Cyber Security Specialist; Governance, Risk & Compliance

Go back NICE – The National Institute for Health and Care Excellence

The closing date is 05 July 2026

Do you want to do meaningful work that makes a genuine difference to society? Our main purpose here at The National Institute for Health and Care Excellence (NICE) is to improve health and wellbeing by putting science and evidence at the heart of health and care decision-making. As an organisation we all collaborate to achieve this goal by empowering our workforce to do great things!

Please note that this role may not be eligible for sponsorship under the Skilled Worker route. Please refer to the Direct Gov website for more information on eligibility.

We reserve the right to close adverts early should we receive sufficient applications, so please don't delay your submission.

The Cyber Security Specialist (Governance, Risk & Compliance) plays a key role in protecting NICE's digital services, information, and systems by strengthening cyber security governance, managing risk, and ensuring compliance with recognised security standards. Working as part of the Infrastructure, Cyber & IT Operations team, you will help embed good security practices across the organisation, support assurance activities, and enable NICE to operate securely while delivering nationally important health and care services.

• Support the development, maintenance, and continuous improvement of cyber security governance frameworks, policies, and standards.
• Identify, assess, and manage information and cyber security risks, including maintaining risk registers and supporting mitigation activities.
• Contribute to compliance and assurance activities aligned to recognised frameworks and standards (such as ISO 27001 and NHS security requirements).
• Work collaboratively with technical and non‑technical colleagues to provide clear, practical security advice and guidance.
• Support audits, reviews, and reporting related to cyber security, risk, and compliance.
• Help promote a strong security aware culture across the organisation through clear communication and engagement.

The Infrastructure, Cyber & IT Operations team plays a critical role in ensuring NICE's digital services are secure, resilient, and reliable. The team is responsible for safeguarding systems and information, supporting users across the organisation, and maintaining operational stability with minimal risk or disruption.

As part of this team, you will help protect nationally important digital services while enabling NICE to deliver trusted guidance and information to health and care users across England.

• Generous NHS Pension – secure your future with one of the most rewarding pension schemes in the UK.
• Flexible working – enjoy a healthy work‑life balance with options like remote working, compressed hours and flexible start/finish times.
• Exclusive discounts – save on shopping, dining and more with a Blue Light Card.
• Time to recharge – start with 27 days' annual leave plus bank holidays.
• Inclusive staff networks – join supportive communities such as Women in NICE, Race Equality Network, Disability Advocacy and NICE and Proud – we celebrate diversity.
• Tailored development – grow your career with personalised learning and development opportunities.

• Degree level qualification or equivalent professional experience, with specialist knowledge in cyber security governance, risk and compliance gained through practical experience and training.

• Proven experience working in a cyber security or information assurance role with a clear focus on governance, risk management, compliance, and assurance activities.
• Practical experience conducting security risk assessments, business impact analyses, and reviewing the effectiveness of security controls to support informed risk decisions.

• Strong familiarity with key cyber security standards, frameworks, and regulatory requirements such as CAF, Cyber Essentials, DSPT, ISO 27001, and GDPR.
• Excellent written and verbal communication skills, with the ability to explain complex security risks clearly to both technical and non‑technical stakeholders and influence decision‑making.
• Good understanding of core IT concepts including operating systems, networking, and cloud technologies (such as Azure or AWS), enabling robust and well‑informed risk assessment.

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Full-time, Flexible working, Compressed hours.

If you feel this is the type of environment you will enjoy working in, apply today!