Principal Cyber Security Risk Manager
Department for Business and Trade
Apply before Midday on Monday 28th October 2024
Details
Reference number
Salary
Job grade
Contract type
Business area
Type of role
Digital
Information Technology
Other
Working pattern
Number of jobs available
Contents
Location
About the job
Job summary
About us
The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.
Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.
Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.
Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.
The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission.
DBT Cyber work to improve the security of the systems and processes that affect the operation of the Department. The Governance Risk and Compliance (GRC) team were established to create a safer Cyber landscape to deliver DBT’s vision and do this through establishing good practice in new information projects, reviewing compliance and setting standards for the department.
Job description
About the role
The Principal Cyber Security Risk Manager identifies, understands, and mitigates cyber-related risks. They provide risk and service owners with advice to help them make well informed risk-based decisions. Reporting to the Head of Cyber, the role will collaborate with the other teams in Cyber and the broader DDaT community and is responsible for the IRAP service, process enhancements, IRAP case approvals to medium and liaising with SIRO for high-risk cases.
You’ll need to possess cloud expertise, experience, integrity and be able to communicate across all levels and professions within the department, working with teams that are under pressure to provide the most informed risk assessment possible to decision makers. It will take strong collaboration skills to work across the department and with external stakeholders to protect and promote a governed, Cyber risk aware and compliant DBT.
There are four key areas of this role:
- Assess - leading risk and threat assessments activities at pace
- Explain - creating tailored oral and written communications, briefings and preparing advice on regulation, guidance, policy, standards and risk assessment documentation
- Influence - establishing a reputation of authority & influence to enable risk owners, suppliers, developers, and project leads to make well informed decisions
- Inspire - line managing SEOs and below in the team and support their progression
Main responsibilities
You will be a risk assurance professional who understands technology and can:
- Independently lead and undertake Cyber risk identification and management activities, making use of established security and risk management governance structures and where necessary developing new ones
- Undertake Cyber Security risk assessments as part of the IRAP (Information Risk Assurance Process), conduct tailored threat assessments and other risk management activities, to ensure activities are consistent with applicable regulations, legislation, good practice, and Government guidance
- Mentor and develop junior team members in Risk assessment
- Be the point of contact for the CTO and SIRO about Cyber Security Risk
- Provide tailored advice to a range of stakeholders on how to mitigate identified risks by proportionately applying security good practice, ensuring credible advice that is aligned to published guidance and standards and drawing on the breadth of expert support available
- Supporting Cyber compliance and audit activities
- Work across the Cyber team and other professions to provide practical expert advice that enables risk-based decision making at all levels within the department
Person specification
Skills and experience
It is essential that you have:
- A professional information security certification – CISSP or similar
- Experience managing a team and managing contracts
- Experience leading risk management and assurance activities in complex environments - balancing service delivery with security assurance
- Working knowledge of cloud technology architecture
- Solid knowledge of information security frameworks, such ISO 27001, and applying those frameworks in assessing risk
- Effective verbal and written communication skills up to and including C-Suite
It is desirable that you have:
- Experience working within large, complex organisations
- Experience of executing cases and managing outsourced assurance teams
Benefits
- Learning and development tailored to your role
- An environment with flexible working options
- A culture encouraging inclusion and diversity
- A Civil Service pension with an employer contribution of 28.97%
Things you need to know
Selection process details
How to apply
As part of the application process you will be asked to upload a 2-page CV which outlines your experience, skills and fit for the role, and to complete a short, pre-recorded video screening interview (alternately you can provide written answers to questions). Inspire People will assess your application against the essential criteria listed above to compile a longlist of applications, which will then be sifted by DBT hiring managers. If you are successful, you will be invited to interview.
DBT sift will be from week commencing 4th November 2024
Interviews will be from week commencing 11th November 2024
Please note these dates are indicative and may be subject to change.
How we interview
At the interview stage for this role, you will be asked to demonstrate relevant Technical Skills and Behaviours from the Success Profiles framework. These are role specific and in line with the Government Security Framework. You will be asked to complete a risk assessment exercise as part of the process.
Technical Skills
- Information Risk Assessment and Risk Management (IRAP)
- Applied Security Capability
- Proactive Security
- Threat Understanding
- Legal and Regulatory Compliance
Behaviours
- Making Effective Decisions
- Managing a Quality Service
- Communicating and Influencing
How we offer
Offers may be made in merit order based on location preferences. If you pass the bar at interview but are not the highest scoring you will be held on a 12-month reserve list in case a role becomes available. If you are judged a near miss at interview, you may be offered a post at the grade below the one you applied for.
This role requires SC clearance. DBT’s requirement for SC clearance is to have been present in the UK for at least 3 of the last 5 years. Failure to meet this requirement will result in your application being rejected and your offer will be withdrawn.
Checks will also be made against:
- departmental or company records (personnel files, staff reports, sick leave reports and security records)
- UK criminal records covering both spent and unspent criminal records
- your credit and financial history with a credit reference agency
- security services record
- location details
More about us
This role can only be worked from within the UK, not overseas. If you are based in London, you will receive London weighting. DBT employees work in a hybrid pattern, spending 2-3 days a week (pro rata) in the office on average. Travel to your primary office location will not be paid for by DBT, but costs for travel to an office which is not your main location will be covered.
You can find out more about our office locations, how we calculate salaries, our diversity statement and reasonable adjustments, the Recruitment Principles, the Civil Service code and our complaints procedure on our website.
Find out more about life at DBT, our benefits and meet the team by watching our video or reading our blog!
Feedback will only be provided if you attend an interview or assessment.
Security
Nationality requirements
Working for the Civil Service
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
Diversity and Inclusion
Apply and further information
Contact point for applicants
Job contact :
- Name : DDaT Recruitment
- Email : ddat.recruitment@businessandtrade.gov.uk
Recruitment team
- Email : dbtrecruitment.grs@cabinetoffice.gov.uk
Further information
