Cyber Security Assurance and Business Continuity Manager
HM Treasury
Apply before 11:55 pm on Sunday 24th November 2024
Details
Reference number
Salary
Job grade
Contract type
Business area
Type of role
Security
Working pattern
Number of jobs available
Contents
Location
About the job
Job summary
HM Treasury
If you’re interested in making a difference to people’s lives, the Treasury can offer you an exciting opportunity to influence decision making that affects the whole of the UK. Working at the heart of government, we collaborate across government to promote responsible public spending and drive strong and sustainable economic growth.
Our work ranges from protecting customers through the regulation of the financial sector, helping to reduce carbon emissions and creating a greener economy, to promoting British trade around the world and supporting people across the country on jobs, growth and more.
We are part of the Darlington Economic Campus, a pioneering new cross-government hub which brings people together to play an active role in the most important issues of the day whilst working closer to the communities we serve. The campus provides the opportunity for people from all over the UK to help shape the future of the country, and our flexible working practices ensure you can collaborate effectively with our partners. It’s central government, made more accessible to you!
Job description
About the Group
The Corporate Centre Group delivers a wide range of corporate services to enable people at HM Treasury and many of the other organisations who form part of the Treasury Group (including the Government Internal Audit Agency and the Debt Management Office) to operate effectively and efficiently. We are a diverse group, both in terms of our professions and in our ways of working. Our colleagues are based across 3 sites in London, Darlington and Norwich.
The Corporate Centre Group consists of a range of teams and is led by two directors (one of Finance and one of Operations).
- Correspondence and Information Rights
- Finance & Commercial
- People & Capability
- Diversity, Inclusion & Belonging
- Treasury Business Solutions
- Multisite Darlington Economic Campus team
- Exchequer Funds & Accounts team
About the Team
The Treasury Business Solutions (TBS) team are trusted business partners responsible for Technology, Security and Knowledge & Information Management. We have staff based in each of our London, Norwich and Darlington offices. The TBS Security team are responsible for developing and delivering HM Treasury’s security operations program across all domains: cyber and information assurance; continuity and resilience; personnel; and physical security
About the Job
This is an exciting and meaningful opportunity to join the Government Security Profession, working at the heart of Government in a time of momentous change and offering a level of exposure and challenge that is hard to find anywhere else. If you are interested in the challenge, we would be delighted to hear from you!
You will be responsible for ensuring the protection of HM Treasury’s (HMT) network systems and customer data from cyber threats. You will maintain a strong cyber security posture across the IT estate by identifying weaknesses and vulnerabilities and guiding actions to mitigate risks.
You will spearhead the protection of HMT against an extensive range of cyber and technical threats, incorporating principles of GovAssure and Secure by Design into our strategies. You will also orchestrate the combined efforts of our internal team and external partners in conducting vigilant protective monitoring and robust incident response operations, always staying one step ahead to prevent potential vulnerabilities from becoming incidents.
Within your diverse project portfolio, a key focus will be on the continuous evaluation and enhancement of our cybersecurity services, ensuring they align with GovAssure standards and embody the proactive, protective ethos of Secure by Design. Strengthening ties with government partners will be crucial to bolstering our defence mechanisms, driving the professional growth of your team, and ensuring your own development within the cybersecurity domain.
You will lead the charge in not only identifying and mitigating emerging cyber threats but also in ensuring that our systems and processes are designed and implemented with inherent security measures, minimising risk from the outset. Your expertise will play a pivotal role in shaping a resilient cybersecurity posture for HMT.
Key Responsibilities:
- Support the Head of Cyber Security and Technology Risk in protecting HMT’s network systems and customer data against cyber threats.
- Play a crucial role in maintaining a strong cyber security posture by identifying weaknesses and vulnerabilities and guiding actions to mitigate risks and ensure uninterrupted IT services.
- Direct management of a team of cyber security testing and assurance resources.
- Management and oversight of 3rd party suppliers commissioned for meeting specialist testing and assurance requirements.
- Articulate cyber security risks and implications to important partners with sufficient information and recommendations for action to enable senior leaders to make decisions.
- Oversee the development and maintenance of comprehensive Incident Response, Business Continuity, and Disaster Recovery Plans
- Conduct thorough Root Cause Analysis following exercises and incidents to drive improvements to HMT business continuity and disaster recovery capability.
Principal Accountabilities:
- Define and deliver the cyber security technical assurance strategy, setting clear policies and technical standards, and measuring success against defined metrics.
- Manage the cyber security technical assurance team, ensuring the quality and timeliness of services and deliverables, and driving improvements and optimization of cyber security assurance capabilities.
- Ensure compliance with HMT policies and technical standards, driving necessary remediation actions and countermeasures.
- Establish and improve a regular penetration testing program and vulnerability management process.
- Ensure IT Disaster Recovery and Business Continuity plans are established and tested.
- Ensuring key HMT colleagues can respond effectively to major cyber incidents. Considering their role requirements to provide training, advice, and resources.
- Collaborate with IT, application, and team members to devise assurance objectives and ensure appropriate mitigation actions are considered and delivered.
- Deputise for the Head of Cyber Security and Technology Risk for pre-agreed tasks and activities.
We will support you with on-the-job and a formal training structure in a range of certifications, qualifications, and skills. The team is always looking for opportunities to upskill staff and as such applicants with a keen interest and/or experience will be able to grow and develop in post.
We will support you with on-the-job and a formal training structure in a range of certifications, qualifications, and skills. The team is always looking for opportunities to upskill staff and as such applicants with a keen interest and/or experience will be able to grow and develop in post.
Candidate Drop-In Session
The hiring manager will be running a candidate drop-in session for this role to give you greater insight about the role as well as the chance to learn more about HM Treasury and ask any questions you may have. If you would like to join us, then use the appropriate link below to join the call at the right time.
Wednesday 13 November 2024 - 13:00 to 13:50
If you would like to speak to the hiring manager informally prior to the closing date for applications to find out more about the job, please contact joshua.cobb@hmtreasury.gov.uk
Person specification
We are looking for the below skills, experience and behaviours and we will ask you to demonstrate these in your application form. Please review the Candidate FAQ document that is attached to the advert for guidance on how to complete your application form.
- Experience of relevant cyber security risks, this role involves proactively managing security postures, ensuring compliance, and consistently updating policies and strategies against evolving threats (Experience).
- Ability to learn, develop and apply cyber security risk management skills in accordance with changes in the security landscape (Changing and improving).
- Ability to explain complex problems and solutions with regards to cyber and protective security, including delivering complicated messages and advice effectually and persuasively, to different audiences (Communicating and influencing).
- The ability to ensure timely results while encouraging innovation and prioritise the availability of suitable resources for colleagues to perform effectively (Delivering at Pace).
The lead criterion is: Experience.
If we receive large volumes of applications, we will conduct an initial sift on the lead criterion only.
Candidate Guidance Support Session
We will be running an overview of Success Profiles and the STAR approach including top tips for the application and interview process and an opportunity to ask general questions around our recruitment practices. Please note that this session is not role specific, so we will be unable to answer specific questions about roles we are advertising. If you would like to join us, please use the link below to join the call at the right time.
Behaviours
We'll assess you against these behaviours during the selection process:
- Changing and Improving
- Communicating and Influencing
- Delivering at Pace
Benefits
- 25 days’ annual leave (rising to 30 after 5 years), plus 8 public holidays and the King's birthday (unless you have a legacy arrangement as an existing Civil Servant)
- Flexible working patterns (part-time, job-share, condensed hours)
- Generous parental and adoption leave package.
- A Civil Service Pension which provides an attractive pension, benefits for dependants and average employer contributions of 28%
- Onsite restaurant and coffee bar. The London office also offers a gym, showers and prayer room
- Access to a cycle-to-work salary sacrifice scheme, season ticket advances and payroll giving
- Access to a retail discounts and cashback site
- A Rental Deposit Advance Scheme to help meet the total costs of deposits for privately rented homes
- A range of active staff networks, based around interests and diversity
Flexible Working Arrangements
HM Treasury views flexible working as essential in enabling us to recruit and retain talented people, ensuring that they can enjoy a long-lasting career with us. All employees have the right to apply for flexible working and there are a range of options available including; part-time, compressed hours and job sharing. Additionally, we operate flexitime systems, allowing employees the flexibility to adjust their working patterns throughout the week which is subject to operational needs and line management approval.
At HM Treasury we have an incredibly broad remit; our work touches every citizen of the country. So, it’s important our employees come from the widest possible range of backgrounds, bringing us the widest possible range of perspectives and ways of thinking. We are committed to ensuring that all staff can realise their potential and achieve a healthy work-life balance.
HM Treasury operates an office based working approach across all Treasury sites - Darlington, London, and Norwich, and along with the rest of the Civil Service, has an expectation of a minimum of 60% attendance in the office, along with working remotely. This blended working approach allows you to work collaboratively, meet stakeholders face to face, support others and promotes a healthy work life balance (please be aware that this role can only be worked in the UK and not overseas). Some roles will not be suitable for Hybrid Working. Similarly, Hybrid Working will not suit everyone’s circumstances. Arrangements will be discussed and agreed with the successful candidate(s) and subject to regular review. All our offices have been recently modernised and designed to collaborate and connect with colleagues as well as desk and quiet space to allow a range of ways to work.
The office working expectation is linked to location of the role, if you apply to a post in a single location then you will not be able to meet this expectation at any of our other sites or be able to move your role to another location.
Things you need to know
Selection process details
Recruitment Timeline
Closing date: 24 November 2024
Shortlisting: week commencing 25 November 2024
Interviews: week commencing 02 and 09 December 2024
This timeline is indicative and may be subject to change. We will inform you if there is a substantial change to the recruitment timeline.
If your contact details change at any time during the selection process, please ensure you update your Civil Service Jobs Profile.
Please note that only applications submitted through Civil Service Jobs will be accepted.
Location-Based Reserve Lists
You will be placed on a reserve list if your application is successful, but we cannot offer you a post immediately. Where more than one location has been advertised, candidates will be approached for roles in merit order according to the first preferred location stated on your application form.
Please note that a place on the reserve list does not guarantee an offer. We would still encourage you to apply for other HM Treasury opportunities that you are interested in. If you are offered a role in your first preferred location and you decline the offer or you are unable to take up the post within a reasonable timeframe, you will be removed from the reserve list, other than in exceptional circumstances.
Eligibility Statement
A candidate is not eligible to apply for a role in the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government. Checks will be performed as part of pre-employment checks in line with this. Please refer to the Candidate FAQ document attached to the advert for more information.
Everyone working with government assets must complete Baseline Personnel Security Standard (BPSS) checks. Additionally, individuals appointed to the Treasury group will be subject to National Security Vetting. The level of security vetting required for this role is Developed Vetting (DV).
To allow for meaningful checks to be carried out, applicants typically need to have lived in the UK for the past 10 years. In exceptional circumstances, a lack of residency would not be a bar to security clearance however the Department will need to consider eligibility on a case by case basis once the advert closing date has passed.
Please read the Vetting Charter for information on what to expect during the vetting process and what will be expected from you. Many areas of your life may be explored during your vetting journey, and it is important that every individual, regardless of their background and experiences, should feel comfortable going through this personal process, whilst having confidence that it is fair, proportionate, and inclusive.
These short videos address common concerns and preconceptions which applicants may have about national security vetting. If you have questions relating to security clearances, please contact HMTSecurityVetting@hmtreasury.gov.uk
Feedback will only be provided if you attend an interview or assessment.
Security
Nationality requirements
Working for the Civil Service
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
Diversity and Inclusion
Apply and further information
Contact point for applicants
Job contact :
- Name : Joshua Cobb
- Email : joshua.cobb@hmtreasury.gov.uk
Recruitment team
- Email : hrrecruitment@hmtreasury.gov.uk