Security Risk and Assurance Practitioner (Ref: 91755)
Ministry of Justice
Apply before 11:55 pm on Friday 8th November 2024
Details
Reference number
Salary
Job grade
Contract type
Type of role
Security
Working pattern
Number of jobs available
Contents
Location
About the job
Job summary
Job description
Security Risk and Assurance Practitioner (HEO)
The MoJ Information Security Team sits at the heart of the Ministry of Justice, enabling good security practices through the provision of security policies, guidance and education, by understanding cyber security risks from all parts of the Ministry of Justice and providing assurance to the departmental SIRO, the Permanent Secretary and other senior stakeholders that these risks are being effectively managed in the delivery of MoJ objectives.
The role of the Security Risk and Assurance Practitioner is to support the central MoJ Information Security Team in carrying out cyber security assurance, highlighting non-compliance with required standards and raise and communicate cyber security risks arising from control gaps.
The Security Risk and Assurance Practitioner may also provide advice to others on good risk management practices to enable them to manage residual risk well, identify trends resulting from risk and assurance activities and use these to propose and deliver improvements to processes, policies and guidance, and enable senior team members to resolve tactical requests to the team.
All members of the team are expected to help develop the MoJ Security Function as a centre of excellence for the department and to contribute to building a brilliant and diverse team that is a welcoming place for all.
Typical role expectations and responsibilities
Manage the implementation and delivery of security assurance processes, including GovAssure and supplier assurance activities. Communicate assessment and assurance outcomes to stakeholders in ways that support effective security, risk management and decision-making, and advise stakeholders on their approach to risk assessment in the context of their business outcomes.
Work with Justice Digital and Information Assurance colleagues, or third party suppliers, to gather evidence of the performance of technical services and organisational processes against security baselines, controls and requirements, using key performance indicators.
Provide an informed opinion on Cyber Security risks and the adequacy of controls in place, with a focus on business critical services, based on the outcomes of evidence gathered.
Align risk decisions and advice with relevant regulation, policy and standards to provide proportional, practical advice that is tailored to the local environment, and advise on any residual risk. Understand when risks need to be escalated to more senior stakeholders and take responsibility for doing this.
Contribute to the development and enablement of security policy and security culture by collaborating with the Security Policy, Culture, Awareness and Education team, providing insight on the trends identified from security assurance activities. Assure the ongoing appropriateness of policy in accordance with regulation and wider departmental and government policies. Support risk-related work and enable compliance and governance.
Support and take part in building the network of security partners across government and national technical authorities, and within industry.
Contribute to submissions and reports for senior MoJ officials and support efforts needed to respond to requests and advisories received from government partners.
Monitor the efficiency and effectiveness of security processes across the organisation, make continuous improvement recommendations and deliver these as appropriate.
May include line management responsibilities for more junior team members.
About you:
You will need experience of working well within a security, technology or risk team.
You will be well informed about cyber security and technology, showing willingness to build your awareness of current and emerging technologies and their impact on existing security practices.
You will be able to communicate well with a variety of stakeholders at all levels and relay technical information to a non-technical audience.
You will possess strong analytical and problem-solving skills, adopting a positive approach and displaying flexibility of mind when encountering new situations.
You will display attention to detail and discretion in dealing with confidential topics.
You will need to be methodical and inquisitive, probing for information where appropriate to understand the business context and reasoning. You will be able to challenge to security decisions made by your stakeholders and support others to do so.
Behaviours
We'll assess you against these behaviours during the selection process:
- Managing a Quality Service
- Delivering at Pace
- Developing Self and Others
- Making Effective Decisions
- Changing and Improving
Technical skills
We may assess your current level of knowledge of cyber security and risk management during the selection process.
Person specification
Behaviours
We'll assess you against these behaviours during the selection process:
- Changing and Improving
- Developing Self and Others
- Making Effective Decisions
- Managing a Quality Service
- Delivering at Pace
Benefits
- Access to learning and development
- A working environment that supports a range of flexible working options to enhance your work life balance
- A working culture which encourages inclusion and diversity
- A Civil Service pension with an average employer contribution of 27%
- Annual Leave
- Public Holidays
- Season Ticket Advance
For more information about the recruitment process, benefits and allowances and answers to general queries, please click the below link which will direct you to our Candidate Information Page.
Link: https://justicejobs.tal.net/vx/candidate/cms/About%20the%20MOJ
Things you need to know
Selection process details
Feedback will only be provided if you attend an interview or assessment.
Security
Nationality requirements
Working for the Civil Service
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
Diversity and Inclusion
Apply and further information
Contact point for applicants
Job contact :
- Name : SSCL Recruitment Enquiries Team
- Email : Moj-recruitment-vetting-enquiries@gov.sscl.com
- Telephone : 0845 241 5359
Recruitment team
- Email : Moj-recruitment-vetting-enquiries@gov.sscl.com