Defence Business Services - DBS - Cyber Security Assessor Risk Manager Principal 1
Ministry of Defence
Apply before 11:55 pm on Sunday 17th November 2024
Details
Reference number
Salary
Job grade
Contract type
Business area
Type of role
Working pattern
Number of jobs available
Contents
Location
About the job
Job summary
Are you a dedicated person who is passionate about making a difference?
Would you like to work for the Ministry of Defence?
Defence Business Services (DBS) is one of the largest shared service organisations in Europe that provides a wide range of corporate services, to over 1.2 million end users, including serving and past military and families, as well as MoD civil servants and industry. DBS delivers large scale administration and smaller specialist services to enable the wider MOD to focus on its core aims, maintaining the UK’s Defence and Security. Services include Human Resources, Pay, Veterans, Finance and Procurement.
- Our Vision - To support UK defence customers with outstanding service every time.
- Our Mission – Together we will proudly support Defence, continuously improving and delivering flexible, timely, sustainable and value for money services that underpin the whole force and enhance operational capability.
DBS is committed to creating a great place to work for all our colleagues. We are building an inclusive culture and respectful environment that reflects the diversity of the society.
We want to maximise the potential of everyone who chooses to work for us through opportunities to develop your skills and experience. We also offer a range of flexible working patterns and support to make a fulfilling career accessible to you and offer a Civil Service pension with an average employer contribution of 27%. Where your role permits, we support a blended working approach alternatively known as hybrid working.
Where business needs allow, some roles may be suitable for a combination of office and home-based working. This is a non-contractual arrangement where all office-based employees will be expected to spend a minimum of 60% of their working time in office, subject to capacity and any required workplace adjustments. Requirements to attend other locations for official business, or work in another MOD office, will also count towards this level of attendance. Applicants can request further information regarding how this may work in their team from the Vacancy Holder (see advert for contact details). Defence Business Services cannot respond to any questions about working arrangements.
DBS has recently undertaken a review of its operational locations in the North West, and have consolidated all activities in Norcross, Blackpool. A further move, to the new Government Hub at Talbot Gateway in Blackpool, is scheduled to take place in 2026.
Come and join the DBS community today!
Job description
DBS DIT provides digital capability that supports corporate services across the Ministry of Defence, including Finance, Commercial, Payroll and Human Resources for Military Personnel, Civilian Personnel and Veterans.
Cyber Security Assessors are responsible for independent assessment of Delivery Teams’ adherence to Secure by Design and relevant risk and security policies and standards. They coordinate between Delivery Teams dealing with similar security challenges to optimise solutions and minimise duplication of effort. They are responsible for consistent, coherent advice and support to relevant capabilities. They identify, understand and mitigate cyber-related risks. They provide risk or service owners with advice to help them make well informed risk-based decisions.
As Cyber security Assessor within the DBS Cyber Team you will manage all day to day IT Security and System Information Assurance, and, applying Secure by Design, ensure that security is embedded in all stages of the application development life cycle, and that there is continuous monitoring through use. You will also advise on and test the efficacy of measures to build security into continuous integration and deployment with specific responsibilities for the day to day IT security for multiple Military and Civilian HR systems and Finance systems.
The role will require you to demonstrate a talent for solving complex problems and for effective communication at all levels. You will be able to advise on complex risk balance decisions, propose innovative solutions and to explain MOD’s security policy, governance and technology controls to non-IT/security experts. Senior Responsible Owners and Project Leads will rely on your expertise to ensure they have an accurate understanding of through-life cyber security risks, so they can make informed decisions. Projects may involve complex technical and security challenges and you will need a good understanding of technical controls and policy (JSP 440; JSP 604/453)
The Key Responsibilities are:
• Lead the embedment of Secure by Design (SbD) principles into application development by providing advice and internal consultancy on highly complex criteria and contexts for multiple systems.
• Manage system accreditation transition to SbD
• Lead multi-team assessment of application resilience throughout the DBS IT estate, reviewing regular application security reports, holding accountability and responsibility for secure design implementation;
• supporting delivery of main gate assurance of all projects and changes; ensuring compliance with Information Assurance Policy and Security Principles
• Lead and assure processes, and provide specialist advice though leadership on tooling and dynamic and static analysis in the product development life cycle.
• Lead Delivery Team Security Leads (previously Security Assurance Co-ordinator (SACs)) alongside senior decision makers to embed secure development life cycle and security awareness.
As a Principal Cyber Security Risk Manager, you will:
• Conduct cyber security risk assessments
• Implement continuous risk management; Lead and undertake risk management activities against the hardest or more novel scenarios, while applying the fundamental principles of risk management to a range of complex scenarios and lead regulatory or legislative compliance activities.
• Guide and direct specialist activities or others, actively promoting development in the applicable skills, providing leadership and sharing best practice widely across government, the public sector, and industry.
• Lead the analysis and derivation of complex security needs.
• Lead Cyber Security related risk assessments and other expert risk management activities, including providing guidance on establishing the organisation’s Cyber Security related governance arrangements.
• Provide guidance to ensure on-going confidence that fundamental organisational security needs have been met, including integrating a range of assurance approaches and techniques to give continued confidence to the risk, service or system owner.
• Shape leadership decision-making through
o Effective reporting and communication regarding the effectiveness of security processes across an organisation
o Providing recommendations to highly complex problems
o Acting as an SME for complex cyber risk management concerns, issues and problems
Person specification
Desirable skills.
• Knowledge/experience of implementing Secure by Design Principles.
• Knowledge and experience of risk management
Behaviours
We'll assess you against these behaviours during the selection process:
- Making Effective Decisions
- Seeing the Big Picture
Technical skills
We'll assess you against these technical skills during the selection process:
- Information risk assessment and risk management. Level - Expert
- Applied security capability Level - Practitioner
- Protective security Level - Expert
- Threat understanding. Level - Practitioner
Benefits
- An environment with flexible working options Monday-Friday
- 25 days paid annual leave rising (1 day per year) to 30 days upon completion of 5 years’ service (pro rata). In addition to 8 public holidays per year, you will also receive leave for HM The Sovereign's birthday
- Hybrid working where role permits
- An opportunity to be considered for Reward and Recognition - £250-£5000 per year
- Family-friendly policies including - parental leave and adoption leave
- Learning and development tailored to your role
- Professional and personal development of skills
- A culture encouraging inclusion and diversity
- Minimum of 15 days special leave in a rolling 12 month period for volunteer reserve commitments
- Special paid leave to volunteer up to 6 days per year
- A Civil Service pension with an average employer contribution of 27%
Allowances
This post is eligible for a Digital Skills Allowance of up to [£15,300] per annum. Eligibility for this allowance will be assessed at interview against the 4 core technical skills only and reviewed annually in line with departmental policy.
The post does not offer relocation expenses.
Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.
External recruits who join the MOD who are new to the Civil Service will be subject to a six-month probation period.
Employment Hours
This position is advertised at 37 hours per week.
Things you need to know
Selection process details
Please ensure that at the application and interview stages of the campaign you review the Success Profiles Framework to assist you in the demonstration of your skills and experience.
Your suitability for the role will be assessed using the Success Profile elements that have been chosen for this campaign. Each element will be scored accordingly, and the successful candidate will be appointed on merit.
Applications will be sifted on all Success Profile elements, but in the event of a high number of applications, an initial sift will be conducted on the following success profile elements:
Primary: Experience - Personal statement
At application stage you will be assessed against the following:
- Experience - CV
- Experience - Personal statement - In no more than 1000 words please provide information of how you meet the criteria set out in the job description. You may wish to further include examples of how you have tackled similar tasks or demonstrated the skills outlined in the job advert.
At interview you will be assessed against the following:
- Behaviour - Making Effective Decisions
- Behaviour - Seeing the Big Picture
- Technical - Information risk assessment and risk management Level - Expert
- Technical - Protective security - Level - Expert
- Technical - Threat understanding - Level - Practitioner
- Technical - Applied security capability - Level - Practitioner
Please refer to the attached document for the technical skills framework.
In the rare case where individuals have exact matching scores, the order of merit will be determined based on the behaviour scores at interview in the following order:
- - Technical - Information risk assessment and risk management
- - Behaviour - Making Effective Decisions
- - Behaviour - Seeing the Big Picture
If candidate scores are still exact, the merit order will then be determined on the sift score in the below order or priority:
- - Experience - Personal statement
- - Experience - CV
- - Behaviour - Making Effective Decisions
- - Behaviour - Seeing the Big Picture
We want to offer opportunities to all who are successful at interview for our roles, but this isn’t always possible, so we do hold candidates on an active reserve list for 12 months.
Application sifting to take place mid November.
Interviews are currently taking place via the following method: MS Teams and will be conducted Late November.
A minimum of 2 full working days’ notice will be provided for interviews.We endeavour to stick to these dates, but these are subject to change around business needs.The Civil Service embraces diversity and promotes equality of opportunity. There is a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
If you need to advise us that you need additional help or reasonable adjustments for the recruitment process, please contact: DBS-EnhancedRecruitmentTeam@mod.gov.uk
When choosing your Behaviour examples, please make sure you use real life scenarios that relate to your own experiences. Whilst technology may help to enhance your written submission, presenting the ideas of others or those generated by technology, could result in your application being rejected.
MOD Recruitment Satisfaction Survey – we may contact you regarding your experience to help us improve our customer satisfaction. The survey is voluntary and anonymous. You may however be given the opportunity to provide additional information to help us improve our service which includes the collection of some personal data as defined by the United Kingdom General Data Protection Regulation (UK GDPR). The MOD Privacy Notice sets out how we will use your personal data and your rights.
As a result of the changes to the UK immigration rules which came into effect on 1 January 2021, the Ministry of Defence will only offer sponsorship for a skilled worker visa under the points-based system, where a role has been deemed to be business critical.
The role currently being advertised has not been assessed as business critical and is therefore NOT open to applications from those who will require sponsorship under the points-based system. Should you apply for this role and be found to require sponsorship, your application will be rejected, and any provisional offer of employment withdrawn.
To assist with your application please find attached -
DBS Candidate Information Guide - Working for Defence Business Services - GOV.UK (www.gov.uk)
(26) UK Ministry of Defence: Life , LinkedIn
https://www.gov.uk/government/publications/digital-information-technology
Feedback will only be provided if you attend an interview or assessment.
Security
Nationality requirements
Working for the Civil Service
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
Diversity and Inclusion
Apply and further information
Contact point for applicants
Job contact :
- Name : Stella Carter
- Email : stella.carter635@mod.gov.uk
Recruitment team
- Email : DBS-EnhancedRecruitmentTeam@mod.gov.uk
Further information
