About the job

Job summary

The first duty of the government is to keep citizens safe and the country secure. The Home Office has been at the front line of this effort since 1782. As such, we play a fundamental role in maintaining the security and economic prosperity of the UK. 

The Home Office leads on immigration and passports, refugee protection, counter-terrorism, policing, fire services, and crime and drugs policy. 
 
Digital Data and Technology (DDaT) enables the Home Office to keep the UK safe and secure. We design and build the services that help people apply for visas or passports, support policing and counter-terrorism operations, and protect the UK’s borders. 
  
This is an exciting time to be at the Home Office. You’ll have a chance to shape the future and support our mission to deliver exceptional public services that work for everyone. 
 
Our work is guided by these principles: 

• We put user needs first 
• We value delivery and outcomes over process 
• We work in the open 

Our flexible working policy ensures a healthy work-life balance. We also nurture talent and offer a broad range of learning and development opportunities that will help you flourish in your role. 

We work hard to maintain a positive working culture and are committed to helping you fulfil your potential. We value diversity and provide an open, inclusive, and supportive environment to help you do your best work.

Job description

Metis is the Home Office cloud Enterprise Resource Planning (ERP) system used by all employees and support organisations.

As a Metis Senior Information Security Manager, you will develop security, risk management, and compliance procedures. This will include the investigation of major breaches of security and the development of information security policies and procedures relevant to the Metis service. 

You will lead the Metis auditing regime and ensure all access to data held is conducted in accordance with policies and procedures. You will initiate security audit and investigation into internal unauthorised activity on Metis services. 

You will be able to understand core technical and cloud concepts related to the role and work under guidance to apply them. By seeing the bigger picture, you will be able to investigate how to get the best out of our services and tooling. 

You will work closely with a number of teams within DDaT and wider Home Office to ensure all information security policies and procedures are understood and adhered to, in line with best practice standards. 

This post is eligible for a DDaT RRA. Successful Candidates with exceptional skills and experience may be assessed for RRA between (£3,000 - £8,300). This allowance is subject to an initial review within six months of taking up the post and thereafter an annual review in-line with departmental priorities and could be reduced or withdrawn at any time.

Where business needs allow, some roles may be suitable for a combination of office and home-based working.  This is a non-contractual arrangement where all employees will be expected to spend a minimum of 60% of their working time in an office, subject to local estates capacity, by Spring 2024. Applicants can request further information regarding how this may work in their team from the Vacancy Holder (see advert for contact details).

Due to business needs, this role is not suitable for part-time working.

Person specification

Your main day to day responsibilities will be:

• Conducting reviews of and creating security policy documentation, including drafting procedures, processes and security notices, to ensure that requirements from governance, such as the Home Office Cyber and Physical Security Document Sets, are reflected.
• Overseeing the audit process, analysing audit data in order to make recommendations on how we can ensure information conforms to processes, procedures, and regulations.
• Communicating effectively with relevant teams and stakeholders to ensure they recognise the importance of security considerations and respond accordingly to changes in policy and procedure.
• Initiating and overseeing internal investigations into activities on systems and services and ensuring that these are conducted with utmost integrity.
• Working on remedial solutions and ensuring resolution activities are carried out through liaising with the appropriate stakeholders.
• Working with technical teams to support the continuous monitoring of designated systems and networks and the recording of security events and incidents to highlight system and network errors and support investigations.
• Work within established security and risk management governance structures, to support, review and undertake straightforward risk. management activities such as: helping with the analysis and derivation of business-supporting security needs; undertaking Metis cyber security related risk assessments for new products; basic threat assessments and other risk management activities.

You will also be expected to carry out the following day to day activities:

• Identifying process optimisation opportunities and working on the implementation of proposed solutions.
• Driving the collection of statistical information relating to Metis security incidents and identified vulnerabilities to produce reports for senior stakeholders.
• Mentoring junior members of the team to ensure that they are up to speed with Home Office and security principles and developing in line with Home Office values.
• Scoping work for and advising suppliers and security consultants employed to conduct third party risk and threat assessments, ensuring SLAs are met.
• Providing ad hoc support/consultancy to IT teams by answering general enquiries about information security requirements.
• Participating, contributing to and supporting collaboration initiatives and career development within the IT Operations community, building in-house capability via a professional community of practice.

Essential criteria

You’ll have a demonstrable passion for information security, with the following skills or strong experience in:

• Developing security policy documentation, working in line with best practice principles for information security and risk management.
• Developing technical knowledge in order to understand the security impacts of any changes, and applying yourself to manage these.
• Absorbing potentially large amounts of conflicting information and using it to produce recommendations and solutions, leveraging analysis to enhance business performance.
• Demonstrating strong stakeholder skills in order to communicate and influence colleagues around the impact of security issues.

The skills listed above are reflective of the Home Office DDaT Profession Skills and Competency Model (based on the industry standard SFIA framework). Please see below for the relevant skills required for your role:

Strategy and Architecture:

• Security and Privacy - Information Security (SCTY) – Level 4
• Advice and Guidance - Specialist Advice (TECH) – Level 3
• Governance, risk and compliance - Risk Management (BURM) –  Level 3
• Strategy and planning - Measurement (MEAS) Level 3

Delivery and Operation:

• Service Management - Service Level Management (SLMO) – Level 2

Relationships and Engagement:

• Stakeholder Management - Stakeholder Relationship Management (RLMT) – Level 3

For further details on the above skills, please see the attached SFIA 8 document. 

Desirable criteria

Ideally you will also have the following skills and experience in:

• Cloud security management.
• Managing risk management and audit tools.
• Diagnosing and devising innovative solutions for resolution activities.
• Understanding of Lean, Agile and DevOps principles within a Product-centric delivery model.

Ideally you will also have experience in: 

• ITIL v3/v4 Foundation Certification
• BCS Foundation Certificate in Data Protection
• BCS Foundation Certificate in Information Security Management Principles (CiSMP)
• BCS Practitioner Certificate in Data Protection
• BCS Practitioner Certificate in Information Assurance Architecture
• BCS Practitioner Certificate in Information Risk Management 

Benefits

• Learning and development tailored to your role
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension with an average employer contribution of 27%

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience.

This gives us the best possible chance of finding the right person for the job, drives up performance and improves diversity and inclusivity.

As part of the application process, you will be asked to complete:  

• A CV detailing job history/qualifications/skills 
• A Statement of Suitability (personal statement) (maximum 1000 words) 
• Provide evidence of the Behaviour examples Changing & Improving, Delivering at Pace, Managing a Quality Service (250 words maximum) 

Further details around what this will entail are listed on the application form.

The Statement of Suitability should concisely explain your motivation for applying to this role, and evidence how you meet the Essential Criteria listed on the Job Specification.

The sift will be held on the Behavioural examples and the Statement of Suitability. The CV is for information purposes only and will not be marked.

If you are successful at sift, shortlisted candidates will be invited to an interview which will consist of Behaviour-based questions on all listed Behaviours.

You will be invited to attend a video interview utilising Microsoft Teams.

Sift and Interview dates

Sift is expected to take place from 10th January 2024 

Interviews are expected to take place from week commencing 29th January 2024

We will try to meet the dates set out in the advert. There may be occasions when these dates will change. You will be provided with sufficient notice of the confirmed dates.

Further information

Please read the essential skills for this position carefully. We will only consider those who meet the listed requirement. 

If you have previously made an unsuccessful application for a role with the same essential skills and are not able to demonstrate how you have developed these skills since your last application please reconsider applying as your application is unlikely to be successful.

For meaningful checks to be carried out, individuals need to have lived in the UK for a sufficient period of time to enable appropriate checks to be carried out and produce a result which provides the required level of assurance. You should normally have been resident in the United Kingdom for the last 3 years if the role requires CTC clearance, 5 years for SC clearance and 10 years for DV. A lack of UK residency in itself is not necessarily a bar to a security clearance and applicants should contact the Vacancy Holder/Recruiting Manager listed in the advert for further advice.

A reserve list of successful candidates will be kept for 12 months. Should another role become available within that period you may be offered this position. 

We often have similar roles available at different grades. If a candidate is suitable for a similar role or a lower grade than they have applied for, we may offer the candidate that role without the need to go through a further selection process providing the role has the same behaviours and essential skills.

Please note: If you are currently an agency member of staff working within the Home Office, you can only apply for roles that are advertised externally, i.e. outside the civil service. If you are eligible to apply for a role, you are required to select yourself as an external applicant and not internal when submitting your application on Civil Service jobs. This will prevent any delays in pre-employment checks should you become successful in being made an offer of employment after the Interview stage.

Visa sponsorship    

We are unable to sponsor any individuals via Skilled Worker Sponsorship / Tier 2 (General) work visas as we do not hold a UK Visa & Immigration (UKVI) Skilled Worker License.   

Every day, Home Office civil servants do brilliant work to develop and deliver policies and services that affect the lives of people across the country and beyond. To do this effectively and fairly, the Home Office is committed to representing modern Britain in all its diversity, and creating a welcoming, inclusive workplace where all our people are able to bring their whole selves to work and perform at their best.

We are flexible, skilled, professional and diverse. We work to recruit and retain disabled staff and area Disability Confident Leader. We are proud to be one of the most ethnically diverse departments in the civil service. We are a Social Mobility Foundation top 75 employer.

New entrants are expected to join on the minimum of the pay band.

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant's details held on the IFD will be refused employment.

For further information please see the attached notes for candidates which must be read before making an application.

Existing Civil Servants should note that some of the Home Office terms and conditions of employment have changed. It is the candidate’s responsibility to ensure they are aware of the Terms and Conditions they will adopt should they be successful in application and should refer to the notes for candidates for further details.

Transfer Terms: Voluntary.

If you are invited to an interview you will be required to bring a range of documentation for the purposes of establishing identity and to aid any pre-employment checks.

Please see the attached list of Home Office acceptable ID documents.

Any move to the Home Office from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk

Reasonable Adjustments

If a person with disabilities is at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes. 

If you need a change to be made so that you can make your application, you should:

• Contact Government Recruitment Service via HOrecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs
• Complete the “Assistance Required” section in the “Additional Requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you're deaf, a language service professional

If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the ‘Contact point for applicants’ section.

Feedback

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.