Description
Cyber Security Risk Manager - Central Government
- Inside IR35
- Fully Remote Working
- Valid or current SC Clearance required
- contract runs till March 31st 2021 initially, immediate start
SERVICE REQUIREMENT
The Cyber Security Risk Manager - Lead role forms part of the Advisory Security team within the Security and Information Management Division. The role reports to the Cyber Security Risk Manager - Principal.
The primary focus of the role is to provide the Organisation with security advice and best practice to develop 'Secure by Design' protections for organisational assets and embed the Security Framework - principles; policies; processes; threat model; security risk management.
Key outcomes from the role are the identification of security risk within the business context, the identification of appropriate mitigation approaches for business selection and the management of these options through to implementation within the live service. The security advice provided will be informed by threat, vulnerability and risk analysis for business and third parties.
The focus, outcomes and responsibilities are aligned to the Government Security Profession framework of the Cyber Security Risk Manager and Security Architect.
TYPICAL ROLE RESPONSIBILITIES
- Supporting the development of business-focused security solutions for digital products and business operations that cover data collection, storage and processing, deployed both internally and externally;
- Identifying security threat and risk to the Organisation's digital products and business operations being developed through Agile methodologies and Supplier processes;
- Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation;
- Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures;
- Liaising with the Organisation's business, technology and security colleagues to ensure various business needs are understood and applied, including providing general security architecture, guidance and advice to the stakeholders;
- Advising on opportunities for using secure and open source products and any implications of such an approach;
- Ensure that security policies and security controls remain appropriate and proportionate to the assessed risks, and are responsive and adaptable to the changing threat environment, business requirements and policies;
- Provide tailored advice to a range of stakeholders on how to Remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise;
- Provide expert security advice that highlights Cyber Security related risks, so risk or service owners can make well-informed and auditable decisions.
- Capable of supporting Security customers by recommending and applying security architecture, principles and practices to guide the organisation and business through the information security process and technology changes necessary to achieve the business objectives security.
Person Specification
Essential
- Knowledge of application, infrastructure and networking security controls and systems covering physical, procedural and technical (ICT) areas, particularly in relation to data management.
- Experienced in providing detailed security advice and technical security solutions in a UK Government Department.
- Knowledge of UK Government Security Policy Framework, Information Assurance Standards, eg ISO 27001, DPA.
- Working towards relevant professional qualifications and memberships eg Senior Practitioner level within the CESG Certified Professional scheme (CCP), SFIA Level 4-6, Institute of Information Security Professionals (IISP), British Computer Society (BCS).
- Working towards appropriate Cloud Security industry recognised qualifications eg Certified Cloud Security Professional (CCSP), CSA Certificate of cloud security knowledge (CCSK).
- Track record in working as part of a multi divisional team covering a multi-discipline environment.
- HMG Vetting at Security Clearance (SC) and if appropriate Devolved Vetting (DV) level will be required once in role.