DDAT Chief Information Security Officer

Job summary

Are you interested to work in one of the most interesting information and cyber security environments and share your experience to support national security?

This role will play an integral role in protecting the organisation against external and internal information and cyber security threats and managing the protection and compliance of our information requirements.

As the Chief Information Security Officer (CISO) for our organisation, you will champion our information and cyber security initiatives, ensuring the protection of our operations, data and technologies in alignment with UK MOD specific security standards and frameworks.

This position is advertised at 37 hours per week.

Job description

The role exists to ensure that governance, risk, compliance and assurance of both information and cyber security is maintained throughout the organisation and the many projects it owns. The role is required to help shape and deliver the organisations security agenda.

You will work with several stakeholders across the organisation to ensure security operations are maintained and built upon. You will also work with these stakeholders to ensure that security is embedded within systems, processes, people, and technology that they use daily.

You will be the unit representation at wider MOD Cyber and CISO forums ensuring compliance and response to Defence.

You will lead a team focussed around both Cyber security and Information Management across multiple locations. There will also be opportunity to expand this team based on requirements of the role.

When the need arises, you will be expected to deputise for the departmental Information Chief.

Job Description:

Security Governance & Risk Management

• Lead on information and cyber security policy, strategy, planning and assurance.
• Support the development and implementation of the organisation's information and cyber security strategy, ensuring alignment with business objectives, regulatory requirements and industry best practice
• Establish, maintain and review the cyber and Information Security risk management processes
• Coordinate Design Technical System Leads to facilitate Secure By Design principles across the organisation
• Work with Cyber Defence & Risk teams to facilitate Cyber Security Governance and compliance across the organisation.

Stakeholder Engagement and Reporting

• Provide advice to board-level executives and senior leadership on cyber risks and mitigations
• Report on cyber risk posture to security governance boards

Security Culture and Awareness

• Support cyber & information security awareness and behavioural change across customer departments

Compliance and Legal

• Lead information assurance annual audits
• Assist Disclosure cells with the correct regulations surrounding data protection laws whilst maintaining information security

• Ensure compliance with data protection laws (e.g. UK GDPR) and relevant standards (e.g. ISO/IEC 27001 and NIST) across the organisation

Incident Response & Resilience

• Support cyber incident response planning, exercising, testing and recovery process
• Maintain strong relationships with NCSC and cross-government cyber response mechanisms
• Ensure that cyber resilience is embedded across units
• Stay abreast of emerging cyber threats and advancements in cyber security technologies and practices, ensuring the organisation remains proactive and responsive in its cyber risk and compliance strategies.

As a line manager, you will be responsible for working with your members of staff to define their objectives, as well as managing their development and performance.

Person specification

In order to achieve the requirements of this position, it is essential the candidate has the following skills:

• Previous experience in Investigation or Risk Management
• Cyber Security knowledge, and or willingness to learn
• Ability to make effective decisions by analysing and using a range of relevant, credible information from internal and external sources
• Excellent communication skills, particularly when communicating technical information to a non-technical audience
• Leadership experience with the ability to mentor a team and drive cybersecurity awareness across an organisation.
• Experience of presenting to Senior Management groups.

If not already held, the successful candidate will be required to undergo DV clearance. Please note this position is open to sole UK Nationals only.

Behaviours

We'll assess you against these behaviours during the selection process:

• Making Effective Decisions
• Changing and Improving

Technical skills

We'll assess you against these technical skills during the selection process:

• Information risk assessment and risk management
• Applied security capability
• Protective security
• Threat understanding

Benefits

Alongside your salary of £61,630, Ministry of Defence contributes £17,854 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• Learning and development tailored to your role
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension with an employer contribution of 28.97%

This post may be eligible for a Digital Skills Allowance of up to £15,300 per annum. Eligibility for this allowance will be assessed at interview against the 4 core technical skills only and reviewed annually in line with departmental policy. ​

Where business needs allow, some roles may be suitable for a combination of office and working from home as part of a non-contractual hybrid working arrangement. All office-based employees will be expected to spend a minimum of 60% of their working time in office, subject to site capacity and any required workplace adjustments. Requirements to attend other locations for official business, or work in another MOD workplace, will also count towards this level of office attendance. Applicants can request further information regarding how this and other flexible working arrangements may work in their team from the Vacancy Holder (see advert for contact details). Defence Business Services cannot respond to any questions about working arrangements.

The post does not offer relocation expenses.

External recruits who join the MOD who are new to the Civil Service will be subject to a six-month probation period.

Please Note: Expenses incurred for travel to interviews will not be reimbursed.

Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.

Any move to MOD from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/.

The Ministry of Defence is committed to providing a safe and healthy working environment for its staff which includes educating them on the benefits of not smoking, protecting them from the harmful effects of second-hand smoke and supporting those who want to give up smoking. Under the Smoke-Free Working Environment policy, Smoking and the use of all tobacco products (including combustible and chewing tobacco products) will not be permitted anywhere in the Defence working environment however some exemptions are in place, please refer to local guidance. The policy is Whole Force and includes all Defence personnel, contractors, visitors and other non-MOD personnel. All applicants seeking, considering, or accepting employment with the Ministry of Defence should be aware of this policy and that it is already in place at a number of Defence Establishments.

MOD Recruitment Satisfaction Survey – We may contact you regarding your experience to help us improve our customer satisfaction. The survey is voluntary and anonymous. You may however be given the opportunity to provide additional information to help us improve our service which includes the collection of some personal data as defined by the United Kingdom General Data Protection Regulation (UK GDPR). The MOD Privacy Policy Notice sets out how we will use your personal data and your rights.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

Candidates will be required to provide CV details to include job history; qualification details and previous skills and experience.

At sift, you will be assessed against your CV and the following:

Behaviours:

• Making Effective Decisions
• Changing and Improving

Technical Skills:

• Information Risk Assessment and Risk Management
• Applied Security Capability
• Protective Security
• Threat Understanding

In the event of a high number of applications, the sift will be based on the CV, Making Effective Decisions, Changing and Improving and Threat Understanding only.

At interview, you will be assessed against the following:

Behaviours:

• Making Effective Decisions
• Changing and Improving

Technical Skills:

• Information Risk Assessment and Risk Management
• Applied Security Capability
• Protective Security
• Threat Understanding

Presentation

You will be asked to prepare and deliver a 5-minute (max) presentation at interview, about how good security leadership delivers effective continuous improvement.

The Government Security Profession Career Framework and the Cyber Security Risk Manager professional role used in this vacancy can be found at: Government Security Profession career framework (Government Security Profession Career Framework - UK Government Security - Beta) .

This post is eligible for a Digital Skills Allowance of up to £15,300 per annum. Eligibility for this allowance will be assessed at interview against 4 core technical skills only and reviewed annually in line with MOD policy.

The Civil Service embraces diversity and promotes equality of opportunity. There is a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. If you need to advise us that you need additional help or reasonable adjustments for the recruitment process, please contact: DBSCivPers-Resourcingteam3@mod.gov.uk .

As a result of the changes to the UK immigration rules which came in to effect on 1 January 2021, the Ministry of Defence will only offer sponsorship for a skilled worker visa under the points based system, where a role has been deemed to be business critical. This role does not meet that category and we will not sponsor a visa. It is therefore NOT open to applications from those who will require sponsorship under the points based system.

Should you apply for this role and be found to require sponsorship, your application will be rejected and any provisional offer of employment withdrawn.

The Ministry of Defence requires all candidates who are successful at interview to declare any outside interests. These declarations will be discussed with successful candidates following the interview process and before a formal offer of employment is made, as some outside interests may not be compatible with MOD civilian roles. This will not, in the majority of cases, prevent employment in MOD, but it is a measure that must be taken to ensure that appropriate mitigations can be put in place to manage any potential, perceived or actual conflicts of interest from the first day of employment.

The Ministry of Defence adopts a zero-tolerance approach to unacceptable behaviours, which includes bullying, harassment, sexual harassment, discrimination, and victimisation. You will not be eligible and will not be considered for this post if you have been dismissed from a role for such unacceptable behaviours within the last five years. This will also apply if you resign or otherwise leave a role but, because of an adverse decision, would have been dismissed for gross misconduct had you continued in that employment. Pre-employment checks will be carried out.

Cyber & Specialist Operations Command (CSOC) generates and operates specialist capabilities, ready to fight across all domains to make the UK secure at home and strong abroad.

Always on, we are across every UK operation, delivering the capabilities you don’t usually see - or those you can’t.

From cyber warriors and medics to intelligence analysts, special forces, educators, and Defence attachés, our collective expertise delivers the warfighting edge Defence needs to deter threats and secure the nation today and prepare for tomorrow.

CSOC unites Defence’s cyber and specialist capabilities under a single, military command alongside the Royal Navy, British Army, and the Royal Air Force - acting as the UK’s fourth Military Command. For more information, please see here.’

Cyber and Specialist Operations Command (CSOC) is going through a significant transformation programme which aims to design the way in which the new Military Command conducts its business and delivers for Defence and the nation. As a consequence of this, posts within CSOC are/or may become subject to review and potential changes as we continuously improve across the period of the transformation programme. These changes may be minor or could be more substantive and will generate new opportunities. Throughout, the Command’s transformation programme is committed to following the MOD’s framework on managing and supporting people through the change process and places an emphasis on early and open consultation and engagement with the Command’s personnel and Trade Unions.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

Open to UK nationals only.

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : recruiting-group-mailbox-ldn@mod.gov.uk
• Email : recruiting-group-mailbox-ldn@mod.gov.uk

Recruitment team

• Email : DBSCivPers-ResourcingTeam3@mod.gov.uk

Further information

Please ensure you read the attached candidate information document prior to completing your application. If you are dissatisfied with the service you have received from DBS, or believe that DBS has failed to follow the recruitment process in line with the Civil Service Commission principles of selection for appointment on merit on the basis of Fair and Open competition, you can raise a formal complaint by writing to DBS at the following address: Defence Business Services, Scanning Hub, Room 6124, Tomlinson House, Norcross Lane, Blackpool, FY5 3WP. If after raising your complaint with DBS you remain dissatisfied you can complain directly to the Civil Service Commission at the following address: Civil Service commission, Room G/8, 1 Horse Guards Road, London, SW1A 2HQ Or by email: info@csc.gov.uk.

Attachments

CSOC Candidate Pack 2025 Opens in new window (pdf, 1777kB)EXTERNAL PACK Opens in new window (pdf, 1562kB)Terms and Conditions of Service Opens in new window (docx, 24kB)Candidate Information updated_ Opens in new window (docx, 32kB)