About the job

Job summary

The Opportunity

Our work couldn’t be more important, and is of enormous significance to the security of our nation’s democracy. It enables the UK Parliament to run smoothly, function efficiently and operate transparently, and when you join us in this vital role you’ll use your brilliant organisational and planning skills as you take the lead on cyber security risk assessment activities.

This role will be a 2nd line of defence cyber security controls Risk identifier, assessor and reporter in an expanding Risk and Architecture team working alongside security architects, policy and framework development and design assessors. There is a wide scope of technology products to support and review including systems supporting a world heritage site.

Your responsibilities will be wide ranging and key to the success of our dynamic organisation, and include making technical risk assessments, identifying and assessing compensating controls, reporting on the status of cyber security risks, and producing high quality reports. But that’s not all. You’ll also:

• perform technical risk assessments to quantify and document the likelihood and impact of cyber security risks
• work with project managers, architects and suppliers to identify and assess compensating controls
• liaise with risk owners and key stakeholders as you update registers, dashboards and treatment plans
• ensure that risk scores are regularly reviewed to take account of emerging threats and vulnerabilities
• prepare reports for key stakeholders on Parliament’s cyber security risk exposure
• provide cyber security advice and guidance in response to ad hoc queries and requests

What You Need

With well developed experience of quantifying and documenting the likelihood of cyber risks occurring and their potential impact on our organisation, you should also have:

• a sound understanding of computer networking, cloud infrastructure, digital tools and network connectivity
• the ability to form superb working relationships with key customers, stakeholders and colleagues
• an excellent understanding of cyber security concepts, threats, controls and the practices adopted to maintain the confidentiality, integrity and availability of information systems
• up-to-date knowledge of relevant legislation and cyber security frameworks
• outstanding planning and organisational skills and the ability to meet tight deadlines while coping with fluctuations in your workload
• a systematic and analytical approach to problem solving
• the skills to communicate technical information to technical and non-technical audiences
• experience of reviewing technical designs and implementing plans to identify risks to digital systems in a hybrid technology environment.

Job description

• To perform technical risk assessments using consistent processes to quantify, and document, the likelihood and business impact of cyber security risks and to work with project managers, architects and suppliers to identify and assess compensating controls.  
• To liaise with risk owners and key stakeholders and update relevant risk registers, dashboards and treatment plans, ensuring that risk scores are regularly reviewed to take account of emerging threats and vulnerabilities and the implementation of security controls.  
• To prepare reports for key stakeholders (including senior managers) on Parliament’s cyber security risk exposure. For example, monitoring, reporting and advising on risks recorded on operational and departmental team risk registers.
• To help to maintain existing policies, standards and procedures for cyber security risk management and to devise and document new policies, standards and procedures (taking account of best practice frameworks, legislation and regulation) as required.  
• To support the Cyber Security Risk Principal in stakeholder engagement activities.
• To support the Cyber Security Risk Principal in quantifying and documenting the supply chain cyber risk across Parliament. For example, the review of existing Information and Communication Technology (ICT) and Industrial Control Systems/Operational Technology (ICS/OT) contracts and supporting contract owners in defining cyber non-functional requirements across the contract lifecycle.
• To ensure that guidance on how to manage cyber security risk is developed and continually refreshed and communicated to stakeholders.  
• To provide cyber security advice and guidance in response to ad hoc queries and requests.
• Collaboration with Cyber Security colleagues including liaising on Change Approval Board requests. Support the change control exception reporting process.
• To deputise for the Cyber Security Risk Principal when required. 

You will work with key stakeholders including;

Digital Service technology teams, Change approval board, Technical and Solution Architects, Project teams, Accreditor, PDS Information Security, Other Parliamentary Network Owners (OPNS), the Information compliance teams of both Houses, Governance Office and the Information and Records Management Team. In addition contract owners for Parliamentary ICS/OT and ICT solutions, system owners of Parliamentary ICS/OT and ICT. 

The above list of key responsibilities is not exclusive or exhaustive and the post holder will be required to undertake such tasks as may reasonably be expected within the scope and banding of the post.

Person specification

Criterion 1
Has experience of identifying and assessing cyber security risk using consistent processes to quantify, and document, the likelihood of cyber risks materialising and their potential impact on the business.

Criterion 2
Demonstrates a sound understanding of computer networking, cloud infrastructure, digital tools and network connectivity. Has practical experience of reviewing technical designs and implementing plans to identify risks to Digital systems in a hybrid technology environment. 

Criterion 3
Proven ability to form effective working relationships with key customers, stakeholders and colleagues within a complex management structure.

Criterion 4
Demonstrates a sound understanding of cyber security concepts, threats, controls and the practices adopted to maintain the confidentiality, integrity and availability of information systems.  Knowledge of relevant legislation and cyber security frameworks.

Criterion 5
Demonstrates good planning and organisational skills to prioritise to meet deadlines and cope with fluctuations in workload. A systematic and analytical approach to problem solving with the ability to communicate technical information to both technical and non-technical audiences. 

Criterion 6
Demonstrates practical understanding of contracts and the procurement process. 

Benefits

Please refer to our Candidate Information Pack for a full list of our benefits which include:

• up to 35 days annual leave in addition to bank holidays
• generous maternity pay policy up to 6 months full pay
• great pension scheme options (contributory and non-contributory)
• on-site subsidised gym, nursery, catering, post office, travel office and GP
• flexible options including hybrid working and family friendly policies

Things you need to know

Selection process details

How To Apply

Please make sure you're clear on the requirements of the role. These can be found in the Job Description and Candidate Information Pack. To apply, you will need to show how you meet up to the first four criterion. Our application process is anonymous to prevent bias. You are not required to upload a CV but instead, you will enter your work and education history.

Apply By: 23rd January 2024 at 23:55

Interviews: W/C 5th Feb 24

Format: Remote (Microsoft Teams)

Our Culture

For our people, we provide an amazing opportunity to bring their talents to an institution that sits right at the heart of society in the UK. We are helping to change UK Parliament and strengthen democracy. What matters here is your potential for growth and your commitment to playing your part in our ongoing success.

We are passionate about providing an environment which promotes inclusion, diversity and equality. Regardless of your age, gender, ethnicity, beliefs or any of the other things that make you, you. We welcome applications from people who feel under-represented in the workforce. This includes those who may feel disadvantaged because of their socioeconomic circumstances.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.