Job Description

Details

-----------

Reference number

428793

Salary

85,000 - 85,000
Circa 85000
GBP

Job grade

Other

Contract type

Permanent

Business area

MAPS - Technology & Change

Type of role

Information Technology

Working pattern

Flexible working, Full-time

Number of jobs available

1

Contents

------------

Location About the job Benefits Things you need to know Apply and further information

Location

------------


Bedford

About the job

-----------------

Job summary

Are you a strategic cybersecurity leader ready to make a meaningful impact on the future of digital financial services? Do you have deep experience in safeguarding complex architectures and managing cyber risks across cloud and hybrid environments? If so, we have a pivotal opportunity for you. The Money and Pensions Service (MaPS), supporting the delivery of the Pensions Dashboard Programme (PDP), is looking for a Cyber Security Lead to join our team. This is a critical leadership role, overseeing the full security lifecycle -- from architecture and policy development to operational resilience and incident response -- across complex hybrid environments with a strong emphasis on cloud security (AWS and Azure). Your leadership will be central to ensuring that digital financial infrastructure remains secure, compliant, and future-resilient, working at the intersection of innovation, regulation, and public trust. The role also involves oversight of third-party security providers and suppliers, ensuring that outsourced services meet contractual, technical, and regulatory expectations while delivering value for public money. Join us and play a key role in securing the UK's next-generation financial ecosystem

Job description

The Cyber Security Lead will report directly to the Head of Information Security and will play a pivotal role in safeguarding the integrity and resilience of the Pensions Dashboard Programme (PDP) within the Money and Pensions Service (MaPS).

Responsibilities

Working in close partnership with third-party security and service providers to ensure systems and networks are proactively monitored, security events are accurately detected and triaged, and incidents are responded to base on their severity and business impact. Leading the design, assurance, and continuous improvement of security systems and tooling, ensuring alignment with national cyber standards and best practices (e.g. NCSC, ISO 27001, NIST). Collaborating with architects, risk owners, and delivery teams to embed secure design principles and ensure the security operations centre (SOC) is equipped to handle emerging threats effectively. Lead security assurance activities including penetration tests, technical risk assessments, assurance reviews, and third-party security evaluations to ensure alignment with internal and external standards. Chairing PDP security governance and technical authority forums to ensure pension providers and schemes connect to the ecosystem in a secure and compliant manner. Representing security within change boards and design authorities and ensuring that security non-functional requirements (NFRs) are clearly defined, prioritised, and tracked within product and service delivery. Maintaining compliance with national cybersecurity standards, regulatory expectations, and internal frameworks by authoring, updating, and enforcing the PDP Code of Connection (CoCo) security requirements, ensuring all participants meet defined security criteria before connecting to the ecosystem.

Person specification

Experience

Knowledge of supporting the design or implementation of secure systems, you can support the design and review of system architectures through the application of patterns and principles. Experience of defining secure architecture principles and applying them to the design and review of on-premises and cloud-based systems, particularly within AWS and Azure environments. Knowledge of embedding security requirements throughout the solution lifecycle, from initial design through development, testing, and into operational deployment. Demonstrate a strong understanding of leading operational security functions, including SOC operations, threat intelligence, and vulnerability management. Experience of managing the incident response lifecycle, including triage, containment, investigation, remediation, and conducting post-incident reviews. Ability to establish and improve incident response playbooks and escalation processes to ensure readiness for cyber threats and regulatory reporting. Experience of providing strategic cyber risk oversight, working with risk owners to advise on exposure and inform proportionate, evidence-based decisions. Demonstrate capability in planning, scoping, and reviewing security assurance activities, including penetration tests, IT health checks, and vulnerability assessments. Ability to interpret technical findings and ensure remediation actions are appropriately prioritised and managed through to resolution. Experience of maintaining a technical risk register and developing appropriate compensating controls where residual risks exceed tolerance thresholds. Experience of supporting and informing risk-based decisions working with risk owners to advise and give feedback. Knowledge of chairing security authority and governance forums and contributing to broader cross-government cybersecurity initiatives. Experience of influencing security decisions within digital transformation and change programmes, ensuring services are secure by design. Understanding of how to embed security into agile and DevSecOps processes by feeding non-functional requirements (NFRs) into delivery backlogs. Ability to work collaboratively with architecture, product, engineering, and delivery teams to shape secure digital services. Experience of managing third-party and outsourced security providers to ensure alignment with contractual, regulatory, and technical expectations. Demonstrate ability to conduct supplier assurance, including onboarding assessments, ongoing security reviews, audits, and compliance monitoring. Experience of providing both internal and external security consultancy on a wide range of issues, offering expert advice across strategy, operations, risk, and compliance. Ability to respond to challenges and manage stakeholder expectations. Experience of research and innovation with the ability to advise on developments to security properties in technology and design.

Qualifications

Bachelor's degree in computer science, cybersecurity, or a related field. Minimum of 8 years of experience in technical and security consulting roles. Strong knowledge of cloud security technologies (AWS, AZURE). understanding of identity and access management (IAM) concepts and technologies, EntraID, forgerock etc Any experience of government systems and audits such as OneLogin or GovAssure are highly desirable. Experience with security frameworks and standards, such as NIST, ISO 27001, CyberEssentials Plus and CIS. Strong understanding of networking protocols, operating systems, and security technologies, such as firewalls, intrusion detection/prevention systems, and SIEM. Excellent analytical, problem-solving, and communication skills. Ability to work independently and as part of a team. Strong work ethic and commitment to security best practices.

Preferred Qualifications

Bachelor's degree in cybersecurity or a related field. Professional certifications such as CISSP, CISM, CCSP, or platform-specific credentials including: AWS Certified Security - Specialty, Microsoft Certified: Azure Security Engineer Associate, Microsoft 365 Certified: Security Administrator Associate Experience with cloud security best practices. Experience with security audits and compliance. Experience with Scoping and reviewing penetration tests / IT health Checks

Please note there will be frequent travel to London

Benefits

------------

About Us

The Money and Pensions Service (MaPS) is based in Bedford, in a recently renovated modern office. This is a wonderful opportunity for you to become an integral part of a dynamic organisation, working to help people across the UK.


At the heart of the Money and Pensions Service are our values - caring, connecting, and transforming, which are the foundation of our success. They permeate every area of our work and define all our business relationships and the way we work with each other. We're not only looking for the best people to come and work for us, but we need people who align themselves with our values:

Caring

We care about our colleagues and the people whose lives we are here to transform.

Connecting

We will transform lives through our ability to make positive connections.

Transforming

We are committed to transforming lives and making a positive societal impact.

Our Inclusive Working Environment

By fostering our values, we are immensely proud of the inclusive working environment that we have created. The diversity of our people is a strength that we embrace and wish to build upon, so we are committed to attracting people of all backgrounds. We work hard to ensure that we have a progressive approach to inclusion, equity, and belonging. We really do want our colleagues to "bring their whole selves to work."


Our colleague and ally networks encompass LGBTQ+, neurodiversity, women's health, men's health, ethnicity, and diversity.

What We Offer

Generous Annual Leave - 30 days plus Bank Holidays Pension scheme - contributions matched 2 to 1 (up to 10% of your salary) Interest-free loan for season tickets for buses and trains Cycle to work Scheme Subsidised eye tests & flu jabs Life assurance scheme Give as you earn scheme Employee assistance programme (EAP) PAM Assist and PAM Life scheme (Wellbeing) Enhanced family and sick pay Paid volunteering (2 days a year) Recognition Scheme Discounts portal to numerous retailers

Flexible Working

At MaPS, we take pride in our flexible approach to work. As standard, we work on a hybrid basis with a minimum of 2 days in the office per week. Hybrid working is a voluntary, non-contractual arrangement and our headquarters in Bedford will be your contractual place of work. The number of days that anyone will be able to work at home will be determined primarily by business needs, but personal and other relevant circumstances will also be considered. If you are successful, any opportunities for hybrid working, including whether a hybrid working arrangement is suitable for you, will be discussed with you prior to you taking up your post.

Things you need to know

---------------------------

Selection process details

Recruitment Process:

Initial Review: Our recruiter will review your CV. If it looks like a good fit, they'll reach out to arrange a call. Hiring Manager Review: If the recruiter thinks you're suitable, your CV will be passed to the hiring manager, who will decide whether to invite you for an interview. Interview: If selected, you'll participate in a virtual interview. This single-stage process allows you to demonstrate your skills and experience through competency-based questions.

Career Development

In MaPS, we take career development seriously. We actively encourage and support applications from our existing MaPS colleagues. However, we do follow the Civil Service Commissioner recruitment principles, which means that you will be required to participate in a full, open, and fair process.

Reserve List

If you are successful at interview, we operate a reserve list where your details will be held for up to 6 months. Should a vacancy come available in that time with the same essential criteria, reserve list candidates will be offered that position with no further assessment required.

Application Process

The law requires that selection for appointment to the Civil Service is on merit on the basis of fair and open competition as outlined in the Civil Service Commission's Recruitment Principles. If you feel your application has not been treated in accordance with the Recruitment Principles, and you wish to make a complaint, in the first instance, you should contact the Money and Pensions Service via email: recruitment@maps.org.uk. If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission: Visit the Civil Service Commission website.



Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.
People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:


UK nationals nationals of the Republic of Ireland nationals of Commonwealth countries who have the right to work in the UK nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS) individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020 Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements

Working for the Civil Service

Please note this Post is NOT regulated by the Civil Service Commission.
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service Diversity and Inclusion Strategy .

Apply and further information

---------------------------------


Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

#

Job contact :

Name : Marty Sikora Email : marty.sikora@reed.com
#

Recruitment team

* Email : moneyand.pensions@reed.com