About the job

Job summary

The Cyber Security Risk Manager identifies, understands and mitigates cyber-related risks. They identify and evaluate security risks to information, systems and processes owned by the organisation, and proactively provide appropriate advice, drawing on a wide variety of sources, to stakeholders across the organisation and at a variety of levels. They provide risk or service owners with advice to help them make well informed risk-based decisions.

Job description

Your main day to day responsibilities will be:

• The planning and implementation of organisation-wide processes and procedures for the management of cyber risk to the success or integrity of the business, especially those arising from the use of information technology, hardware or data. Monitor the efficiency and effectiveness of the risk management processes across the organisation and make recommendations for continuous improvement.
• Conduct reviews and risk assessments when necessary and feedback findings to the relevant parties. Communicate risk assessment outcomes to stakeholders in ways that support effective security, risk management and decision-making, and advise stakeholders on their approach to risk assessment in the context of their business outcomes
• Work within established security and risk management governance structures, usually under supervision to support, review and undertake straightforward risk management activities such as: helping with the analysis and derivation of business-supporting security needs; undertaking cyber security related risk assessments; basic threat assessments and other risk management activities
• Interpret and contribute to the development of risk management-related policy and assure the ongoing appropriateness of policy in accordance with regulation and wider departmental and government policies. Have an understanding of the applicability of appropriate legislation and regulations
• Provide advice to address identified cyber security related risks by applying of a variety of security capabilities, which may include using published guidance, standards or experts as appropriate: the scenarios will be straightforward, and the advice given will be proportionate and contextualised to the use case. Provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different assurance activities and make recommendations for improvement
• Help risk or service owners to make decisions that are well informed by good and clear security advice, including contributing to reports or working within established reporting chains in a security team

You will also be expected to carry out the following day to day activities:

• Driving the collection of statistical information relating to systems security incidents and identified vulnerabilities to enhance risk management
• Mentoring junior members of the team to ensure that they are up to speed with Home Office and security principles and developing in line with Home Office values
• Working closely with other Home Office Cyber Security (HOCS) personnel to ensure that specialist knowledge is kept current
• Participating, contributing to, and supporting collaboration initiatives and career development within the IT Operations community, building in-house capability via a professional community of practice
• Communicating effectively with relevant teams and stakeholders to ensure they recognise the importance of security considerations and respond accordingly to changes in policy and procedure
• Working on remedial solutions and ensuring resolution activities are carried out through liaising with the appropriate stakeholders
• Ensure all identified risks are managed in accordance with Home Office risk management policies.

Note: The post-holder may be required to carry out other duties within the scope of the grade and within the limits of their skill, competence and training.

Due to business requirements, this role is only available full time.

This post is eligible for a DDaT RRA. Successful Candidates with exceptional skills and experience may apply for an RRA up to a maximum of £8,300. This allowance is subject to an initial review within six months of taking up the post and thereafter an annual review in-line with departmental priorities and could be reduced or withdrawn at any time.

Person specification

Essential Skills

You’ll have a demonstrable passion for cyber security, with the following skills or experience in: 

Strategy and architecture:

• Security and Privacy
  • Information Assurance (INAS) - Level 4
• Governance, Risk and Compliance
  • Risk Management (BURM) - Level 4
  • Audit (AUDT) - Level 4
  • Quality Assurance (QUAS) - Level 5
• Advice and Guidance
  • Specialist Advice (TECH) - Level 4

Relationships and Engagement

• Stakeholder Management
  • Stakeholder Relationship Management (RLMT) - Level 4

The skills listed above are reflective of the Home Office DDaT Profession Skills and Competency Model (based on the industry standard SFIA framework).

Please see below for the relevant skills required for your role: 

• Developing technical knowledge in order to understand the security impacts of any changes, and applying yourself to manage these
• Absorbing potentially large amounts of conflicting information and using it to produce recommendations and solutions, leveraging analysis to enhance business performance
• Demonstrating strong stakeholder skills in order to communicate and influence colleagues around the impact of security issues

Minimum Skill expectations include: 

• Information risk assessment and risk management - practitioner level
• Applied security capability - practitioner level
• Protective Security - working level
• Threat understanding - working level

Desirable Skills

Ideally you will also have the following skills or some experience in:

• Managing and operating risk management tools

Qualifications

• ITIL v3/v4 Foundation
• ISEB Certificate in Information Security Management Principles (CiSMP)
• CRISC or equivalent is desirable

Benefits

Alongside your salary of £41,600, Home Office contributes £11,232 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Things you need to know

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience.

This gives us the best possible chance of finding the right person for the job, drives up performance and improves diversity and inclusivity. 

As part of the application process, you will be asked to complete a CV and Statement of Suitability (Max Word Limit: 500).

Further details around what this will entail are listed on the application form.

The Statement of Suitability should concisely explain your motivation for applying to this role and offer evidence of how you meet the essential criteria listed on the Job Specification.

The sift will be based on the CV and the Statement of Suitability.

Candidates shortlisted will be invited to an interview and asked questions that explore their experience, the Technical Skills from the SFIA framework and all listed behaviours.

Sift and Interview dates

The sift is expected to commence from 19th February 2024.

Interviews are expected to take place from week commencing 4th March 2024.

We will try to meet the dates set out in the advert. There may be occasions when these dates will change. You will be provided with sufficient notice of the confirmed dates.

Interviews will be carried out via video. Candidates will be required to have access to:

• A laptop (personal or work) with a working webcam
• Good internet connection
• Microsoft Teams

Further information 

Please read the essential skills for this position carefully. We will only consider those who meet the listed requirement.

If you have previously made an unsuccessful application for a role with the same essential skills and are not able to demonstrate how you have developed these skills since your last application, please reconsider applying as your application is unlikely to be successful.

For meaningful checks to be carried out, individuals need to have lived in the UK for a sufficient period of time to enable appropriate checks to be carried out and produce a result which provides the required level of assurance. You should normally have been resident in the United Kingdom for the last 3 years if the role requires CTC clearance, 5 years for SC clearance and 10 years for DV.  A lack of UK residency in itself is not necessarily a bar to a security clearance and applicants should contact the Vacancy Holder/Recruiting Manager listed in the advert for further advice.

For further information on National Security Vetting please visit the following page https://www.gov.uk/government/publications/demystifying-vetting

UK residency and security requirements 

You need to have lived in the UK for the past 5 years.  This is because this post requires the successful candidate to have Security Check (SC) clearance, and you need to have been a resident in the UK long enough for sufficient checks to take place. These checks will only take place after the job offer has been accepted. 

Visa sponsorship

We are unable to sponsor any individuals via Skilled Worker Sponsorship / Tier 2 (General) work visas as we do not hold a UK Visa & Immigration (UKVI) Skilled Worker License.

Where business needs allow, some roles may be suitable for a combination of office and home-based working.  Where this is the case, employees will be expected to spend a minimum of 60% of their working time in the office. Applicants can discuss any specific questions with the Vacancy Holder.

A reserve list may be held for a period up to 12 months from which further appointments may be made.

We often have similar roles available at different grades. If a candidate is suitable for a similar role, or a lower grade than they have applied for, we may offer the candidate that role without the need to go through a further selection process providing the role has the same behaviours and essential skills.

Every day, Home Office civil servants do brilliant work to develop and deliver policies and services that affect the lives of people across the country and beyond. To do this effectively and fairly, the Home Office is committed to representing modern Britain in all its diversity, and creating a welcoming, inclusive workplace where all our people are able to bring their whole selves to work and perform at their best. 

We encourage applications from people from the widest possible diversity of backgrounds, cultures and experiences. We particularly welcome applications from women, people with disabilities and LGBT+ as they are currently under-represented in the Home Office at this grade level. Appointments will be made on merit on the basis of fair and open competition.

We are flexible, skilled, professional and diverse. We work to recruit and retain disabled staff and area Disability Confident Leader. We are proud to be one of the most ethnically diverse departments in the civil service. We are Stonewall top 100 Workplace Equality Employer and a Social Mobility Foundation top 75 employer. 

New entrants are expected to join on the minimum of the pay band. 

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant's details held on the IFD will be refused employment.

For further information please see the attached notes for candidates which must be read before making an application.

Existing Civil Servants should note that some of the Home Office terms and conditions of employment have changed. It is the candidate’s responsibility to ensure they are aware of the Terms and Conditions they will adopt should they be successful in application and should refer to the notes for candidates for further details.

Transfer Terms: Voluntary.

If you are invited to an interview, you will be required to bring a range of documentation for the purposes of establishing identity and to aid any pre-employment checks. 

Please see the attached list of Home Office acceptable ID documents.

Any move to the Home Office from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk  

Reasonable Adjustments

If a person with disabilities is at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes. 

If you need a change to be made so that you can make your application, you should:

Contact Government Recruitment Service via HOrecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs

Complete the “Assistance Required” section in the “Additional Requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you're deaf, a language service professional 

If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the ‘Contact point for applicants’ section. 

Feedback

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.