Cyber Security Risk Officer

Role & Responsibilities

We’re looking for an experienced Cyber Security Risk Officer to lead and evolve our cyber risk management capability. You’ll oversee the identification, assessment, and management of cyber and Digital Technology risks, ensuring regulatory alignment and strong governance. Working closely with technical and business teams, you’ll translate cyber risk into clear business insight and embed risk-informed decision-making across the organisation.

Key Responsibilities

• Own and lead the Cyber & Digital Technology Risk Management Framework, aligned to industry standards and MOD requirements

• Identify, assess, and prioritise cyber and digital technology risks across IT, operational, and business environments

• Translate technical security issues into clear, actionable business risk

• Drive risk treatment, ownership, and tracking of mitigation actions

• Maintain the central cyber risk register and produce concise risk reporting for senior stakeholders

• Embed cyber risk management into projects, technology change, and third‑party engagements

• Act as the cyber risk SME, influencing decision‑making and promoting a strong risk‑aware culture

Essential Skills & Experience

• Experience in cyber security, information security, IT risk, or a closely related discipline

• Proven experience delivering cyber and technology risk management in complex, regulated, or high‑assurance environments

• Ability to manage and prioritise multiple cyber and technology risks across different technical and organisational domains

• Strong stakeholder engagement skills, with the ability to influence and challenge without formal line authority

• Confident communicator, able to clearly articulate cyber risk to technical teams, operational stakeholders, and senior leadership

• Solid technical understanding of cyber security and IT, enabling credible engagement with engineering, operations, and architecture teams

• Ability to translate technical vulnerabilities, incidents, and weaknesses into clear, structured risk statements

• Working knowledge of recognised cyber and risk frameworks (e.g. NIST, ISO 27001/27005) and their practical application

• Ability to balance security risk, delivery priorities, and operational outcomes

• Security Check (SC) clearance, or eligibility and willingness to obtain SC clearance

Desirable Skills & Experience

• Experience working within defence, government, critical national infrastructure, or similarly regulated sectors

• Familiarity with MOD cyber requirements and standards

• Experience facilitating risk discussions or workshops with both technical and non‑technical audiences

• Experience embedding cyber risk management into projects, change initiatives, and delivery lifecycles

• Understanding of supplier, third‑party, and supply chain cyber risk

• Experience supporting audit, assurance, or external regulatory scrutiny