About the job

Job summary

Are you ready to work in one of the most interesting cyber security environments and share your experience to support the Royal Navy and national security?

A vacancy exists for a Cyber Security Assessor within the RN team to provide timely, impartial, and consistent assessments and advisory services across the Service and with our departmental and industry partners. The RN Cyber Security Assessor is an integral role protecting the RN against external and internal cyber security threats to maintain and develop strong cyber defences across the RN.  

The department has recently launched a totally new approach to Cyber Security called Secure by Design (SbD). This is an opportunity to be part of what is a transformational approach while providing specialist support to RN project team to enable secure delivery and operation.

This position is advertised full time, at 37 hours per week.

Job description

Your knowledge and experience will provide expertise, to ensure an accurate understanding of through-life cyber security risks, to assist in making informed business decisions. You will work with projects that involve complex technical and security challenges, which may include highly sensitive networks, cryptography and next-generation platforms. Along the way, you will strengthen links with other cyber security bodies and business functions, including business delivery partners, who provide project-based assurance activities.

 As an experienced cyber security professional, you will bring a proven ability to communicate at a range of levels within a diverse organisation. Thought leadership will be a key aspect of the role and you’ll need to demonstrate a talent for solving complex problems through innovation. You will have the ability to advise on complex risk balance decisions and explaining cyber security policy, governance, and technology to non-experts. With you on board, we will develop a culture across the Royal Navy which values and protects data.

 As a Cyber Security Assessor, you will be responsible for confirming, in the form of assurance, that a project has provided appropriate evidence to give the Senior Responsible Owner (SRO) confidence that the appropriate risks have been understood and the implementation of any system, platform or infrastructure has been adequately secured as a result.

 You will do this by considering any national and departmental regulations and identifying risks that present an unacceptable threat to the RN, Defence and in turn national security. Where such implementations do not conform to policy, as the lead assessor, you will be required to advise the Delivery team on the appropriate escalation process for a decision to be balanced against the overarching business requirement.

 In return, you will benefit from excellent learning and development opportunities tailored to your role and beyond. Whilst in post, you’ll be able to gain industry and MoD recognised qualifications, such as CISSP or CRISC and more including the MoD Cyber Foundation Pathway, and we’ll support you throughout the process. You’ll also be able to take advantage of our excellent benefits package, including flexible working, generous leave allowance and a market-leading Civil Service pension.

 We are a small, highly specialised team, performing a critical role for the Royal Navy, offering an exciting opportunity to join us and become part of our journey!

 Primary Purposes:

• Information assurance and accreditation support and advice to projects and programmes.
• Support to information assurance and cyber security transformation programme, including the application of Secure by Design policy and guidance.
• Lead the promotion of cyber security standards and best practice across the Royal Navy, guiding and influencing project and policy decision making as appropriate and seeking novel solutions to challenging security issues.
• Review risk management and security design evidence, to confirm that risk assessments and risk treatment plans are consistent with business requirements.
• Confirm that residual security risks have been captured and accepted by the appropriate risk owner, in accordance with the risk owner’s delegated authority.
• Recognise risk management and security decisions that have an implication beyond their level of responsibility, experience or delegated risk tolerance and escalate accordingly.
• Development of information security and cyber security policy.
• Managing and driving mitigation of RN cyber risk.
• Explain the project risk assessment to the risk owner, in terms of business objectives threats, risks, vulnerabilities, controls and business impacts.
• Liaises with appropriate subject matter experts across Defence including the NTA, Joint Cyber Unit and, where appropriate other Government Departments and Security Agencies.

 Secondary Purposes:

• Development of information security and cyber security policy.
• Represent RN on information security matters at internal and external meetings.
• Liaise with appropriate subject matter experts across the RN and Defence including the National Cyber Security Centre (NCSC), Cryptographic Service for Defence, Joint and other Services Cyber Units and, where appropriate, other Government Departments and Security Agencies.

Person specification

Essential: 

• Self-motivated and driven, 
• Actively interested in Information Assurance, Cyber Security, IT and related areas, 
• A logical approach, focusing on the business outputs, 
• A technical understanding, 

Desirable: 

• Cyber Security Governance and Management
• Risk Management
• Operational Security Management
• The ability to build strong working-relationships.
• Great communication skills, able to converse at a wide variety of levels.
• Able to lead both technical and non-technical teams.

Benefits

Alongside your salary of £35,290, Ministry of Defence contributes £9,528 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience.

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience.

Candidates will be required to provide a CV, details to include job history, relevant qualification details and previous skills and experience.

Candidates will also be required to provide a statement of suitability of no more than 1000 words providing experience relevant to the role.

At sift, you will be assessed against the following Success Profiles Behaviours

• Leadership
• Making Effective Decisions
• Communicating & Influencing
• Delivering at Pace
• Working Together 

At interview, you will be assessed against the following Success Profiles Behaviours

• Leadership
• Making Effective Decisions
• Communicating & Influencing
• Delivering at Pace
• Working Together 

The Civil Service embraces diversity and promotes equality of opportunity. There is a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. If you need to advise us that you need additional help or reasonable adjustments for the recruitment process, please contact: DBSCivPers-Resourcingteam3@mod.gov.uk  

As a result of the changes to the UK immigration rules which came into effect on 1 January 2021, the Ministry of Defence will only offer sponsorship for a skilled worker visa under the points based system, where a role has been deemed to be business critical.  

The role currently being advertised has not been assessed as business critical and is therefore NOT open to applications from those who will require sponsorship under the points based system. Should you apply for this role and be found to require sponsorship, your application will be rejected and any provisional offer of employment withdrawn. 

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.