Defence Digital – Cyber Security Risk Manager
Ministry of Defence
Apply before 11:55 pm on Wednesday 27th November 2024
Details
Reference number
Salary
This post may be eligible for the relevant London weighting allowance.
Job grade
Contract type
Business area
Type of role
Risk Management
Security
Other
Working pattern
Number of jobs available
Contents
Location
About the job
Job summary
Are you ready to work in one of the most interesting cyber security environments and share your experience to support national security?
Interested in projects at the cutting edge of world leading, military technology, such as next-generation fast jet capabilities, unmanned systems, highly secure networks, future warships & military vehicles and ground-breaking sensor technology?
So, who are we?
We are Defence Digital’s Cyber Assessment and Advisory Service (CySAAS) team, within our Cyber Defence and Risk (CyDR) organisation. Consisting of sub teams which assess specialist ICT, communication and weapons systems, we provide assurance, support and advice across the organisation. Our team thrives on curiosity, new ideas and creative thinking, driving a culture of exploring further and influencing wider, making Cyber security a leader in Defence.
CyDR sits at the forefront of cyber security and information technology and is responsible for enabling the provision of specialist assurance and cyber security services across UK Defence, our industry partners, other Government departments and our international allies.
About Defence Digital:
Defence Digital ensures our Armed Forces remain among the most technologically advanced in the world. We do this by putting innovative and effective technology into the hands of over 200,000 users, from the boardroom to the front line.
We lead on cutting-edge data science, automation, and cyber security at scale. Our mission goes beyond the battlefield by leading humanitarian efforts and driving digital innovation that impacts lives across the globe.
Defence Digital forms part of Strategic Command which manages the MOD’s joint capabilities for the Army, RAF, and Royal Navy.
▶ Watch to find out more about what we do.
As a Civil Servant, you’ll also have access to our range of excellent benefits, including flexible working, discount schemes, generous leave allowance and a market-leading Civil Service pension.
Our commitment to your development is fundamental and you’ll be able to take advantage of fantastic learning and development opportunities, tailored to your role and beyond. Whilst in post, you’ll be able to gain industry recognised qualifications, such as CISSP or CRISC and we’ll support you throughout the process.
This post is eligible for a Digital Skills Allowance of up to £15,300 per annum. Eligibility for this allowance will be assessed at interview against 4 core technical skills only and reviewed annually in line with MOD policy.
Passionate about using your skills to make a critical difference? Your next career move could be here.
Job description
As a Cyber Security Risk Assessor within the CySAAS team, you will lead a team providing timely, impartial and consistent assurance, assessment and advisory services across Defence.
Senior personnel will rely on your expertise to ensure they have an accurate understanding of through-life cyber security risks, so they can make informed business decisions. You will work with projects that involve complex technical and security challenges, which may include highly sensitive networks, cryptography and next-generation military vehicles and weapons systems.
Along the way, you will strengthen links with other cyber security bodies and business functions - from business delivery partners who provide project-based assurance activities, to industry trade bodies and organisations which deliver Information Technology (IT).
As an experienced cyber security leader, you will bring to the role a proven ability to communicate at all levels of a diverse organisation. As thought leadership will be a key aspect of the role, you will need to demonstrate a talent for solving complex problems through innovation. You will have the ability to advise on complex risk balance decisions; to explain cyber security policy, governance and technology to non-experts; and to lead a diverse team of skilled cyber security professionals. With you on board, we will develop a culture across UK Defence which values and protects data.
Responsibilities
Responsibilities:
- Provision of timely, impartial and consistent assurance, assessment and advisory services across Defence, to ensure that senior leaders have an accurate understanding of through-life cyber risks and can make informed business decisions.
- Leadership of cyber security assessment personnel. This may include management of Assessors to ensure:
- Strategic direction for MOD cyber security assurance is on track.
- Functional mentoring and professional training and development are achieved.
- Assurance related management information is accurate and up to date.
- Workloads are balanced efficiently.
- Ensuring assurance activities are completed in accordance with Government policy, including escalating risks, explained in business terms, to aid the Senior Leader’s decision-making process.
- Strengthening links with internal and external stakeholders in other cyber security bodies and business functions across Defence, including Defence Intelligence, Defensive Cyber Operations, Principal Security Advisors, industry trade bodies and liaising with other Government Authorities as appropriate; building relationships through encouraging CySAAS attendance at appropriate events.
- Work to develop a pan-Defence culture which values and protects data appropriately. Lead transformation programmes, within your area of responsibility.
- Taking appropriate action as required in response to issues/events e.g., tiger teaming, deep dives.
Strategic Command is going through a significant transformation programme which aims to improve the way the Command conducts its business and delivers for Defence and the nation. As a consequence of this, all posts within Strategic Command Headquarters and in time the wider organisation, are/will be subject to review and potential changes as we continuously improve across the period of the transformation programme. These changes may be minor or could be more substantive and will generate new opportunities. Throughout, the Command’s transformation programme is committed to following the MOD’s framework on managing and supporting people through the change process and places an emphasis on early and open consultation and engagement with the Command’s personnel and Trade Unions.
This position is advertised at 37 hours per week.
Person specification
If you have the following skills and experience, we would love to hear from you!
Your experience is key and whilst not essential, it may be beneficial to have the following desirable industry qualifications or accreditations and experience or knowledge. Training will be provided for the following, where appropriate:
- Certified Information Systems Security Professional (CISSP)
- Certificate in Information Security Management (CISMP)
- ISO27001
- Lead auditor
- Certified Cyber Professional (CCP)
- Operational Security Management
Dependent on the business need, there may be a requirement to travel to meetings within the UK (or potentially occasional overseas visits).
This post is eligible for a Digital Skills Allowance of up to £15,300 per annum. Eligibility for this allowance will be assessed at interview against 4 core technical skills only and reviewed annually in line with MOD policy.
This position can be based at either MOD Main Building, Whitehall, London SW1A 2HB, MOD Corsham, Westwells Road, Corsham, Wiltshire SN13 9NR or RAF Wyton, Huntingdon, PE28 2EA.
Work location will be agreed once the successful candidate has been selected.
This job role may be suitable for hybrid working, which is an informal, non-contractual and voluntary arrangement, blending a balance of attendance in the workplace (your permanent duty station which is based on business assessment of where the work is best done) and working from home as a personal choice (if the role is suitable for this). If you are successful, any opportunities for hybrid working will be discussed with you prior to you taking up your post.
If not already held, successful candidates will be required to undergo DV clearance.
Please note this position is open to sole UK Nationals only.
Behaviours
We'll assess you against these behaviours during the selection process:
- Making Effective Decisions
- Seeing the Big Picture
- Changing and Improving
Technical skills
We'll assess you against these technical skills during the selection process:
- Information risk assessment and risk management
- Applied security capability
- Protective security
- Threat understanding
Benefits
Our benefits include:
- Learning and development tailored to your role with a dedicated minimum of 5 days per year
- 25 days paid annual leave rising (by 1 day per year) to 30 days upon completion of five years’ service
- Ability to roll up to 10 days annual leave per year
- In addition to eight public holidays per year, you will also receive leave for HM The King’s birthday
- A Civil Service pension
- Parental and Adoption Leave
- Discounts on a range of services within and external to the civil service – Defence Discount Service, Civil Service societies for Sports and Leisure, Healthcare, Insurance, Motoring, Company discounts with Virgin, Vodafone, and Microsoft Office.
- In year rewards and ‘thank you’ schemes such as vouchers and gift cards
- A culture encouraging inclusion and diversity
- Find out more here - Discovermybenefits
Equality and Diversity
Our people are at the heart of everything we do at Defence Digital. It’s vital that our workforce reflects the diversity of both our audience and the wider society in the UK, so we’re proud to be an equal opportunities employer and we actively seek candidates from diverse backgrounds and communities. We also recognise the importance of a good work life balance, so we do everything we can to accommodate flexible working, including part-time and job shares for all our roles. Please just let us know in your application or at any stage throughout the process if this is something you want to explore.
Defence Digital operates an organisation model in which every individual belongs to a Government Profession. The successful applicant will be posted into one of the defined Government Professions on Standard Terms of Reference for the grade. Defence Digital reserves the right to move individuals between roles, within their allocated profession, to meet the needs of the business and in support of agile resourcing.
Where business needs allow, some roles may be suitable for a combination of office and home-based working. This is a non-contractual arrangement where all office-based employees will be expected to spend a minimum of 60% of their working time in office, subject to capacity and any required workplace adjustments. Requirements to attend other locations for official business, or work in another MOD office, will also count towards this level of attendance. Applicants can request further information regarding how this may work in their team from the Vacancy Holder (see advert for contact details). Defence Business Services cannot respond to any questions about working arrangements.
The post does not offer relocation expenses.
External recruits who join the MOD who are new to the Civil Service will be subject to a six-month probation period.
‘London locations may attract locational allowances. The ‘Inner London Weighting RRA Allowance’ is £3,250 per annum and the ‘Outer London Weighting RRA Allowance’ is £1,750 per annum.
Please Note: Expenses incurred for travel to interviews will not be reimbursed.
Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.
Any move to MOD from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/.
The Ministry of Defence is committed to providing a safe and healthy working environment for its staff which includes educating them on the benefits of not smoking, protecting them from the harmful effects of second-hand smoke and supporting those who want to give up smoking. Under the Smoke-Free Working Environment policy, Smoking and the use of all tobacco products (including combustible and chewing tobacco products) will not be permitted anywhere in the Defence working environment however some exemptions are in place, please refer to local guidance. The policy is Whole Force and includes all Defence personnel, contractors, visitors and other non-MOD personnel. All applicants seeking, considering, or accepting employment with the Ministry of Defence should be aware of this policy and that it is already in place at a number of Defence Establishments.
MOD Recruitment Satisfaction Survey – We may contact you regarding your experience to help us improve our customer satisfaction. The survey is voluntary and anonymous. You may however be given the opportunity to provide additional information to help us improve our service which includes the collection of some personal data as defined by the United Kingdom General Data Protection Regulation (UK GDPR). The MOD Privacy Policy Notice sets out how we will use your personal data and your rights.
Things you need to know
Selection process details
To apply please complete the CV template provided on the CS Jobs dashboard. You will be assessed against your relevant, skills, knowledge and experience which demonstrates the essential criteria listed within this advert.
All applicants will also need to provide a personal statement (max. 1250 words), which must include evidence of the following essential criteria. Each one will be scored 1-7 and make up part of your overall score to assess your suitability to be invited to interview.
1. Demonstrate your understanding of the development, implementation and through life management of cyber security within a relevant environment, e.g., a complex multi-domain organisation, including any internal and external collaboration.
2. Describe your ability to lead diverse, multi-discipline and geographically dispersed teams.
3. Demonstrate your ability to represent, accurately and clearly, complex technical, procedural and/or governance issues to senior stakeholders.
Interviews
We’ll assess you against these behaviours, technical skills and experience during the interview process:
Presentation
You will be asked to prepare and deliver a 5-minute (max) presentation about leading in Cyber Security. Further details will be provided prior to interview.
Behaviours
- Making Effective Decisions
- Changing and Improving
- Seeing the Big Picture
Technical skills
- Information risk assessment and risk management
- Applied security capability
- Protective security
- Threat understanding
The Government Security Profession Career Framework and the Cyber Security Risk Manager professional role used in this vacancy can be found at: Government Security Profession career framework (publishing.service.gov.uk).
The Civil Service embraces diversity and promotes equality of opportunity. There is a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. If you need to advise us that you need additional help or reasonable adjustments for the recruitment process, please contact: DBSCivPers-Resourcingteam3@mod.gov.uk .
As a result of the changes to the UK immigration rules which came in to effect on 1 January 2021, the Ministry of Defence will only offer sponsorship for a skilled worker visa under the points based system, where a role has been deemed to be business critical. This role does not meet that category and we will not sponsor a visa. It is therefore NOT open to applications from those who will require sponsorship under the points based system.
Should you apply for this role and be found to require sponsorship, your application will be rejected and any provisional offer of employment withdrawn.
Feedback will only be provided if you attend an interview or assessment.
Security
Nationality requirements
Working for the Civil Service
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
Diversity and Inclusion
Apply and further information
Contact point for applicants
Job contact :
- Name : Defence Digital Talent Acquisition Team
- Email : ukstratcomdd-hr-talentacqdel@mod.gov.uk
Recruitment team
- Email : DBSCivPers-ResourcingTeam3@mod.gov.uk
Further information
