UK Research and Innovation
Information Security Governance, Risk and Assurance Lead

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Salary: £46,743 Band: UKRI Band E Contract Type: Open Ended – Permanent Hours: Full-time (Compressed hours & flexible working patterns available) Location: Keyworth, Nottingham or Polaris House, Swindon - Hybrid working available
Closing Date: Sunday 19th July 2026
Step into the world where cutting-edge science meets robust information security. Protect the technology that powers groundbreaking discoveries and be part of the team that safeguards the future of Big Science. Here, you’ll collaborate with leading engineers, researchers, and technologists to tackle the most pressing security challenges in a fast-paced, innovative environment. Every day offers you the chance to defend vital data and systems, ensuring that the pursuit of scientific excellence continues securely and seamlessly.
Discover the difference you can make when you bring your expertise in information security to an organisation at the forefront of global research - working alongside some of the brightest minds and most advanced facilities in the world.
Security
As a minimum, due to the nature of this role, candidates must be eligible for clearance in line with UK National vetting guidelines and willing to undertake the process. Please indicate eligibility in the written submission. Candidates not meeting this level of clearance will not be considered. The level of clearance required is security check.
About the role
The UKRI CIO Group plays a pivotal role in managing and optimising the organisations critical enterprise technical services that underpin and enable UKRI’s business capabilities. Within the group a team of Information Security Professionals support the delivery of modern, secure, resilient and scalable services across a larger federated team of Digital, Data and Technology professionals to deliver impact across the organisation and the wider UK research and innovation system.
Join us for this rare opportunity to apply your expertise in information security in a dynamic, fast-paced security operational, risk, compliance and assurance role in an organisation at the heart of research and innovation in the UK. Working as part of a team of technical specialists, your broad remit is to drive the implementation of our ambitious information security roadmap and support the Information Security Governance and Risk Manager and Head of Information Security to mature our information security function. This Band E role focuses on strengthening governance, risk management and assurance across UKRI’s security operations, ensuring that information assets remain protected, risks are understood and mitigated, and security processes operate effectively across a complex federated environment.
Your responsibilities:
- Operate and enhance UKRI’s security governance, risk and assurance framework, ensuring controls remain appropriate, effective and aligned to organisational risk.
- Perform security risk assessments for systems, services, projects and suppliers, producing clear risk treatment recommendations.
- Lead the coordination and delivery of assurance activities across operational security domains (e.g., SOC processes, vulnerability management, incident response, identity and access management).
- Monitor operational security performance, control effectiveness and compliance against internal policies and external frameworks including NIST CSF, ISO 27001 and the Government Cyber Assessment Framework.
- Manage and improve processes for evidence gathering, audit preparation, remediation planning and control validation.
- Conduct gap analyses following audits, incidents or assessments, ensuring remediation actions are tracked and delivered.
- Work closely with technology teams and service owners to integrate good governance and risk practices into operational workflows (“secure by design”).
- Provide specialist advice to operational teams on risk, compliance obligations, and best-practice implementation.
- Produce enterprise-level assurance reporting, including metrics, dashboards and trend analysis to support senior decision-making.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Personal Specification
The below criteria will be scored during Shortlisting (S), Interview (I) or both (S&I).
Essential
- Experience in information security governance, risk management or security operations in a complex organisation. (S&I)
- Proven ability to conduct security risk assessments and operational assurance reviews. (S&I)
- Good knowledge of cyber security and information assurance frameworks (NIST CSF, ISO 27001, CAF). (S&I)
- Experience supporting audits, compliance assessments or continuous monitoring activities. (S&I)
- Ability to interpret complex technical and procedural information to provide clear recommendations. (I)
- Strong analytical skills and experience producing meaningful risk and assurance reporting. (S&I)
Application Guidance:
How to evidence the criteria: You are encouraged to use the STAR method (Situation, Task, Action, Result) in the cover letter to evidence your ability to meet the ‘person specification’ criteria in the job description. Cover letters should be no more than two sides of A4 (minimum font size 11). For examples of the STAR method, please visit: The STAR method | National Careers Service.
Behaviours
We'll assess you against these behaviours during the selection process:
- Managing a quality service
- Changing and improving
- Delivering at pace
- Seeing the Big Picture


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Selection Process Details
We know different organisations use different processes, so we wanted you to know what to expect from us.
Stage 0 - Pre-application
If you would like to find out more about the role we encourage prospective applicants to get in touch with us to discuss the opportunity.
Stage 1 - Written Submission
Candidates will need to submit a written application which consists of 2 parts:
- A CV – this should contain your work experience and any skills, qualifications and accomplishments relevant to the jobs you have completed based on the shortlisting criteria.
- A personal statement (max. 1000 words) - this statement should be used to provide examples of how you meet the essential criteria listed in the shortlisting criteria.
Applications will be reviewed for suitability and shortlisted.
Stage 2 - Interview
Applicants who are successful at stage 1 will be invited to interview. The interview will generally be 1 hour in length. The interview will consist of competency-based questions. A presentation will be required.
Stage 3 - Outcome
The panel outcome is decided and the successful candidate will be offered verbally first, followed by a formal offer letter.
Benefits
We recognise and value our employees as individuals and aim to provide a favourable pay and rewards package. We are committed to supporting employees' development and promote a culture of continuous learning!
A list of benefits below:
- An outstanding defined benefit pension scheme
- 30 days' annual leave in addition to 10.5 public and privilege days (full time equivalent)
- Employee discounts and offers on retail and leisure activities
- Employee assistance programme, providing confidential help and advice
- Flexible working options
Plus many more benefits and wellbeing initiatives that enable our employees to have a great work life balance!
For further information on our benefits please see: Benefits of working at UK Research and Innovation (UKRI)
Please apply online, if you experience any issue applying, please contact Recruitment@ukri.org
Please note, if you will require sponsorship to work in the UK, as part of your sponsorship application, you and any dependants travelling with you, will be required to pay costs directly to The Home Office for the application before you start your role with us. UKRI is normally able to reimburse some, or all of these fees after you have become an employee and this can be discussed with the Hiring Manager. For more information, please visit https://www.gov.uk/skilled-worker-visa/how-much-it-costs or contact Recruitment@ukri.org.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location