IT Security & Risk Manager

IT Security & Risk Manager Permanent Location: Home / Worcester (on site 2 days a week) Salary: £58,000 - £64,000 (+ excellent benefits) Skills: IT policies & procedures, CISSP, CCP, ISO 27001, Excellent Communication We are looking to recruit an IT Security & Risk Manager for a leading public sector organisation. This is a critical role, responsible for providing expert guidance and specialist advice on all digital services security and risk matters. You will lead the implementation of comprehensive policies, procedures, and risk management strategies to ensure compliance with national standards for police information systems. This is a hybrid role and you will be required to work 2 days a week on site in Worcester. Key Responsibilities: Act as the professional lead for all Digital Services security aspects, working closely with senior stakeholders, including the Information Security Manager, SIRO, and the Head of Digital Services. Design, develop, and implement effective security policies, ensuring compliance with government and international security standards such as ISO27001 etc Lead risk assessments of new technologies, services, and suppliers, providing balanced recommendations to key stakeholders. Oversee technical security audits, vulnerability assessments, and penetration testing to safeguard the integrity and confidentiality of digital services. Manage and lead investigations into cyber-security incidents and provide expert input on professional standards within digital services.Knowledge & Experience Required: Degree-level education in a related ICT discipline (Level 6 or equivalent). Industry-recognised security qualifications such as CISSP, CESG Certified Professional (CCP), or equivalent. Extensive experience in designing, implementing, and managing ICT security policies within a complex environment. Strong understanding of security standards (ISO27001, HMG Cloud Security Principles) and technical security trends. Demonstrable experience leading technical security audits and risk management in line with national standards.Key Skills: Strong interpersonal and communication skills with the ability to explain complex technical issues to both technical and non-technical audiences. Expertise in emerging cyber-security threats and best practices. Proven track record in managing sensitive information with the highest levels of integrity. Effective problem-solving and negotiation skills, ensuring secure and practical solutions