About the job

Job summary

Here at the Department for Levelling Up, Housing and Communities (DLUHC) we work on things that make a real difference to people’s lives.        

Whether it's through the homes we live in, the work of our local councils, or the communities we’re all part of, our work is at the top of the political agenda. We have ambitious and far-reaching outcomes to achieve this year and, if you’re thinking of joining us, there’s never been a more exciting time.  

We have over 3,500 staff who are based in 20 offices across the UK and this Cyber Security role sits in the heart of the Technology team within our Digital Directorate. 

Our aim is to provide high quality Digital services for our staff, typically using evergreen cloud services. Delivering this responsibility comes with a high demand for adoption of new technologies, systems and applications that require security review and scrutiny to ensure the department operates in a safe and secure environment that is overseen by centralised security products such as a SIEM, vulnerability scanners and security validation tools.   

Security has never been more important in delivering services for our staff and citizens, the Department is committed to meeting the objectives set out in the Government Cyber Security Strategy and already operates in the cloud with services such as Microsoft 365, AWS and Azure hosting and zero trust networking. Now is an extremely exciting time to join our Cyber team as we use a modern tech stack and are recruiting for a number of positions across Digital to ensure we can continue to grow and mature our capabilities and deliver Departmental objectives.

We’re looking for an experienced Cyber Security professional to lead, plan, develop, implement and operate the Department’s evolving Cyber Security services on a day to day basis and be accountable for the Department’s overall assurance.

Working to the Grade 6 cyber security service owner, you will lead the team and be responsible for areas including: Management of an outsourced CSOC and Pen Testing service, Information Risk Management, Assurance of the systems and services in the Department, IT security policy and management of centralised cyber services such as Major Incident Response, SIEM, CSOC and Vulnerability management. The  team also provide high quality advice and guidance across all matters relating to Cyber Security, Information Assurance, Information Risk Management, Information Governance and Security Testing.

Job description

As the Head of Cyber Security, you will:  

• Lead the development and be responsible for the management and implementation of cyber security risk management, assurance and security testing of systems and services.  
• Provide cyber security advice and guidance to the Department and other bodies it is responsible for.    
• Working collaboratively with key internal (Dept Security Advisers) and wider government (e.g. NSCS) partners in the coordination of effective cyber security delivery   
• To liaise with our external service providers ensuring we effectively test our systems and services and that they report back on findings to ensure where possible that remediations are enacted, within the agreed risk appetite for the system or service.    
• To lead and manage the proactive cyber security monitoring of Ministerial systems and services in conjunction with information feeds from our external service providers.    
• To identify risks and any attacks to our systems and services.    
• Lead, develop and advise on approaches to improve the risk posture and reduce the attack surface of our systems and services.    
• To understand and recommend remediations to both detected and published vulnerabilities that may affect Ministerial systems and services.   
• Liaising with service managers to ensure our external service providers patch and sufficiently protect our systems and services in a timely and efficient manner.    
• Work with our internal technology teams and external suppliers to ensure that relevant systems have appropriate security monitoring in place and that reporting is in place.  
• Lead and manage the Production of an overall status reporting system to monitor of all Ministerial systems and networks, providing a consolidated view of the Department’s threat surface and risk posture.    
• Be responsible for DLUHC GovAssure and accountable for Arm’s Length Bodies GovAssure. 
• Contribute to the Annual Security and Risk elements of the Departmental Security IT Health Check returns to the Cabinet Office.    
• Leading and managing the production of cyber security related technical documentation for the Department’s  systems and services, ensuring all artefacts are of a sufficient quality and are fit for purpose. Ensuring existing documentation and artefacts are current and updated. 
• Ensure periodic reviews of the security of DLUHC’s IT systems takes place to keep systems maintained and current with best cyber security practices. 

Person specification

The successful candidate will demonstrate excellent collaboration skills, vision and thought leadership. They will have proven management and communication skills, be self-motivated and be able to coach, motivate and lead team members.   

• Proven experience of Cyber Security Information Assurance, Information Risk Management and Assurance skills or related role. 

• Excellent  cyber security engineering skills, especially around security and application testing, monitoring, reporting and remediation. 

• Expert knowledge of current threats and attack vectors.  

• Detailed knowledge of Network infrastructure and architectures.   

• Developed problem solving skills experience of complex environments.  

• A strong understanding of information security principles, concepts, and best practices.

• Knowledge of relevant laws, regulations, and industry standards, such as GDPR, HIPAA, NIST, ISO 27001, etc. 

• Familiarity with security technologies, such as firewalls intrusion detection/prevention systems, antivirus/EDR. 

• Familiarity with security principles and technologies for cloud hosted services such as AWS, Azure, and SaaS.

• Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to non-technical stakeholders. 

• Professional certifications, such as CISSP, CISM, CRISC or equivalent experience. 

Benefits

Alongside your salary of £56,748, Department for Levelling Up, Housing and Communities contributes £15,322 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Things you need to know

Selection process details

We are for everyone 

At DLUHC we value diversity and inclusion and actively encourage and welcome applications from everyone, including those that are underrepresented in our workforce. We promote equality of opportunity in all aspects of employment and a working environment free from discrimination, harassment, bullying and victimisation. 

We would strongly recommend that applicants get in touch with the vacancy manager to find out more information about this role. 

We are for everyone 

CV Declaration 

We recruit based on your knowledge and skills, and not background, gender or ethnicity - this is called name blind recruitment. 

Please remove references to your: 

• name/title
• educational institutions
• age
• gender
• email address
• postal address
• phone number
• nationality/immigration status

Most of our campaigns utilise multiple assessors and so it is possible that your application would be viewed by different assessors. 

At sift, through your CV we will be assessing: 

• Experience 
• Technical Ability 

The interview will be of a blended nature consisting of the following success profiles elements:    

Behaviour: Making effective decisions

Experience

Technical 

In full the campaign will test the below Success Profile Elements: 

Experience: 

Technical: 

Behaviours:  Making Effective Decisions

Technical and Experience questions will be based around the essential skills and criteria as listed in the job description. 

We do not consider direct CV applications – you must apply for this role via the application link on Civil Service Jobs: 

Please note that near miss offers may be made at the lower grade to candidates who do not meet the grade criteria for this campaign 

Group 1 Digital and Data roles

DLUHC has implemented the Digital and Data capability framework for Group 1 roles. Applicants that are successful at the sift stage will be required to complete a capability assessment at interview.

DLUHC will honour completed capability assessments for this role from other Government Departments for existing Civil Servants. Please provide a copy of your capability assessment to the Hiring Manager when applying. If you have any queries on pay, please contact the Hiring Manager.

Salary is determined by performance at interview, within the range advertised. Each experience or technical skill is assessed between 1-3, representing working towards, at or above the job level requirements. You are awarded a proficiency level accordingly, and you will be given opportunities at least once a year to re assess your capability and progress through the pay scale within your grade. An additional digital allowance may be payable depending on level of assessed capability.

Candidates moving from another government department have the option to retain their current salary where the principle for implementation is there is no detriment where existing pay exceeds the indicative level. Where individuals are at a lower salary than their assessed level, they will receive an upward adjustment.

G7 Group 1 Digital and Data salary

• The salary for this role will between £56,748 - £61,562 (National) and £61,884 - £66,677 (London) depending on the proficiency level assessment.
• An additional digital allowance may be payable depending on the level of assessed capability up to £9,000
• For applicants in receipt of existing allowances, we will assess each case individually and aim to match the digital allowance implemented with no detriment.
• For existing civil servants, the usual policy on level transfer and promotion will apply and is non-negotiable

Please note that the average employer pension contribution is based upon the National minimum salary for this role. Should your agreed starting salary for this role be different, the average employer pension contribution will be calculated accordingly. If you are a Secondee, this will not apply as you will remain on your home organisation’s terms and conditions. 

BENEFITS:

Transfers across the Civil Service on or after 4 October 2018:Any move to DLUHC from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk

For further information about the benefits available to DLUHC employees, please see the attached Candidate Pack.

 

GEOGRAPHICAL LOCATION:

• London
• Darlington
• Wolverhampton
• Manchester
• Leeds
• Birmingham
• Bristol

Sift and Interview dates

Sifting is envisaged to take place W/C 05/02/2024 with interview dates to be confirmed. All interviews are currently being held remotely via videocall. 

Reserve List 

In the event that we identify more appointable candidates than we currently have posts available, we will hold applicant details on a reserve list for a period of 6 months from which further appointments can be made. This may include roles at a lower grade. Candidates placed on a reserve list will be informed of this. Those candidates who do not wish to remain on the reserve list should contact recruitment@levellingup.gov.uk to be removed from the reserve list. 

SC (Security Check)

Important note

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is Security Check and the process can take up to 8 weeks to complete.

Please note that successful candidates will need to pass the Security Check – this requires you to have been resident in the UK for the past 5 years. Please refer to the DLUHC Notes on Security Clearance section of our Candidate Pack for further information on Security Check (SC).

Candidates should also note that with effect from 1st August 2018 the department will also check all applicants who are successful at interview, against the Internal Fraud Database (IFD) held by the Cabinet Office. In accordance with the Civil Service Internal Fraud Policy, any applicant who is included on the IFD will be refused employment by DLUHC. Please see the Candidate Pack for further information on the Internal Fraud Database.

Before starting your application it’s very important to make sure that you are eligible to apply and meet the Civil Service nationality requirements. All candidates are expected to read the information provided in the DLUHC candidate pack regarding nationality requirements and rules 

Candidate Pack Information 

Please see attached Candidate pack for further information. 

 

Internal Fraud Database 

The Internal Fraud function of the Fraud, Error, Debt and Grants Function at the Cabinet Office processes details of civil servants who have been dismissed for committing internal fraud, or who would have been dismissed had they not resigned. The Cabinet Office receives the details from participating government organisations of civil servants who have been dismissed, or who would have been dismissed had they not resigned, for internal fraud. In instances such as this, civil servants are then banned for 5 years from further employment in the civil service. The Cabinet Office then processes this data and discloses a limited dataset back to DLUHC as a participating government organisations. DLUHC then carry out the pre employment checks so as to detect instances where known fraudsters are attempting to reapply for roles in the civil service. In this way, the policy is ensured and the repetition of internal fraud is prevented.  

For more information please see- Internal Fraud Register 

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.