logo for Royal Mail

Head of Cyber Risk & Governance - City, London, United Kingdom,

Job reference number 112283

Head of Cyber Risk & Governance

Full time


Royal Mail Farringdon

Job purpose

Reporting to the IT Director Cyber Security, the Head of Cyber Risk & Governance is responsible for the effective management of Cyber Risks within Royal Mail Group along with ensuring effective Cyber Governance including the management of 3rd Party IT Suppliers.

Key accountabilities

  • Leadership. This position will be responsible for up to 10 roles (both permanent and temporary), ensuring clear job descriptions are in place, objectives are set and reviewed on a regular basis and to support the ongoing career development of the team.
  • We need to get the most out of our IT partners. This role will provide technical leadership in ensuring there are clear roles & responsibilities between RMG and our 3rd party IT suppliers, we measure, on a regular basis, their performance and we are getting the maximum value from our 3rd party IT Suppliers
  • Cyber Risk Management. This role will assist in setting the strategy and delivering an effective Cyber Risk Management solution for Royal Mail.
  • InfoSec Governance Activities. This role will be responsible for defining and leading Information Security Governance activities (e.g Privileged Account Management, Local Administrators approval processes etc.).
  • Information Security Risk Management. This role will be responsible for managing the IT Security Risks relating to our Information Security controls provided by the team.
  • Information Security reporting. This role will be responsible for the definition and delivery of regular Information Security reporting to ensure we have a clear understanding of our current InfoSec controls position and risks.
  • Cyber Security Awareness. In partnership with the InfoSec Compliance team, define and deliver a comprehensive Cyber Security Awareness Campaign ensuring continual improvement and effective monitoring.

Key dimensions

  • This role will be responsible for ensuring we get value for money from our 3rd party IT Suppliers.
  • Potential budget responsibility of approx. £2M.
  • This role is responsible for the Cyber Risk Management activities provided across Royal Mail.
  • Team size - This role will lead a team of up to 10 (permanent and contractors)

Key Skills & Experience

  • Experience in developing and leading high performing teams.
  • Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
  • Knowledge and understanding of risk assessment and management methodologies
  • Experience of defining and implementing risk mitigation strategies
  • Strong business engagement & communication skills
  • Good problem-solving and analytical skills; ability to determine the approximate impact of each issue quickly to prioritise further work
  • Strong influencing skills and ability to positively and sensitively work with suppliers
  • Drive and enthusiasm
  • Passionate about consistently delivering high quality service
  • Ability to work quickly and accurately on routine tasks
  • Patience and persistence
  • Excellent communications skills - both oral and written
  • Experience of Managing 3rd Party IT Suppliers
  • Ability to manage small to medium change projects.


  • Security related qualifications (e.g. CISSP, CISM, CRISC, ISO 27001 Lead Auditor/Implementer)
  • Any cloud Security certifications e.g. CSSP.

About Royal Mail:

The Royal Mail Technology team is passionate about delivering high-quality products and outstanding digital experiences to our customers. Technology is instrumental in helping us achieve our objective to be recognised as the best delivery company in the UK and across Europe

With a workforce of almost 160,000, our core network handles c.14 billion letters and billion parcels a year, delivering to c. 30 million addresses, 6 days a week. Our technology therefore needs to operate at scale. As a data driven business, with the largest PDA estate in the country, our systems need to handle more than 60m scan events and 1.4bn data points per day.

Royal Mail is committed to building an internal development and testing capability, driving digital innovation across the business enabling our business to transform at pace. You will be working for a brand that's a household name and a critical part of the UK's infrastructure.

Our technology vision is to "Enable, Digitise, Realise":

  • Enable - Create environments where open conversations are the norm and where teams work alongside each other to complement skills.
  • Digitise - Utilise Technology to support the business. Making Technology thinking integral to the business. Increase the level of automation and implement connected systems.
  • Realise - Invest in technology and keep taking all opportunities to consolidate systems. Focus on removing complexity within our systems and enable our cost base to decrease.

We are fully embracing Agile and DevOps, and using tools such as Alexa, Azure and Google Cloud, Chatbot, Microsoft .NET Core, Angular and mobile apps.

Our priorities include:

  • Our postmen/women use 80,000 Android mobile devices and we are continuing to roll out new Apps all the time to help them to deliver a first class customer service.
  • International business is one of our fastest growing areas - our IT systems have to integrate with IT systems in over 200 different territories in order for customers to track their parcels around the world.
  • Continuously expanding our services to our customers, utilising predictive analytics and personalised services.
  • Transforming our customer's digital journey's through our website which is in the top 50 most visited UK websites - with 300m visits per annum, from 100m devices, resulting in 1bn page views, with 9.2m registered users, 20m unique visitors per month, and peaking at 7m visits per day during the Christmas peak.

We are an inclusive employer with equality, diversity and fairness at the heart of our values and we're proud to be recognised in The Times Top 50 Employers for Women 2019 for a 6th consecutive year. We welcome applications from individuals from diverse backgrounds and are committed to promoting fair participation and equality of opportunity for all of our job applicants.

We are happy to have a conversation about flexi