Information & Cyber Risk Assurance Advisor

Details
-----------

Reference number

462096

Salary

£56,900 \- £69,765
G7 \- National: £56,900 \- £64,510; London: £62,595 \- £69,765 (pro\-rata for part\-time hours)

This role also attracts an allowance of up to £10,000, depending on skills, qualifications, and experience, according to the Government Digital and Data Framework. Further details on the framework can be found here \- https://ddat\-capability\-framework.service.gov.uk/role/security\-architect\#lead\-security\-architect
A Civil Service Pension with an employer contribution of 28\.97%
GBP

Job grade

Grade 7### Contract type

Permanent### Business area

DESNZ \- Integrated Corporate Services \- Operations### Type of role

Security### Working pattern

Flexible working, Full\-time### Number of jobs available

1
Contents
------------

• Location


• About the job


• Benefits


• Things you need to know


• Apply and further information

Location
------------

Birmingham, Bristol, Cardiff, Darlington, Edinburgh, London, SalfordAbout the job
-----------------

Job summary

The Integrated Corporate Services (ICS) is a shared corporate service. It provides corporate services (HR, Finance, Digital, Commercial, Security and Estates) across the Department for Energy Security \& Net Zero (DESNZ) and the Department for Science, Innovation \& Technology (DSIT).

Our team of over 400 professionals will be leading the way in how these functions will be delivered in the future. Our ambition is to be the leading provider of integrated corporate services for government and set the standard for quality, efficiency, and innovation in our field.

We offer great working benefits including a world\-class pension, flexible working options and a career where your learning and development is taken seriously. We are enormously proud to be a Disability Confident Leader employer. We support candidates with adjustments throughout our recruitment process. Information about disability confidence and just some examples of the adjustments that you can request can be found in the reasonable adjustment section below.

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service D\&I Strategy.

Find Out More

You can also follow our LinkedIn Careers Page: https://www.linkedin.com/showcase/desnz\-careers/

Job description

The Role and Our Team

Are you interested in joining a high performing team of security professionals? If you are ready to challenge yourself and become a member of a specialist security team, then we have a great opportunity for you.

We need an organised, proactive and flexible individual to provide Information and Cyber Security Risk Management and Assurance functions across two departments — the Department for Energy Security \& Net Zero and the Department for Science, Innovation \& Technology — and within the Departmental Security Unit (DSU), including support to Arm’s Length Bodies.

The Information \& Cyber Risk Assurance Advisor identifies, understands and advises cyber related risks affecting information, systems, platforms and business processes. They identify and evaluate security risks across complex digital services and operational environments and proactively provide proportionate, evidence based advice to stakeholders at a variety of levels.

The role supports delivery by enabling well informed, auditable, risk based decisions while maintaining appropriate security standards.

The role is operational delivery and technical combining cyber risk management, GovAssure delivery, application and platform assurance and operational security support. The postholder will also provide technical leadership, line management and support and deputise for the Deputy Chief Information Security Officer when required.

Your role will also serve as the lead for ICS and its customers on cyber incidents \- often at pace – including within significant cross Government activities, contributing your expertise and supporting your peers.

When the need arises, you will be expected to deputise for the Deputy CISO.

While some elements of this role can be delivered remotely, the successful candidate will be expected to work from our contracted office a minimum of 40\-60% of their time. Regular visits will be required to London and other offices. If not based in the London office, frequent travel to London or other Programmes for Growth offices may be required, including at short notice or on the same day.

Person specification

Key Responsibilities

• Independently undertake cyber security risk management and assurance activities within established security and risk management governance structures.


• Identify, analyse and evaluate cyber risks to information, systems, platforms and business processes, including conducting tailored threat assessments and risk based exceptions.


• Lead the analysis and derivation of business supporting security requirements and undertake cyber security risk assessments consistent with applicable legislation, policy and recognised standards.


• Provide tailored, proportionate security advice to a wide range of technical and non technical stakeholders drawing on published guidance, standards, expert input and personal expertise.


• Provide expert security advice that clearly articulates cyber risk, impact and mitigation options, enabling risk and service owners to make well informed and auditable decisions.


• Produce clear, detailed and balanced written reporting, including risk assessments, assurance findings, recommendations and briefings for senior stakeholders.


• Support and deliver GovAssure activity, including contributing to WebCAF narrative, evidence identification and structuring, remediation planning and preparation for future assurance cycles.


• Provide security assurance for applications, platforms and services, including penetration testing, secure by design and go live assurance, UAT support and architectural governance.


• Support day to day cyber security operations, including BAU and ad hoc operational support, Duty Officer rotas and incident response activity.


• Support the planning, development, implementation and maintenance of information and cyber security policies, standards and guidance, including drafting and owning policy artefacts through consultation and governance.


• Act as a trusted technical advisor across DESNZ, DSIT, Arm’s Length Bodies and attend forums/board accordingly.


• Represent the organisation and Information \& Cyber Security function at cross\-government forums, working groups and initiatives, contributing to shared standards, guidance and best practice.


• Provide technical leadership and line management to cyber security specialists, supporting performance, capability development, quality assurance of outputs and succession planning.


• Support and deputise for the Deputy Chief Information Security Officer, escalating material cyber risks and acting on their behalf when appropriate.


• Lead policy creation, development and management, ensuring alignment with departmental and cross government priorities.


• Represent ICS and the Department in cross government forums and initiatives.


• Digital Governance and Assurance: Regularly conduct reviews of architectural and technical documentation


• Maintain direct engagement with ICS Digital, supporting delivery of live service operations including incident management, ad hoc escalations and driving mitigation and remediation activities.

As a line manager, you will be responsible for working with your members of staff to define their objectives, as well as managing their development and performance.

Essential Criteria

A demonstrable passion for Cyber \& Information Security, with the following skills or experience aligned with the Government Security Profession Career Framework:

• Information Risk Assessment \& Risk Management: Ability to conduct and review cyber risk assessments using appropriate methods and to inspect and report on the security characteristics of systems and services.


• Applied security capability: Ability to elicit security requirements using threat, vulnerability and impact analysis and apply control frameworks with an understanding of their strengths and limitations.


• Threat understanding: Ability to remain up to date with the cyber threat landscape and communicate potential impact clearly to the business.


• Communication: Strong ability to communicate cyber risks, assessments and assurance outcomes to both technical and non technical stakeholders.


• Stakeholder engagement: Ability to build effective relationships with senior stakeholders, raise awareness of security issues and communicate the outcomes of assurance activity, audits and investigations.


• GovAssure: Experience supporting GovAssure or equivalent cyber assurance activity, including articulating cyber risk, contributing to assurance outcomes and advising on proportionate remediation actions.


• Professional leadership: Experience providing technical leadership and line management to cyber security professionals.

Desirable Criteria

• Experience representing an organisation or security function in cross government forums, working groups or initiatives.


• Experience deputising for a senior security leader and supporting escalation and management of material cyber risks.

Behaviours

We'll assess you against these behaviours during the selection process:

• Making Effective Decisions


• Communicating and Influencing


• Working Together

Technical skills

We'll assess you against these technical skills during the selection process:

• Analysis \- Security architect \- Government Digital and Data Profession Capability Framework


• Communication \- Security architect \- Government Digital and Data Profession Ca

This listing is from indeed. View original listing ↗