About the job

Job summary

Are you a Cyber Security Risk Manager that has worked in a large-scale organisation?

If yes, we want you to join us at DWP Digital.

These are critical roles coordinating and delivering the Digital Security Risk management programme of work, with risk driving security, enabling a clear, practical, and realistic view of Cyber Security Risk.

information. The role forms a vital First Line capability within the HMG three-line defence model.

As a Senior Cyber Security Risk Manager, you will work within the Digital Group to help deliver 1st line risk.

identification, assessment, remediation, and treatment of risks. You will identify controls, make recommendations to address security vulnerabilities and control weaknesses in products, projects, and programmes, working with product owners and Subject Matter Experts to enable them to make well informed risk-based decisions whilst leading and influencing management of tactical and strategic risks.

We welcome candidates who are certified in Risk and Information Systems Controls (CRISC), or equivalent risk management qualifications, and/or have proven knowledge of risk management frameworks - identification, assessment, risk response and mitigation, control monitoring and reporting.

Please note this role requires you to pass Security Check clearance. For further information, please see 'Selection process details'.

Job description

The Senior Cyber Security Risk Manager role will be focused on the delivery of 1st line security controls assessment and the risk identification, assessment and management of any gaps or control failings. Ensuring these are framed in a way which reflects all compensatory controls in place and are easily understood by non-technical senior business leaders so they can make informed management decisions.  Key responsibilities include:

• providing effective security Risk expertise, advice and support is delivered to business managers, Senior Risk Owners, and the Executive Team within DWP.
• using evidence and knowledge to support accurate, expert decisions and advice. Carefully consider alternative options, implications, and risks of decisions. Enabling the prioritisation and delivery of solutions with appropriate security controls to mitigate Cyber Security Risks through a structured risk management process.
• ensuring proportionate, risk-informed decisions about current and future security investments can be taken to protect the Department’s assets and improve the Department’s security risk posture.
• managing and support Digital’s Cybersecurity risk management lifecycle by working to help deliver 1st line risk identification, assessment, remediation, and treatment of risks.
• identifying controls and make recommendations to address security vulnerabilities and control weaknesses in products, projects, and programmes, working with product owners and Subject Matter Experts to enable them to make well informed risk-based decisions whilst leading and influencing the management of tactical and strategic risks.
• identifying, capturing, or contextualising risks and mitigating controls, enabling risk owners and managers to take responsibility for the management and maintenance of their security.
• ensuring the timely recording and updating of risks throughout the lifecycle.
• working closely with Security & Data Protection and other internal and external the potential to impact or improve resilience of Digital IT Infrastructure are identified, and/or reported appropriately.
• researching and evaluate business processes in alignment to known/emerging Security risks and controls to ensure expert advice is provided.
• taking responsibility for delivering timely and quality results with focus and drive.

Person specification

When giving details in your employment history and personal statement you should highlight your experience in line with essential criteria below:

• Knowledge in leading complex risk assessments, interfacing routinely with senior management
• The ability to develop complex and innovative information risk management plans under supervision and able to develop complex and innovative information risk management plans either as an individual or leading a team
• Experience of leading corporate threat intelligence processes
• Experience of leading development of corporate Information Security strategies.

If you would like to learn more about the role, please contact natalie.selby1@dwp.gov.uk.

Benefits

• An employer pension contribution of up to 28.97% For further information please click here.
• Annual leave rising up to 30 days, (based on your working pattern).
• Family friendly flexible working arrangements, such as hybrid working, job sharing, term-time working, flexi-time and compressed hours.
• Learning and development tailored to your role this could include industry recognised qualifications, coaching and mentoring. 
• An inclusive and diverse environment with opportunities to join staff networks including: Women’s Network, National Race Network, National Disability Network (THRIVE) and many more.

Salary Information

Pay for this role is from £52,412 to £73,116.

The maximum salary for the grade is £63,517, however a Digital Allowance of up to £9,599 per annum is available for exceptional candidates, based on our assessment of your skills and experience.

Our offer to successful candidates will be based on an assessment of your skills and experience as demonstrated at interview.

Existing Civil Servants who secure a new role on lateral transfer should maintain their current salary.

Existing Civil Servants who gain promotion may move to the bottom of the next grade pay scale or 10% increase in salary whichever would be the greater.

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Experience and Technical skills.

Stage 1: Application

Your application will consist of three parts:

1. A Personal Details application form.

2. Your employment history detailing your responsibilities, skills, accomplishments, plus your qualifications and relevant training. Please copy this information into the box field provided.

3. Personal statement up to 1000 words. Further details around what this will entail are listed on the application form.

When giving details in your employment history and personal statement you should highlight your experience in line with essential criteria listed in the Person Specification.

The sift panel will use the information in your employment history and personal statement to assess your experience, skills and knowledge against the essential criteria above.

For Hints and Tips on completing your application visit Applying for jobs at DWP Digital.

Applications will be sifted at regular intervals from the date the posts are advertised. Please apply as soon as you can, do not wait until the end of the campaign.

Important Information

• You will be asked to complete your employment history any information that you would customarily share on a CV should therefore be entered onto the application form.
• Personal details that could be used to identify you including your name, contact details and address must be removed for your application to be considered.
• If your employment history/personal statement contains any personal details your application will be withdrawn.

Stage 2: Interview

If you’re successful at sift stage you will be invited to a video interview via Microsoft Teams. There, you will be assessed against the following Technical Skills:

• Information Risk Assessment and Management
• Applied Security Capability
• Protective Security
• Threat Understanding

You will be asked to do a 5-minute presentation on Cyber Security Risk Assessment and Management. You may use PowerPoint slides if you wish. 

Interviews will take place from August 2024. Interview dates to be confirmed.

Further information:

Find out more about Working for DWP

A reserve list may be held for a period of 6 months from which further appointments can be made.

All successful candidates and those placed on reserve will be posted in merit list order by location. 

The Civil Service values honesty and integrity and expects all candidates to abide by these principles. Please ensure that all examples provided in your application are taken directly from your own experience and that you describe the examples in your own words. Applications will be screened and if evidence of plagiarism or copying examples/answers from other sources is found, your application will be withdrawn. Internal DWP candidates may also face disciplinary action.

Security Clearance Requirement

You must meet the security requirements before you can be appointed. The level of security needed is security check.

For meaningful checks to be carried out, you will need to have lived in the UK for a sufficient period of time, to enable appropriate checks to be carried out and produce a result which provides the required level of assurance. Whilst a lack of UK residency in itself is not necessarily a bar to a security clearance, and expectation of UK residency may range from 3 to 5 years. Failure to meet the residency requirements needed for the role may result in the withdrawal of provisional jobs offers. 

NSV

For further information on National Security Vetting please visit the following page https://www.gov.uk/government/publications/demystifying-vetting

Reasonable Adjustment

At DWP we value diversity and inclusion and actively encourage and welcome applications from everyone, including those that are underrepresented in our workforce.

We consider visible and non-visible disabilities, neurodiversity or learning differences, chronic medical conditions, or mental ill health. Examples include dyslexia, epilepsy, autism, chronic fatigue, or schizophrenia.

If you need a change to be made so that you can make your application, you should: Contact Government Recruitment Service via DigitalRecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs.

Complete the “Reasonable Adjustments” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.

For further information on reasonable adjustments, terms and conditions and how we recruit visit the How we recruit page. 

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.