About the job

Job summary

Head Office provides the Department of State function and political and military strategic direction for the MOD. It is accommodated in Main Building, MOD’s flagship headquarters. This is an exciting new role within the Director Head Office business area specifically within the Safety Security and Business Resilience (SSBR) business unit.  Its main role is to oversee the safety, security, and resilience of MOD Main Building, ensuring that staff within MOD Main Building can continue to deliver critical Defence outputs in all foreseeable circumstances.   We are looking for an enthusiastic individual to lead the Head Office Cyber Security team.  This is a new, exciting high-profile role working across the whole of Defence. The office is a busy, fun, and supportive environment covering a range of security and resilience delivery functions.  You will have LM responsibility for an SEO of which recruitment is underway.

As part of your role, you will be required to develop a Cyber Security Strategy for Head Office, aligning with Defence’s Cyber Security Strategy and Resilience programme.  You will lead the work to understand Head Office’s Cyber security and resilience risk to ensure the effective of proposed mitigations against an evolving cyber threat.  You will promote best practice, promote and advise on secure by design ensuring Head Office business units are aligned and comply with MOD policy.  You will lead on the implementation of Cyber Compliance Framework activities driving forward improvements as required.  Head Office ac f  You will liaise with Directorate of Cyber, Risk and Governance, Defence Digital and other key stakeholders to ensure we are coherent with wider Departmental work / objectives.  You will represent the Principal Security Advisor at departmental meetings including the Cyber Resilience Oversight Board as appropriate. 

This position is advertised at 37 hours per week.

Job description

• Leading work to understand Head Office cyber security and resilience risk to ensure understanding and effectiveness of proposed mitigations against the evolving cyber threat.
• Ensuring Head Office conducts cyber risk assessments and risk management in accordance with defence standards and in line with applicable regulations, legislation and policy.
• Reporting on Head Office cyber security and resilience risk, to enable senior stakeholders to make informed decisions.
• Ensuring Head Office implements Defence / HMG cyber security guidance, policy and tools.
• Overseeing the analysis of mitigation plans for Head Office cyber risks, building knowledge of common themes and identifying gaps
• Building a cyber risk management community of interest and using it to promote cyber risk knowledge sharing.
• Providing advice and guidance to Head Office senior management, business units and key stakeholders on cyber security related risks
• Leading and overseeing Head Office activity in response to cyber incidents and rapidly emerging vulnerabilities.
• Lead the implementation of the Cyber Compliance Framework and the Cyber Risk Management Framework across Head Office.
• Working closely with the Head Office Security and Resilience Team to reduce seams between physical, personal, technical and cyber security.
• Line managing the Head Office cyber security team – line manager for SEO, CSO for HEO post.

Due to the nature of the role, you may be required to support the Principal Security Advisor and Security and Resilience Ops lead help to manage security (cyber) or resilience incidents.   

This may include managing crises that disrupt or have the potential to disrupt business in MB.  You will have a wider awareness of the changing priorities and responsibilities and be able to work flexibly distinguishing the preferable from the critical.  As this is a new team, you will have an opportunity to shape the future size and shape and responsibilities of the team as the Head Office Security team as the organisation considers its priorities over the next 5 years.You may be required to take part on an on-call rota, sharing the responsibility of providing out of hours advice to Main Building users and stakeholders with colleagues across the Safety, Security and Business Resilience team for which an allowance is payable.

Maintaining professional competence.

Person specification

• Self-starters who are comfortable working independently in a fast-paced environment, able to set goals, create opportunities, win support for them, and see them through.
• People with excellent interpersonal skills, able to express themselves clearly and engage with a diverse set of senior stakeholders to ensure that Head Offices priorities are met.
• People with sound judgment and analytical skills, able to take evidence-based decisions and calculated risks, with a good instinct for when to seek direction.
• People who have can drive forward change and can overcome obstacles to drive forward improvements.  
• People who are resilient, able to oversee and progress a broad programme of activities, prioritising among them and delivering to deadlines.
• Individuals who are highly organised and able to establish a close working relationship with a wide range of contacts, inside and outside of the Department.
• A sense of fun and a willingness to help develop a close and supportive team ethos.

 Essential

• A good understanding of cyber risk and cyber security
• Formal/ accredited qualifications in Information Risk Management and/or Information Security 

Technical Qualifications

• IISP Skills Framework: A1 - Governance. Level 5 (Advise) – Principal Practitioner
• IISP Skills Framework: B1 - Threat Intelligence, Assessment and Threat Modelling. Level 5 (Advise) – Principal Practitioner
• IISP Skills Framework: B3 - Information Risk Management. Level 5 (Advise) – Principal Practitioner

Desirable

Knowledge of Security and Resilience Member of the professional body such as the Security Institute or Business Continuity Institute.

Benefits

Alongside your salary of £57,670, Ministry of Defence contributes £15,570 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience.

At Sift - Candidates should submit a CV and personal statement of no more than 1,000 words outlining how they meet the “Essential Criteria” / person spec in the job specification.

At interview: Candidates will be expected to demonstrate evidence of the civil service behaviours advised in the advert at interview.

At interview you will be assessed against the following behaviours : 

• Leadership
• Communicating and Influencing
• Changing and Improving
• Making Effective Decisions
• Delivering at Pace
• Managing a Quality Service

The Civil Service embraces diversity and promotes equality of opportunity. There is a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. If you need to advise us that you need additional help or reasonable adjustments for the recruitment process, please contact: DBSCivPers-Resourcingteam3@mod.gov.uk 

As a result of the changes to the UK immigration rules which came into effect on 1 January 2021, the Ministry of Defence will only offer sponsorship for a skilled worker visa under the points based system, where a role has been deemed to be business critical.

The role currently being advertised has not been assessed as business critical and is therefore NOT open to applications from those who will require sponsorship under the points based system. Should you apply for this role and be found to require sponsorship, your application will be rejected and any provisional offer of employment withdrawn.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).

See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

Open to UK nationals only.

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.