatory Agency enhance and improve the health of millions of people every day through the effective regulation of medicines and medical devices, underpinned by science and research. The Digital and Technology Group (DTG) lies at the heart of the Agency and is responsible for delivering an optimised IT infrastructure and maximising the secure use of data to enable our scientists, inspectors, and the rest of the organisation to deliver world class services which can improve outcomes for patients and the general public. The Group was essential in the race to approve COVID-19 vaccines in 2020 and in supporting the UK to set up its own medicines and devices approvals systems following our exit from the EU. The work we do matters! Its centre of excellence is also responsible for delivering a broad portfolio of change initiatives, both to transform the Agency's legacy technologies and to deliver innovative new solutions, designed around our customers' needs. DTG works in a holistic way to combine digital and technology change, data and information management, project delivery, business process, product management and cultural change to maximise out impact and ensure sustainability. We plan to be at the heart of one of the most digitally advanced medical regulators in the world and we need people who can help us deliver that ambition. DTG is a great place to build your career and we are committed to enabling our people to do the best work of their lives. The Technology & Service Operations function is responsible for managing the existing IT infrastructure including both software and hardware, databases, and other technology platforms; leading the support and maintenance of applications; development and testing of new applications and platforms; and cyber and information security for the Agency. Job DescriptionThis is an exciting role where you will drive the agency's information security agenda. As a skilled and experienced Cyber Security Manager, you will play a central role in delivering the Agency's strategic objectives by embedding robust governance, risk, and compliance practices. You will lead and develop a high-performing team, building capability and maturity to ensure that information security remains integral to our digital, data, and information transformation. Key responsibilities:Provide management, leadership, development and strategic direction for the Cyber Security function and driving a culture of continuous improvement.Horizon scanning for emerging security risks and control technologies, procuring and managing services and tooling and manage responses to security incidents, providing a pro-active and effective response.Responsible for Cyber Security within the Agency including risk assessment and assurance, working closely with Data Protection and Information Security colleagues.Lead and manage the security testing and operational service delivery from third party partners, ensuring good value for money for the agency.Maintain and embed appropriate cultural values of the agency's cyber & information security strategy, ensure continuous professional development through training, communication and educational activities.Manage and maintain our framework of policies and procedures to support effective cyber security in the Agency. The Successful ApplicantPerson Specification:Method of assessment: A=Application, T=Test, I=Interview, P=Presentation Behaviour Criteria:Making Effective Decisions (I)Communicating and Influencing (I)Leadership (I)Delivering at Pace (I)Experience Criteria:Communication between Technical and Non-technical - Skilled in articulating complex cybersecurity concepts in a clear and accessible manner for diverse stakeholders across the organisation. Adept at tailoring communication to suit both technical teams and non-technical audiences, ensuring that cyber risk messages are understood, actionable, and aligned with business priorities. Experienced in engaging stakeholders at all levels, from operational teams to senior leadership, to drive informed decision-making and foster a culture of security awareness (A, I)Making the Process Work - Demonstrates a track record of designing, implementing, and improving security governance and risk processes that are both effective and pragmatic. Ensures that security controls and procedures support business operations without introducing unnecessary complexity or friction (A)Information Risk Management - Applies deep expertise in identifying and evaluating threats, vulnerabilities, and potential impacts to information assets. Advises senior stakeholders on risk treatment and acceptance strategies, ensuring alignment with the organisation's risk appetite and regulatory obligations. Embeds control design and effectiveness into risk evaluations to influence both inherent and residual risk levels. Maintains a structured management cadence through regular risk reviews, control testing cycles, and governance reporting to ensure continuous oversight and timely decision-making (A, P)Collaborative Working - Works effectively across organisational boundaries, engaging with technical and non-technical stakeholders to understand needs, build consensus, and deliver shared security goals. Demonstrates emotional intelligence and adaptability in managing diverse perspectives (I)Strategic Advice - Provides strategic insight and challenge to senior leaders, using data, risk intelligence, and policy knowledge to influence decisions. Aligns security initiatives with broader organisational objectives and demonstrates the ability to communicate the value of security in business terms (I)Technical Criteria:Certification and Professional Alignment - Holds a recognised professional security certification (e.g. CISM, CISSP, CRISC) and at least four years' experience in an information security or GRC role (A)Demonstrates a strong understanding of security frameworks and standards, governance, risk management, and compliance practices, and a commitment to continuous professional development (A)Technical Infrastructure - Ability to critically assess and challenge technical or infrastructure work from a risk perspective, with a solid understanding of key domains such as Cloud, Network and Applications, focusing on those most relevant to enterprise risk management (A)Strengths CriteriaEnabler (I)If you would like to find out more about this fantastic opportunity, please click here for further details. The selection process: We use the Civil Service Success Profiles to assess our candidates, find out more here.Online application form, including questions based on the Behaviour, Experience and Technical Success Profiles. Please ensure all application questions are completed in full; your application may not be considered if any responses are left blank.Presentation, to be prepared as part of your interview, with further information being supplied when you reach this stage.Interview, which can include questions based on the Behaviour, Experience, Technical and Strengths Success Profiles.Our successful candidate will benefit from:Salary of £57,028 -£64,672Access to Alpha pension scheme, which all new starters are enrolled into automatically, is 28.97%What's on OfferA Digital Allowance of up to £21,948 per annum may be available for exceptional candidates based on our assessment of your skills and experience. This allowance is non-pensionable and may change on an annual basis:Developing - £5,888Proficient - £13,918Accomplished - £21,948Use of AI in Job ApplicationsArtificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.Closing date: 10am on 8th AprilShortlisting date: from 16th AprilInterview date: 29th & 30th AprilCandidates will be subject to UK immigration requirements as well as Civil Service nationality rules.Successful candidates must pass a disclosure and barring security check as well as animal rights and pro-life activism checks. People working with government assets must complete basic personnel security standard checks.Certain roles within the MHRA will require post holders to have vaccinations, and in some circumstances, routine health surveillance. These roles include:Laboratory-based roles working directly with known pathogensMaintenance roles, particularly those required to work in laboratory settingsRoles that involve visiting other establishments where vaccination is requiredRoles required to travel overseas where specific vaccination may be required.Applicants who are successful at interview will be, as part of pre-employment screening subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant's details held on the IFD will be refused employment. A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.Any move to the MHRA from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility here.Individuals appointed on level transfer will retain their existing salary and are responsible for ensuring they fully understand the financial implications of any potential move and the impact (if any) on their terms. If an individual is in any doubt, they should seek clarification before accepting a job offer.Staff joining on promotion will receive up to a 10% increase of their current basic salary, or the pay band minimum, whichever is the greater.The individual will not retain any allowances paid by the former department/Agency, unless there are special circumstances, such as a reserved right to those allowances on transfer.Successful candidates may be subject to annual Occupational Health reviews dependent on role requirements. In accordance with the Civil Service Commissioners' Recruitment Principles our recruitment and selection processes are underpinned by the requirement of selection for appointment on the basis of merit by a fair and open competition. If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, in the first instance, you should contact the MHRA Recruitment Team. ContactBen SiQuote job refJN-112025-6894262Phone number+44 161 829 0413Job summaryJob functionTechnologySubsectorSecuritySectorPublic SectorLocationLeedsContract typePermanentConsultant nameBen SiConsultant phone+44 161 829 0413Job referenceJN-112025-6894262
