GOVTALENT.UK

Lead Cyber Security Risk Manager

This opening expired 7 months ago.

Home Office

Home Office
Location(s):
Croydon, Manchester
Salary:
£57,000 to £67,100
Job grade:
Grade 7
Business area:
Project Delivery
Contract type:
Permanent
Working pattern:
Full-time

About the job

Job summary

The Cyber Security Risk Manager identifies, understands and mitigates cyber-related risks. They identify and evaluate security risks to information, systems and processes owned by the organisation, and proactively provide appropriate advice, drawing on a wide variety of sources, to stakeholders across the organisation and at a variety of levels. They provide risk or service owners with advice to help them make well informed risk-based decisions.

Job description

Your main day to day responsibilities will be:

  • The support, planning, development, implementation and management of organisation-wide processes and procedures for the management of risks to the success, confidentiality, integrity and availability of the business, especially those arising from the use of information technology, hardware or data. Thereby, protecting the confidentiality, integrity and availability of the organisation’s assets and business services
  • Provide tailored expert cyber security support and advice that highlights cyber security related risks to a range of stakeholders, projects, business teams and/or service owners on how to remedy identified risks. Helping them to make well-informed decisions, by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise
  • Independently and impartially undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures. Lead the independent analysis and derivation of business-supporting security needs, undertake cyber security related risk assessments, conduct tailored threat assessment and other risk management activities. Ensure activities are consistent with applicable regulations and legislation
  • Develop risk management-related policy and assure the ongoing appropriateness of policy in accordance with regulation and wider organisational and government policies. Communicating effectively with senior stakeholders to ensure they recognise the importance of security considerations and respond accordingly to changes in policy and procedure
  • Manage risk management processes across an organisation, reviewing their efficiency and effectiveness, leading recommendations for continuous improvement. Reviewing internal controls following any security breach, providing advice on how to remediate any vulnerabilities discovered. Agreeing and overseeing remedial solutions, controls and safeguards that are the most appropriate and beneficial for the organisation
  • Assess reviews and risk assessments and ensure all identified risks are managed in accordance with Home Office risk management policies. Communicate outcomes effectively to relevant senior stakeholders across a variety of teams in ways that support effective security, risk management and decision-making, and advise senior stakeholders on their approach to risk assessment in the context of their organisational outcomes

You will also be expected to carry out the following day to day activities:

  • Participating in, contributing to and supporting collaboration initiatives and career development across multiple communities, building in-house capability via a professional community of practice
  • Support the routine risk reporting process by informing on changes in the Home Office's threat landscape and the associated impact on the Home Office's risk exposure, helping to better understand the impact and likelihood of exploitation of a threat.
  • Lead reviews, analysis and research to identify, assess and mitigate against cyber threats, vulnerabilities and risks
  • Assist with the prioritisation of remediation work based on threat, risk likelihood and impact
  • Lead, mentor and support others to perform to their full potential and driving succession planning
  • Advise, guide and support the Home Office Cyber Security (HOCS) function and projects, programmes and operational teams on matters relating to cyber threats, vulnerabilities and risks ensuring that specialist knowledge is kept current
  • Support the development of the Home Office-wide cyber risk model and lead the development of risk registers; ensure that these information sets are aligned with data feeds and repositories
  • Work collaboratively to provide specialist technical and organisational guidance pertaining to risks and control measures associated with emerging threats, closely liaising with stakeholders to assess where control changes are required to deal with the ever-changing threat landscape

Note: The post-holder may be required to carry out other duties within the scope of the grade and within the limits of their skill, competence and training.

Due to business requirements, this role is only available full time.

This post is eligible for a DDaT RRA. Successful Candidates with exceptional skills and experience may apply for an RRA up to a maximum of £11,300. This allowance is subject to an initial review within six months of taking up the post and thereafter an annual review in-line with departmental priorities and could be reduced or withdrawn at any time.

Person specification

Essential Skills

You’ll have a demonstrable passion for Cyber Security with the following skills or strong experience in:

Strategy and architecture:

  • Security and Privacy
    • Information Assurance (INAS) – Level 5
  • Governance, Risk and Compliance
    • Risk Management (BURM) – Level 5
    • Audit (AUDT) - Level 5
    • Quality Assurance (QUAS) - Level 6
  • Advice and Guidance
    • Specialist Advice (TECH) - Level 5

Relationships and Engagement

  • Stakeholder management
    • Stakeholder Relationship management (RLMT) - Level 5 

The skills listed above are reflective of the Home Office DDaT Profession Skills and Competency Model (based on the industry standard SFIA framework).

Please see below for the relevant skills required for your role: 

  • Can lead and manage a team of cyber professionals to provide an effective risk analysis function
  • Is able to coach and mentor, developing more junior team members
  • Communicates effectively with both technical and non-technical stakeholders, and articulates threat intelligence and risk assessments in terms of their impact to the business
  • Building effective relationships with senior stakeholders in order to raise awareness of the importance of security issues, as well as communicating the outcome of audits and investigations
  • Identifies and works in line with best practice principles and uses them to contribute to the ongoing continuous improvement of existing processes and ways of working for information security and risk management
  • Is familiar with key threat intelligence feeds and sources (e.g. NCSC, CiSP etc.) and possesses a good level of knowledge of common cyber security threats and vulnerabilities
  • Analyses, interprets and articulates the specific risks associated with threat intelligence and identified vulnerabilities

Desirable Skills

Ideally you will also have the following skills or some experience in:

  • Experience in information or cyber security including threat and risk analysis for complex, high-risk and/or mission critical systems,
  • Leading and directing teams to enable the day-to-day delivery of services
  • Demonstrated ability to analyse and coherently present complex threat intelligence and risk information relevant to the audience that clearly articulates business impact(s)
  • Experience of a range of cyber risk and controls frameworks, such as NIST, ISO27001, COBIT, ISO31000 Cloud Principles and general wider NCSC guidelines
  • CRISC / CISSP / CISM / CISA or equivalent

Benefits

Alongside your salary of £57,000, Home Office contributes £15,390 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience.

This gives us the best possible chance of finding the right person for the job, drives up performance and improves diversity and inclusivity. 

As part of the application process, you will be asked to complete a CV and Statement of Suitability (Max Word Limit: 500).

Further details around what this will entail are listed on the application form.

The Statement of Suitability should concisely explain your motivation for applying to this role and offer evidence of how you meet the essential criteria listed on the Job Specification.

The sift will be based on the CV and the Statement of Suitability.

Candidates shortlisted will be invited to an interview and asked questions that explore their experience, the Technical Skills from the SFIA framework and all listed behaviours.  

Candidates progressing at interview stage will be required to prepare a presentation, details will be shared nearer to the interview date.

Sift and Interview dates

The sift is expected to commence from 19th February 2024.

Interviews are expected to take place from week commencing 4th March 2024.

We will try to meet the dates set out in the advert. There may be occasions when these dates will change. You will be provided with sufficient notice of the confirmed dates.

Interviews will be carried out via video. Candidates will be required to have access to:

  • A laptop (personal or work) with a working webcam
  • Good internet connection
  • Microsoft Teams

Further information 

Please read the essential skills for this position carefully. We will only consider those who meet the listed requirement.

If you have previously made an unsuccessful application for a role with the same essential skills and are not able to demonstrate how you have developed these skills since your last application, please reconsider applying as your application is unlikely to be successful.

For meaningful checks to be carried out, individuals need to have lived in the UK for a sufficient period of time to enable appropriate checks to be carried out and produce a result which provides the required level of assurance. You should normally have been resident in the United Kingdom for the last 3 years if the role requires CTC clearance, 5 years for SC clearance and 10 years for DV.  A lack of UK residency in itself is not necessarily a bar to a security clearance and applicants should contact the Vacancy Holder/Recruiting Manager listed in the advert for further advice.

For further information on National Security Vetting please visit the following page https://www.gov.uk/government/publications/demystifying-vetting

UK residency and security requirements 

You need to have lived in the UK for the past 5 years.  This is because this post requires the successful candidate to have Security Check (SC) clearance, and you need to have been a resident in the UK long enough for sufficient checks to take place. These checks will only take place after the job offer has been accepted. 

Visa sponsorship

We are unable to sponsor any individuals via Skilled Worker Sponsorship / Tier 2 (General) work visas as we do not hold a UK Visa & Immigration (UKVI) Skilled Worker License.

Where business needs allow, some roles may be suitable for a combination of office and home-based working.  Where this is the case, employees will be expected to spend a minimum of 60% of their working time in the office. Applicants can discuss any specific questions with the Vacancy Holder.

A reserve list may be held for a period up to 12 months from which further appointments may be made.

We often have similar roles available at different grades. If a candidate is suitable for a similar role, or a lower grade than they have applied for, we may offer the candidate that role without the need to go through a further selection process providing the role has the same behaviours and essential skills.

Every day, Home Office civil servants do brilliant work to develop and deliver policies and services that affect the lives of people across the country and beyond. To do this effectively and fairly, the Home Office is committed to representing modern Britain in all its diversity, and creating a welcoming, inclusive workplace where all our people are able to bring their whole selves to work and perform at their best. 

We encourage applications from people from the widest possible diversity of backgrounds, cultures and experiences. We particularly welcome applications from women, people with disabilities and LGBT+ as they are currently under-represented in the Home Office at this grade level. Appointments will be made on merit on the basis of fair and open competition.

We are flexible, skilled, professional and diverse. We work to recruit and retain disabled staff and area Disability Confident Leader. We are proud to be one of the most ethnically diverse departments in the civil service. We are Stonewall top 100 Workplace Equality Employer and a Social Mobility Foundation top 75 employer. 

New entrants are expected to join on the minimum of the pay band. 

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant's details held on the IFD will be refused employment.

For further information please see the attached notes for candidates which must be read before making an application.

Existing Civil Servants should note that some of the Home Office terms and conditions of employment have changed. It is the candidate’s responsibility to ensure they are aware of the Terms and Conditions they will adopt should they be successful in application and should refer to the notes for candidates for further details.

Transfer Terms: Voluntary.

If you are invited to an interview, you will be required to bring a range of documentation for the purposes of establishing identity and to aid any pre-employment checks. 

Please see the attached list of Home Office acceptable ID documents.

Any move to the Home Office from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk  

Reasonable Adjustments

If a person with disabilities is at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes. 

If you need a change to be made so that you can make your application, you should:

Contact Government Recruitment Service via HOrecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs

Complete the “Assistance Required” section in the “Additional Requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you're deaf, a language service professional 

If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the ‘Contact point for applicants’ section. 

Feedback



Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Added: 7 months ago