About the job

Job summary

DI is a complex organisation providing assured products and analysis to customers within MOD and across government. We rely on a large and complex estate of customised and specialist systems to do this. The security and assurance of these is critical to delivering DI’s outputs.

This is a newly created post working closely with the new DI CIO to build and deliver an information and cyber security function across DI. The role will have a diverse scope, looking at both our current systems and how we secure new systems as we move to cloud and new enterprise platforms.

In Defence Intelligence (DI) our people solve problems, create understanding and give perspective to the diverse and complex Defence threats and challenges in a rapidly changing world. Together, our civilians and military personnel inform decision making in Defence, handle complex finance programmes and develop new technology.

In DI we believe your unique experiences, views and understanding of the world could provide a vital perspective and contribution to our work. We recognise that great minds do not think alike and are striving to increase our diversity representation at all levels. As an equal opportunities employer we hire, train and promote people based on merit and inspire to create an inclusive workplace free of discrimination. We also offer flexible working arrangements such as flexitime, job share and compressed hours.

Strategic Command is going through a significant transformation programme which aims to improve the way the Command conducts its business and delivers for Defence and the nation. As a consequence of this, all posts within Strategic Command Headquarters and in time the wider organisation, are/will be subject to review and potential changes as we continuously improve across the period of the transformation programme. These changes may be minor or could be more substantive and will generate new opportunities. Throughout, the Command’s transformation programme is committed to following the MOD’s framework on managing and supporting people through the change process and places an emphasis on early and open consultation and engagement with the Command’s personnel and Trade Unions.

All job adverts in DI are subject to fair and open competition.

This position is advertised at 37 hours per week.

Job description

The DI Head of Cyber Security is responsible for understanding and managing Cyber and Security risk across DI. Working across MOD and with Partners they will ensure that DI’s Cyber and Information Security Risk is well handled to maximise the data and information that can be shared in support of DI’s mission.

This will include developing a robust Governance, Risk and Compliance Framework for managing cyber risk, supporting the development of Secure by Design architectures, managing residual information security risk and risk on legacy systems, as well as working closely with Defence Digital to respond to cyber security incidents.

This is an exciting opportunity to shape and transform the way services are secured, developing the capability to protect data, demonstrating and sharing best practices within and outside the organisation.

Person specification

The Defence Intelligence Head of Cyber Security is an exciting and challenging new post to manage cyber and information risk across one of MOD most complex, secure and diverse functions. We are looking for a candidate who:

• Has a strong understanding of cyber and information security.
• Understands the threat landscape for mission critical systems and the unique risks that they are exposed to.
• Has good technical knowledge of a variety of systems and technology to enable them to provide advice on Secure by Design architectures and to provide advice on balancing information risk and operational need.
• Can form strong partnerships across MOD and Partners to maintain confidence in DI’s cyber security posture and respond to changing requirements.

Will work closely with Defence Digital Cyber Defence to ensure the Defence cyber resilience strategy is embedded within DI.

Responsibilities

• Responsible for developing and maintaining a robust cyber security policy and direction across DI. Acting as a focal point for cyber audit and assurance activities across the HLB.
• Lead and undertake risk management activities across DI against the hardest or most novel scenarios, while applying the fundamental principles of cyber security risk management
• Act as the functional lead for Information and Cyber assurance and security advising senior leaders on information risk.
• Work with DI CIO, and senior leaders to define and maintain DI’s appetite for Cyber Risk. Ensure this is appropriately reflected in existing and planned capability.
• Lead the analysis and definition of cyber security risks through DI, in accordance with the DI and UK Strategic Command Security Risk Management (SRM) framework.
• Provide technical input and assurance to both new and legacy capabilities, ensuring that they meet the Department’s Secure by Design Standards.
• Actively participate in a community of cyber defence professionals across DI, Partners and Government to ensure our information is robust protected and risk is well managed as threats evolve.
• Maintain a thorough understanding of the evolving cyber threat picture, particularly as it pertains to DI. Ensure that the information risk picture is continually updated in response.

Benefits

Alongside your salary of £67,820, Ministry of Defence contributes £18,311 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

At Sift:

Candidates will be required to provide a CV details to include job history, qualifications and previous skills and experience.

Candidates will be required to provide a statement of suitability. (500 words) 

At Interview:

Behaviours: 

• Communicating and Influencing 
• Leadership 

Technical Skills:

• Information risk assessment and risk management
• Applied security capability
• Protective security
• Threat understanding

Government Digital and Data Profession Capability Framework - Government Digital and Data Profession Capability Framework (ddat-capability-framework.service.gov.uk)

At interview Candidates will be required to deliver a 10 minute presentation on a relevant topic which will be provided before your interview. Following which the panel will ask questions linked to your presentation and application. 

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Security
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is enhanced developed vetting, further to the DV as listed below. Successful candidates who do not hold the necessary clearances will be made provisional job offers and asked to undergo our vetting procedures. Once the relevant clearances have been acquired a formal job offer will be made and start dates can be discussed. Should candidates fail to acquire the relevant clearances the provisional job offer will be rescinded. Candidates should note this process can take several months. Candidates with DV would need to pass the further internal vetting process, but once passed you would be able to start within DI.

The Civil Service embraces diversity and promotes equality of opportunity. There is a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. If you need to advise us that you need additional help or reasonable adjustments for the recruitment process, please contact: DBSCivPers-Resourcingteam3@mod.gov.uk .

As a result of the changes to the UK immigration rules which came into effect on 1 January 2021, the Ministry of Defence will only offer sponsorship for a skilled worker visa under the points based system, where a role has been deemed to be business critical.

The role currently being advertised has not been assessed as business critical and is therefore NOT open to applications from those who will require sponsorship under the points based system. Should you apply for this role and be found to require sponsorship, your application will be rejected and any provisional offer of employment withdrawn.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).

See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

Open to UK nationals only.

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.