Cyber Risk Lead

Please note this opportunity is currently only available to those working within the Civil Service. Applications from non-Civil Servants may not be reviewed and may be rejected.

We have an exciting opportunity for a Cyber Security Risk Lead in our Digital and Technology Group (DTG).

This is a full- time opportunity, on a permanent basis. The role will be based in Canary Wharf London, or South Mimms, Hertfordshire. Please be aware that these roles can only be worked in the UK and not overseas. We are currently operating a hybrid way of working, with a minimum of 40% of contracted hours working on site to enable the collaboration and contact with partners and stakeholders needed to deliver MHRA business. This may rise to 60% during the year.  Attendance on site is driven by business needs so depending on the nature of the role, some roles will need to be on site more regularly.

*This role will also be required to participate in the Agency’s out of hours on-call rota on a periodic basis. An on-call payment will be added to the salary depending on the frequency of participation in the rota.

Who are we? 

If you have had a COVID19 vaccine or have ever taken a medicine, or used a medical device, then you have already come into contact with the MHRA. Our vision, One Agency - Delivering for Patients, underpins all that we do as we set out on an ambitious roadmap for change to become a truly world-leading, enabling regulator that protects public health through excellence in regulation and science. 

The Digital and Technology Group (DTG) lies at the heart of the Agency and is responsible for making sure that our scientists, inspectors, and all of our staff have the tools and data they need to deliver the very best services they can to improve outcomes for patients and the general public. The Group was essential in the race to approve COVID vaccines in 2020 and in supporting the UK to set up its own medicines and devices approvals systems after BREXIT. The work we do matters!

The Delivery Group function is responsible for providing a Delivery Centre of Excellence to drive a digital and technology-based change to deliver minimum viable products (MVP) and continuous improvements and managing all stages of the product development and implementation lifecycle, including, but not limited to, business case creation, benefits realisation planning, and management of risks.

What’s the role? 

The role sits within the Cyber Security Team within The Technology & Service Operations function within The Digital and Technology Group. It will be responsible for several key cyber security initiatives which will help to maintain and build the cyber security of the agency.

You will work with several stakeholders across the agency to ensure cyber security operations are maintained and built upon. You will also work with these stakeholders to ensure that cyber security is embedded within systems, processes, people, and technology that they use daily.

Who are we looking for?

The successful candidate will have:

• CISMP certification or has completed a cyber security apprenticeship.
• Experience of working within a risk management framework, making threat assessments and advising stakeholders on risk acceptance.
• Experience of communicating complex technical information relating to cybersecurity to a non-technical audience. 
• Ability to deliver at pace, ensuring timely quality deliverables and working flexibly with colleagues across the group

 

If you would like to find out more about this fantastic opportunity, please read our Job Description and Person Specification! 

Closing Date: 13 April 2025

Shortlisting Dates: 14 – 15 April 2025

Interview Date: 24 – 25 April 2025

Please note: The job description may not open in some internet browsers. Please use Chrome or Microsoft Edge. If you have any issue viewing the job description, please contact careers@mhra.gov.uk 

 

The selection process: 

 

Application – please answer all the application questions, providing evidence of experience relevant to the specific Behaviour, Experience and Technical criteria marked ‘A’ in the Person Specification. Failure to answer the ‘Job Specific Questions’ on the application will result in our shortlist panel having insufficient evidence to assess your application.

Our applications are CV blind, and our Hiring Managers will not be able to access your CV when reviewing your application. 

Interview – aligned to the Behaviour, Experience and Strengths criteria marked ‘I’ in the job description

Applicants are assessed on whether they meet any mandatory requirements as well as the necessary skills and experience for the role. 

In the instance that we receive a high number of applications, we will hold an initial sift based on the lead criteria of ‘Experience of working within a risk management framework, making threat assessments and advising stakeholders on risk acceptance.’

 

If you require any disability related adjustments at any point during the process, please contact careers@mhra.gov.uk as soon as possible.   

If you need assistance applying for this role or have any other questions, please contact careers@mhra.gov.uk 

Candidates will be subject to UK immigration requirements as well as Civil Service nationality rules. Further information on whether you are able to apply is available here. 

Successful candidates must pass a disclosure and barring security check as well as animal rights and pro-life activism checks. People working with government assets must complete basic personnel security standard checks.

Applicants who are successful at interview will be, as part of pre-employment screening subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment. A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government. 

Any move to the MHRA from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility here.

Successful candidates may be subject to annual Occupational Health reviews dependent on role requirements. If you have any queries, please contact careers@mhra.gov.uk.

In accordance with the Civil Service Commissioners’ Recruitment Principles our recruitment and selection processes are underpinned by the requirement of selection for appointment on the basis of merit by a fair and open competition. If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, you should firstly contact Florentina Oyelami, Florentina.Oyelami@mhra.gov.uk. 

 

If you are not satisfied with the response you receive, you can contact the Civil Service Commission at: civilservicecommission.independent.gov.uk 

 

info@csc.gov.uk 

Civil Service Commission 

Room G/8 

1 Horse Guards Road 

London 

SW1A 2HQ 

 

About Us

The Medicines and Healthcare products Regulatory Agency enhance and improve the health of millions of people every day through the effective regulation of medicines and medical devices, underpinned by science and research.

The agency is made up of c.1300 staff working across two main centres and peripatetically across the UK and abroad.

The agency consists of Corporate, Digital & Technology, Enablement, Healthcare Quality & Access, Partnerships, Safety & Surveillance and Scientific Research & Innovation.