Defence Digital - Cyber Security Risk Lead

MOD Corsham, Westwells Road, Corsham, Wiltshire SN13 9NR

Job Summary

Defence Digital ensures our Armed Forces remain among the most technologically advanced in the world. We do this by putting innovative and effective technology into the hands of over 200,000 users, from the boardroom to the front line.

We lead on cutting-edge data science, automation, and cyber security at scale. Our mission goes beyond the battlefield by leading humanitarian efforts and driving digital innovation that impacts lives across the globe.

Defence Digital forms part of Strategic Command which manages the MOD’s joint capabilities for the Army, RAF, and Royal Navy.

Watch to find out more about what we do.

Passionate about using your skills to make a critical difference? Your next career move could be here.

This position is advertised at 37 hours per week.

Job Description

As Cyber Security Risk Lead, you’ll provide impartial risk advice to senior leadership and desk-level practitioners alike, analysing and supporting departmental risk management across the organisation, through the implementation of clear risk levels.

The Chief Information Security Officer (CISO), senior leadership group and desk officers will rely on your expertise and oversight in understanding the security posture of Defence Digital (DD) systems, capabilities and services. Your focus will be to protect the confidentiality, integrity and availability of DD owned data.

You’ll nurture and sustain strong ties with cyber and IT assurance bodies, providing insight into trends and threats, in support of effective holistic business understanding. In this role, you’ll provide vital management of overarching risks, which threaten DD’s objectives.

Responsibilities

• Develop and embed the CISO risk governance for programmatic cyber risk escalations, to establish more effective strategic decision making. This may include a revision of current strategy and/or risk doctrine.
• Support senior leaders in understanding risk context and advise them on suitable response options.
• Drive coherence across risk practitioner and security consultant community, authoring procedure and process documents.
• Evaluate and align risk and governance processes, to support the strategic direction of the CISO and the business.
• Leadership and line-management of the CISO Risk Team.
• Facilitate and run a series of senior risk governance meetings, to facilitate effective risk management from the tactical to strategic level.
  
  

As Cyber Security Risk Lead, you’ll provide impartial risk advice to senior leadership and desk-level practitioners alike, analysing and supporting departmental risk management across the organisation, through the implementation of clear risk levels.

The Chief Information Security Officer (CISO), senior leadership group and desk officers will rely on your expertise and oversight in understanding the security posture of Defence Digital (DD) systems, capabilities and services. Your focus will be to protect the confidentiality, integrity and availability of DD owned data.

You’ll nurture and sustain strong ties with cyber and IT assurance bodies, providing insight into trends and threats, in support of effective holistic business understanding. In this role, you’ll provide vital management of overarching risks, which threaten DD’s objectives.

Responsibilities

• Develop and embed the CISO risk governance for programmatic cyber risk escalations, to establish more effective strategic decision making. This may include a revision of current strategy and/or risk doctrine.
• Support senior leaders in understanding risk context and advise them on suitable response options.
• Drive coherence across risk practitioner and security consultant community, authoring procedure and process documents.
• Evaluate and align risk and governance processes, to support the strategic direction of the CISO and the business.
• Leadership and line-management of the CISO Risk Team.
• Facilitate and run a series of senior risk governance meetings, to facilitate effective risk management from the tactical to strategic level.
  
  

Person specification

Please ensure that your CV and application meet the essential criteria below:

We would expect to see some previous experience in risk management methodologies and frameworks, such as Mitre ATT&CK and NIST, information assurance and/or operational security management.

You’ll Need:

• Excellent stakeholder management skills, building and maintaining strong working relationships
• Acute attention to detail.
• Great organisation, timekeeping and prioritisation skills.
• Initiative and analytical skills.
• Motivation, commitment and the desire to continue to learn and develop.
• Experience or knowledge of leading, supporting, coaching and mentoring colleagues.
  
  

If not held already, opportunities may be provided to gain the following qualifications when in post:

• Certified Information Security Management (CISM)
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)
  
  

Additional Information

Dependent on the business need, there may be a requirement to travel to meetings within the UK (or potentially occasional overseas visits).

If not already held, the successful candidate will be required to undergo DV clearance. This position is open to sole UK Nationals only.

Behaviours

We'll assess you against these behaviours during the selection process:

• Communicating and Influencing
• Seeing the Big Picture
  
  

Technical skills

We'll assess you against these technical skills during the selection process:

• Information risk assessment and risk management
• Applied security capability
• Protective security
• Threat understanding
  
  

Alongside your salary of £44,590, Ministry of Defence contributes £12,917 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Our Benefits Include:

• Learning and development tailored to your role with a dedicated minimum of 5 days per year.
• 25 days paid annual leave rising (by 1 day per year) to 30 days upon completion of five years’ service.
• Ability to roll up to 10 days annual leave per year.
• In addition to eight public holidays per year, you will also receive leave for HM The King’s birthday.
• A Civil Service pension.
• Parental and Adoption Leave.
• Discounts on a range of services within and external to the civil service – Defence Discount Service, Civil Service societies for Sports and Leisure, Healthcare, Insurance, Motoring, Company discounts with Virgin, Vodafone, and Microsoft Office.
• In year rewards and ‘thank you’ schemes such as vouchers and gift cards.
• A culture encouraging inclusion and diversity.
• Find out more here - Discovermybenefits.
  
  

Additional Information

This job role may be suitable for hybrid working, which is an informal, non-contractual and voluntary arrangement, blending a balance of attendance in the workplace (your permanent duty station which is based on business assessment of where the work is best done) and working from home as a personal choice (if the role is suitable for this). If you are successful, any opportunities for hybrid working will be discussed with you prior to you taking up your post.

This post may be eligible for a Digital Skills Allowance of up to £11,400 per annum. Eligibility for this allowance will be assessed at interview against the 4 core technical skills only and reviewed annually in line with departmental policy.

The post does not offer relocation expenses.

External recruits who join the MOD who are new to the Civil Service will be subject to a six-month probation period.

Please Note: Expenses incurred for travel to interviews will not be reimbursed.

Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.

Any move to MOD from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/.

The Ministry of Defence is committed to providing a safe and healthy working environment for its staff which includes educating them on the benefits of not smoking, protecting them from the harmful effects of second-hand smoke and supporting those who want to give up smoking. Under the Smoke-Free Working Environment policy, Smoking and the use of all tobacco products (including combustible and chewing tobacco products) will not be permitted anywhere in the Defence working environment however some exemptions are in place, please refer to local guidance. The policy is Whole Force and includes all Defence personnel, contractors, visitors and other non-MOD personnel. All applicants seeking, considering, or accepting employment with the Ministry of Defence should be aware of this policy and that it is already in place at a number of Defence Establishments.

MOD Recruitment Satisfaction Survey – We may contact you regarding your experience to help us improve our customer satisfaction. The survey is voluntary and anonymous. You may however be given the opportunity to provide additional information to help us improve our service which includes the collection of some personal data as defined by the United Kingdom General Data Protection Regulation (UK GDPR). The MOD Privacy Policy Notice sets out how we will use your personal data and your rights.

Equality and Diversity

Our people are at the heart of everything we do at Defence Digital. It’s vital that our workforce reflects the diversity of both our audience and the wider society in the UK, so we’re proud to be an equal opportunities employer and we actively seek candidates from diverse backgrounds and communities. We also recognise the importance of a good work life balance, so we do everything we can to accommodate flexible working, including part-time and job shares for all our roles. Please just let us know in your application or at any stage throughout the process if this is something you want to explore.

Defence Digital operates an organisation model in which every individual belongs to a Government Profession. The successful applicant will be posted into one of the defined Government Professions on Standard Terms of Reference for the grade. Defence Digital reserves the right to move individuals between roles, within their allocated profession, to meet the needs of the business and in support of agile resourcing..

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

Application

To apply please complete the CV template provided on the CS Jobs dashboard, ensuring it highlights your relevance to the essential criteria listed in the person specification.

It is essential that all applicants provide a personal statement (max. 1250 words), assessed against your responses to the questions listed below.

Each One Will Be Scored And Make Up Part Of Your Overall Score To Assess Your Suitability To Be Invited To Interview:

• Describe your experience of analysing and/or managing cyber security risk activities, within an organisation.
• Describe your experience of managing stakeholders who have varying skill levels of generating and articulating risks.
• Describe your experience of leading and/or line managing a team within an organisation.
  
  

Interviews

We’ll assess you against these behaviours and technical skills during the interview process:

Behaviours

• Communicating and Influencing
• Seeing the Bigger Picture
  
  

Technical Skills

• Information risk assessment and risk management
• Applied security capability
• Protective security
• Threat understanding
  
  

The Government Security Profession Career Framework and the Cyber Security Risk Manager role, used in this vacancy, can be found at: Government Security Profession career framework (publishing.service.gov.uk)

The Ministry of Defence requires all candidates who are successful at interview to declare any outside interests. These declarations will be discussed with successful candidates following the interview process and before a formal offer of employment is made, as some outside interests may not be compatible with MOD civilian roles. This will not, in the majority of cases, prevent employment in MOD, but it is a measure that must be taken to ensure that appropriate mitigations can be put in place to manage any potential, perceived or actual conflicts of interest from the first day of employment.

The Civil Service embraces diversity and promotes equality of opportunity. There is a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. If you need to advise us that you need additional help or reasonable adjustments for the recruitment process, please contact: [email protected] .

As a result of the changes to the UK immigration rules which came in to effect on 1 January 2021, the Ministry of Defence will only offer sponsorship for a skilled worker visa under the points based system, where a role has been deemed to be business critical. This role does not meet that category and we will not sponsor a visa. It is therefore NOT open to applications from those who will require sponsorship under the points based system.

Should you apply for this role and be found to require sponsorship, your application will be rejected and any provisional offer of employment withdrawn.

Strategic Command is going through a significant transformation programme which aims to improve the way the Command conducts its business and delivers for Defence and the nation. As a consequence of this, all posts within Strategic Command Headquarters and in time the wider organisation, are/will be subject to review and potential changes as we continuously improve across the period of the transformation programme. These changes may be minor or could be more substantive and will generate new opportunities. Throughout, the Command’s transformation programme is committed to following the MOD’s framework on managing and supporting people through the change process and places an emphasis on early and open consultation and engagement with the Command’s personnel and Trade Unions.

Feedback will only be provided if you attend an interview or assessment.

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

Security

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

Open to UK nationals only.

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job Contact :

• Name : Defence Digital Talent Acquisition Team
• Email : [email protected]
  
  

Recruitment team

• Email : [email protected]
  
  

Further information

Please ensure you read the attached candidate information document prior to completing your application. If you are dissatisfied with the service you have received from DBS, or believe that DBS has failed to follow the recruitment process in line with the Civil Service Commission principles of selection for appointment on merit on the basis of Fair and Open competition, you can raise a formal complaint by writing to DBS at the following address: Defence Business Services, Scanning Hub, Room 6124, Tomlinson House, Norcross Lane, Blackpool, FY5 3WP. If after raising your complaint with DBS you remain dissatisfied you can complain directly to the Civil Service Commission at the following address: , Civil Service commission, Room G/8, 1 Horse Guards Road, London, SW1A 2HQ Or by email: [email protected]