About the job

Job summary

This position is based nationally

Job description

Head of Cyber Protection 

The MoJ Information Security Team sits at the heart of the Ministry of Justice. We enable good security practices through the provision of security policies, guidance and education, understand information security risks from all parts of the organisation and provide assurance to senior leaders that these risks are being effectively managed in the delivery of MoJ’s objectives. 

As the Head of Cyber Protection, you will lead the delivery of the MoJ's cyber security strategy and will be responsible for providing specialist security support to those areas of the department which do not have dedicated information security / cyber security teams.

You will be responsible for running and developing a small team consisting of civil servants and contractors who work on these strategically and security-vital projects. You will performance manage senior security specialists, and commercial security providers. Your work will include being responsible for tactical and strategic issues for your team - making challenging priority calls, and communicating these to stakeholders, helping the team explain complex security risks to others, and setting out a growth and development strategy for the team, to ensure we have the right skills for the future technology challenges the department faces. You will also have delegated budget authority for your area of work.

Your role will also be about relationships - working with our wider team to identify areas where we should be proactive in our security work, and helping build links with areas, such as our Justice Digital area, that can help us address risks before they become issues. You will be adept at working with commercial suppliers - often in relationships where security is not the primary driver.

The MoJ’s cyber security strategy states our vision – that every critical Justice service is resilient to cyber-attack. We aim to achieve this by embedding ‘secure by design’ thinking into everything the department does, with ten pillars of strategic activity to support this. Your work in this area will be with stakeholders, technology teams, policy areas, and senior leaders to ensure appropriate plans are delivering our strategy.

Your team are responsible for providing specialist security support to those areas of the department that do not have dedicated information security teams. This will include both direct support of business areas and public bodies with hands-on security support where necessary, as well as helping areas identify their needs for such support and source appropriate effort through relevant frameworks and suppliers, and supervising their work as required.

You will be part of the MoJ Information Security Team's senior leadership team and will be an important part of the Security and Information Group's leadership community.

All members of the team are expected to help develop the MoJ Security Function as a centre of expertise for the department and to contribute to building a brilliant and diverse team that is a welcoming place for all.

MAIN RESPONSIBILITIES

• Be a member of the MoJ’s security leadership team, setting the direction for the area as a whole and representing the entire area (beyond your local team) at corporate events, deputising for the CISO as required.
• Leading a small team of information and cyber security specialists, prioritising work, and developing and implementing a team strategy - helping to focus our resources where they will bring the biggest benefit in improving the department’s cyber security. Development and implementation of a people strategy for your team, covering team size, skills, recruitment and training. Develop and implement a plan for improving employee engagement and making the team a great place to work based on data from people surveys.
• Engage effectively with business areas to embed cyber security into their processes – where they do not have dedicated security effort available. This would include work with suppliers and other partners who are managing our information, helping them to be safe and secure. Work with projects and programme teams as appropriate to help them identify the appropriate level of security support and sourcing strategies for this.
• Lead the delivery of the MoJ’s cyber security strategy. Identify required workstreams, develop and monitor delivery plans, bid for required resources, and support other teams in their work to implement strategic initiatives.
• Provide strategic input into material that supports security governance in the MoJ and across government including overseeing responses to data requests, preparing financial bids, providing updates to governance boards up to Executive Committee and contributing to agencies’ Audit, Risk and Assurance Committees’ discussions on cyber security.
• Be an active participant in the government security community. Create links across government especially within the security profession to ensure that we are contributing to and benefiting from the wider profession especially in dealing with legacy tech and building capability.

CAPABILITIES

The essential skills and experience required are:

• Team leadership - an ability to inspire and coordinate a diverse team of security specialists, helping them to be their best both as individuals and as part of a wider team. Ability to prioritise team activities effectively across a range of complex and urgent tasks.
• Enabling and informing risk-based decisions - Work with team members to identify risks and communicate them effectively to decision makers. Help inform prioritisation of wider departmental work to ensure security improvements are given due consideration.
• Specific technology and security understanding – with a good knowledge of system architectures. Able to understand and articulate the impact of vulnerabilities on existing and future designs and complex systems and can articulate an appropriate response. Has broad knowledge of a range of systems but may specialise in one.
• Communication - you will be an articulate and effective communicator across a range of formats, able to convey complex topics with ease to a variety of audiences and persuade others of the importance of security matters.

Desirable:

• Analysis - Able to apply the approach to real problems and consider all relevant information. Applies appropriate rigour to ensure a full solution is designed and achieves the business outcome.
• Understanding security implications of transformation - Can interpret and apply understanding of policy and process, business architecture, and legal and political implications to assist the development of technical solutions or controls. You will also benefit from knowledge of the different approaches to delivery across digital and technology teams, and how security practices can integrate / clash with these working practices.

Success Profiles

Essential:

• Leadership
• Working together
• Communicating and influencing

Desirable:

• Seeing the big picture
• Making effective decisions
• Developing self and others
• Managing a quality service
• Changing and improving
• Delivering at pace

Person specification

Please refer to job description

Benefits

Alongside your salary of £66,314, Ministry of Justice contributes £18,501 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience.https://justicejobs.tal.net/vx/candidate/cms/About%20the%20MOJ

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.