About the job

Job summary

This role is part of the DHSC Cyber function based at one of the offices identified in the linked locations with a possibility of adding more locations inc Newcastle in future.

In DHSC, we are proud of our purpose – to enable everyone to live more independent, healthier lives for longer. To achieve this, and create a great place to work, we have four values: we are inclusive, we constantly improve, we challenge, and we are agile. If this sounds like an environment you’d like to work in, we’d love to hear from you.

The Chief Data Officer’s (CDO) Directorate is responsible for the production of health intelligence and analysis and we are transforming the way DHSC is using data right now. We’re delivering key projects which will lead to significant changes in how data teams access and work with the data they need.

CDO teams also protect the business from the potential impacts of non-compliance with our policies, cyber security, data protection and other legal obligations, by helping them to identify, design out and manage risk.

This role is part of the DHSC Cyber Security Team, within CDO based at one of the offices identified in the linked locations with a possibility of adding other locations in future.

Job description

Department of Health and Social Care (DHSC) Cyber Security’s simple purpose is to secure the Department in cyberspace.

DHSC Cyber is comprised of five core function areas, Security Operations, Programme and Project Support, Policy and Standards, Cyber Assurance, and team management. As a Lead Cyber Security Practitioner you will work on either the Operations or Programme and Project Support function but would be expected to support the other functions of Cyber as needed.

Security Operations works with the supplier managed Security Operations Centre (SOC) to analyse data across the estate and wider, identifying threat or malicious cyber activity, investigate and take steps to mitigate DHSCs exposure. Additionally, the SOC function takes a leading role in the response to cyber incidents by clearly and calmly communicating issues, helping to identify and implement solutions.

Programme and Project Support works to support delivery of 1st line risk identification, assessment, remediation, and treatment of risks. You will lead the work in collaboration with Business Owners to identify and address security risks and concerns within projects, current and proposed business activities, as well as commercial engagements (including procurements). As a subject matter expert, you will enable them to make well informed risk-based business decisions whilst ensuring the secure delivery of DHSCs aims.

You must have very strong communication skills and be able to discuss risk and technical matters to senior management in a simple and understandable way.

Person specification

• Contribute to and take a leading role in the delivery of DHSCs evolving security and technology landscape.
• Assist in collaboratively defining and ensuring managed delivery of SOC in association with 3rd party suppliers
• Working collaboratively with suppliers, project managers and programme leads to provide subject matter expertise on a range of security & risk requirements.
• Undertake stakeholder management for major projects partnering Senior Programme Leadership and governance boards and ensuring the cyber work commitment required is delivered to time and quality.
• Act as an escalation point for cyber security related incidents and problem management ensuring their resolution.
• Act as an empowered deputy for the Head of Cyber at key meetings.
• Identify and manage (escalating as needed) cyber risks for the business to influence appropriate decisions in keeping with the DHSC risk appetite and subsequently assist with risk minimisation.
• Collaborate with governance and compliance teams to manage and handle Cyber Security risks.
• Ensure delivery of technical security activities to identify vulnerabilities and plan risk-based mitigating actions.
• Research, identify, validate, and embrace innovative technologies and methodologies.
• Provide peer reviews and coaching and mentoring as appropriate.
• Undertake line management responsibilities.

Key skills and experience required for the role

We are looking for dynamic and enthusiastic candidates, with a proven track record in Cyber Security and Risk, to work in partnership with the organisation and its suppliers, to continuously develop how we grow and embed our approach to cyber security by design.

It is essential that candidates have significant experience in:

• Advising and/or delivery of security aspects of major projects and programmes.
• Designing & delivering information security & risk management aligned to corporate risk appetite.
• Cloud security and appreciation of zero trust principles.
• Identifying Vulnerability, understanding threat and communicating risk within the wider security and business context.
• Ability to manage effective relationships with stakeholders and suppliers.
• Demonstrating professional credibility and authority.
• Sharing knowledge, supporting, advising, and training colleagues.
• Strong written & verbal communication skills with the ability to communicate effectively at all levels to technical and non-technical audiences.
• Strong knowledge in defining and managing security incident plan and procedures.

It is desirable that candidates have the following criteria:

• Knowledge of wider security domains and disciplines beyond Cyber e.g. Physical, Personnel, Process, Policy, Privacy, Law & GDPR.
• Proven ability to monitor and manage security capabilities delivered by 3rd parties.
• Proven knowledge of Microsoft Security and its tools.
• Applied knowledge of security architectures, operating systems & networking architectures.
• Working knowledge of appropriate Industry and UK gov security standards and guidance e.g. NCSC portfolio, ISO27000 series, NIST Framework, CIS Benchmarks etc.
• Knowledge of Cryptography & encryption systems.
• Hold or willingness to obtain a professional certification as a security specialist through a recognised provider such as ISC2, ISACA, CompTIA, GIAG and IAPP, or degree-based equivalent.

Your normal place of work will be your contractual primary workplace, usually either London or Leeds.  Within DHSC we offer non-contractual hybrid working. The expectation at present is a minimum of 60% of your working time spent in the office, enabling in person interaction and collaboration and enhancing team working, learning, and support. 

You will be asked to express a location preference during the application process. Please be aware that this role can only be worked in the UK and not overseas and some travel may be required across the DHSC estate. 

Opportunities for some working from home may be available; other flexible working options may be discussed with the hiring manager in line with individual circumstances and business need. 

There are a limited number of DHSC colleagues who have existing agreed homeworking contracts resulting from Our Future Estate Programme 2023-2024. Colleagues covered by these arrangements are eligible to apply for this role whilst continuing their agreed existing home working arrangement. Occasional travel to DHSC offices or other locations may still be required according to business need. Travel and subsistence will be provided in line with the pre-agreed homeworker arrangements. 

Benefits

Alongside your salary of £53,116, Department of Health and Social Care contributes £14,341 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

Sift date: W/C 13/05/2024

Interview date: expected W/C 10/06/2024 

Interview location: By video. Further details will be released to candidates who are successful at sift. 

The available interview slots will be released with the sift scores. 

Applications will be sifted on CV and Statement of Suitability.

Please use your CV to set out your career history, highlighting specific responsibilities and achievements that are relevant for this role. These can be found in the ‘key skills and experience required for the role’ section of the advert.

Please use your statement of suitability to (in no more than 1000 words) outline how you meet the key skills and experience required for the role as set out in the job advert.

At interview candidates will be assessed on Behaviours, Experience, and Technical Skills.

To find out more about working in the department please visit our page on the Civil Service Careers Website here and to find out more information on how to apply visit the Civil Service Careers Website here  

Please be aware that some travel may be required across the DHSC estate. 

Please note that applicants will require SC clearance. For SC clearance, candidates must have been a resident in the UK for the past 5 years.

For further information on National Security Vetting please visit the following page https://www.gov.uk/government/publications/demystifying-vetting

This role is full time only. Applicants who wish to work an alternative pattern are welcome to apply however your preferred working pattern may not be available and you should discuss this with the vacancy holder before applying.

If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.

Further Information

A reserve list may be held for a period of 12 months from which further appointments can be made.

Any move to DHSC from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk

If successful and transferring from another Government Department a criminal record check may be carried out. 

In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service on your behalf.

However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.grs@cabinetoffice.gov.uk stating the job reference number in the subject heading.

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment. 

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

New entrants are expected to join on the minimum of the pay band.

This role is being advertised on a permanent basis. If preferable, Loan or Secondment options will also be available for existing Civil Servants (Loan) and applicants from accredited NDPBs or any other employer (Secondment). Prior agreement to be released on a loan basis must be obtained before commencing the application process. In the case of Civil Servants, the terms of the loan will be agreed between the home and host department and the Civil Servant. This includes grade on return.

Reasonable Adjustment

If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes. 

If you need a change to be made so that you can make your application, you should: 

Contact Government Recruitment Service via DHSCRecruitment@dhsc.gov.uk as soon as possible before the closing date to discuss your needs. 

Complete the ‘Assistance required’ section in the ‘Additional requirements’ page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.

Terms and Conditions

Candidates should note that DHSC’s Terms and Conditions of employment changed from 1 October 2013. It is the candidate’s responsibility to ensure they are aware of the terms and conditions they will adopt should they be successful. 

New Entrants to the Civil Service

New entrants appointed in grades AA to G6 will receive DHSC’s modernised terms and conditions:

• Annual Leave: 25 days on entry rising by one day for each completed year of service to a maximum of 30 days and pro-rata for part-time staff
• Privilege Leave: 1 day - for the King’s birthday
• Hours of Work: 37 hours (net) per week for full time staff in all geographical locations, including London and pro rata for part-time staff
• Occupational Sick Pay (OSP): one month full pay/one month half pay on entry, rising by one month for each completed year of service to a maximum of five months’ full pay and five months’ half pay
• Mobility: Mobility clause in contracts allow staff to be mobile across the Civil Service
• Probation: 6 month probation period

Existing Civil Service staff transferring from another Government department, on either level transfer or promotion

All staff moving to DHSC will transfer onto DHSC’s modernised terms and conditions (as outlined above). 

Existing DHSC staff, appointed on either level transfer or promotion

If DHSC’s modernised terms and conditions are already held, the employee will retain those terms and conditions. If DHSC’s pre-modernised terms and conditions are held, the employee will transfer onto DHSC’s modernised terms and conditions (as outlined above).

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.