Principal Cyber Security Assurance & Privacy Specialist

Discipline: IT

Sector: Central Government

Location: London / Bristol / Manchester

Type: Permanent

Date posted: 23/12/2021

Start: ASAP

Duration: Permanent

Salary: Up to £90,000 per annum*


The Government Digital Service (GDS) are seeking a permanent Principal Cyber Security Assurance & Privacy Specialist.

This is a unique opportunity to support digital transformation at the heart of government, collaborating with teams from other departments to help them build better public services.

GDS work in small, agile teams of developers, designers, content people and others. We build a minimum viable product, then iterate – always asking how we can make things better for users, who are at the centre of everything we do.

The Principal Cyber Security Assurance & Privacy Specialist role was created to actively lead, manage and carry out all Information Assurance (IA) and Privacy work for a range of GDS digital services. The work includes leading on information, privacy and cyber risk assessment and management work for digital services and tools that GDS procures.

The post holder will:

  • Join a team led by the Head of Information Services and comprising of Cyber Security Assurance Specialists and Information, Privacy and Cyber Risk Consultants
  • Scope and produce the formal risk assessments for a portfolio of digital services and projects
  • Work in a fast moving environment on some of the most high profile and complex digital services being created in the world today, services that are transforming the way that the UK government engages with its citizens
  • Work with highly motivated and talented technologists and help to develop new and improved ways of delivering information assurance services as an exemplar across government
  • Line manage and provide peer support to two Cyber Security Assurance & Privacy Specialists who are also members of the GDS IA team.

This role and the work of the GDS Information Assurance (IA) and Privacy team within which the role operates is critical to the GDS and Cabinet Office work programme and is fundamental to the overall Cabinet Office information risk management regime.

The GDS IA and Privacy team and this role provide capabilities to both GDS and Cabinet Office, which includes specialist guidance and expertise for risk management decision making and security, privacy and information risk guidance to the Cabinet Office Senior Information Risk Owner (SIRO), the GDS Management Team and Head of Business Operations, as well as other senior management staff across GDS.

This role provides critical leadership as a subject matter expert for Information Security, Information Risk Management and Privacy and Data Protection to GDS teams and Cyber Security support for those projects and services where the CDIO Cyber Security team does not have the capacity to cover.

For this role it is essential that you have:

  • Have an extensive range of cyber and information security expertise
  • Have an excellent grasp of the technologies used to deliver cloud-based services, digital web-based services and in particular, the security controls needed to protect these services and the data that they process and store
  • Have a thorough understanding of the Data Protection Act and GDPR and be experienced in ensuring DPA compliance for digital services
  • Have a thorough understanding and demonstrable and extensive track record in providing information security assurance of web-based services and cloud services
  • Be familiar with UK and international, legal and regulatory requirements that could affect organisation security and assurance policies and influence their development as needed
  • Having substantial experience of delivering reports to public and/or private sector customers and stakeholders on services and information risk

The ideal candidate will have knowledge of the following and experience of applying this knowledge for multiple different digital services, ideally in a large organisation:

  • The GCloud Security Principles or equivalent
  • Industry best practices for privacy, security and information risk management
  • Information security/application vulnerabilities, their effective treatment/mitigation and the level of risk they introduce to a digital service
  • Security architecture and system design for cloud-based digital services
  • The techniques for securing data in transit or at rest, physical security, security in systems configurations and technical control selection
  • Carrying out risk assessments and the subsequent selection of appropriate counter-measures

View the full job description here.

Successful candidates will be required to meet security vetting requirements before they can be appointed, which will involve a BPSS check whilst the Security Check (SC) is undertaken. Please note, if your SC doesn’t pass, you will unfortunately not be able to continue your employment.

GDS is based in Bristol, London and Manchester, and you will be working with colleagues across all three sites. GDS supports flexible working, including a balance between office and home-based working. Normally this will mean 2 days a week in the office, or more if that works better for you and the role.

The recruitment process will be short and quick – if shortlisted you will be invited to face to face interview (virtual), then offered if you are deemed appointable.

In the Civil Service we use our Success Profile Framework  to outline expected behaviours and we will use these as part of our wider assessment during the interview process.

We’ll assess you against these behaviours during the selection process:

  • Managing a Quality Service
  • Delivering at Pace
  • Working Together
  • Seeing the Bigger Picture

To apply, simply send your CV to

Please note, you will also be asked to complete a short diversity form.

Applications will be reviewed by the hiring panel on a weekly basis, with interviews taking place shortly afterwards – it’s therefore strongly advised that you apply as soon as possible.

GDS are an equal opportunity employer and value diversity in our organisation. You can find out more about our commitment to diversity and inclusion and read our equal opportunities statement on our Diversity and Inclusion page (

* Salary will be made up as follows: £64,500 – 70,877 (London) £60,500 – £65,308 (National) – offers made above the band maximum will be made up with a non-pensionable recruitment and retention allowance.

Register Interest

33 King Street, St. James’s,
London, SW1Y 6RJ

    Upload CV