Information & Cyber Risk Assurance Advisor

Job summary

The Integrated Corporate Services (ICS) is a shared corporate service. It provides corporate services (HR, Finance, Digital, Commercial, Security and Estates) across the Department for Energy Security & Net Zero (DESNZ) and the Department for Science, Innovation & Technology (DSIT).

Our team of over 400 professionals will be leading the way in how these functions will be delivered in the future. Our ambition is to be the leading provider of integrated corporate services for government and set the standard for quality, efficiency, and innovation in our field.

We offer great working benefits including a world-class pension, flexible working options and a career where your learning and development is taken seriously. We are enormously proud to be a Disability Confident Leader employer. We support candidates with adjustments throughout our recruitment process. Information about disability confidence and just some examples of the adjustments that you can request can be found in the reasonable adjustment section below.

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service D&I Strategy.

Find Out More

You can also follow our LinkedIn Careers Page: https://www.linkedin.com/showcase/desnz-careers/

Job description

The Role and Our Team

Are you interested in joining a high performing team of security professionals? If you are ready to challenge yourself and become a member of a specialist security team, then we have a great opportunity for you.

We need an organised, proactive and flexible individual to provide Information and Cyber Security Risk Management and Assurance functions across two departments — the Department for Energy Security & Net Zero and the Department for Science, Innovation & Technology — and within the Departmental Security Unit (DSU), including support to Arm’s Length Bodies.

The Information & Cyber Risk Assurance Advisor identifies, understands and advises cyber related risks affecting information, systems, platforms and business processes. They identify and evaluate security risks across complex digital services and operational environments and proactively provide proportionate, evidence based advice to stakeholders at a variety of levels.

The role supports delivery by enabling well informed, auditable, risk based decisions while maintaining appropriate security standards.

The role is operational delivery and technical combining cyber risk management, GovAssure delivery, application and platform assurance and operational security support. The postholder will also provide technical leadership, line management and support and deputise for the Deputy Chief Information Security Officer when required.

Your role will also serve as the lead for ICS and its customers on cyber incidents - often at pace – including within significant cross Government activities, contributing your expertise and supporting your peers.

When the need arises, you will be expected to deputise for the Deputy CISO.

While some elements of this role can be delivered remotely, the successful candidate will be expected to work from our contracted office a minimum of 40-60% of their time. Regular visits will be required to London and other offices. If not based in the London office, frequent travel to London or other Programmes for Growth offices may be required, including at short notice or on the same day.

Person specification

Key Responsibilities

• Independently undertake cyber security risk management and assurance activities within established security and risk management governance structures.
  
• Identify, analyse and evaluate cyber risks to information, systems, platforms and business processes, including conducting tailored threat assessments and risk based exceptions.
  
• Lead the analysis and derivation of business supporting security requirements and undertake cyber security risk assessments consistent with applicable legislation, policy and recognised standards.
  
• Provide tailored, proportionate security advice to a wide range of technical and non technical stakeholders drawing on published guidance, standards, expert input and personal expertise.
  
• Provide expert security advice that clearly articulates cyber risk, impact and mitigation options, enabling risk and service owners to make well informed and auditable decisions.
  
• Produce clear, detailed and balanced written reporting, including risk assessments, assurance findings, recommendations and briefings for senior stakeholders.
  
• Support and deliver GovAssure activity, including contributing to WebCAF narrative, evidence identification and structuring, remediation planning and preparation for future assurance cycles.
  
• Provide security assurance for applications, platforms and services, including penetration testing, secure by design and go live assurance, UAT support and architectural governance.
  
• Support day to day cyber security operations, including BAU and ad hoc operational support, Duty Officer rotas and incident response activity.
  
• Support the planning, development, implementation and maintenance of information and cyber security policies, standards and guidance, including drafting and owning policy artefacts through consultation and governance.
  
• Act as a trusted technical advisor across DESNZ, DSIT, Arm’s Length Bodies and attend forums/board accordingly.
  
• Represent the organisation and Information & Cyber Security function at cross-government forums, working groups and initiatives, contributing to shared standards, guidance and best practice.
  
• Provide technical leadership and line management to cyber security specialists, supporting performance, capability development, quality assurance of outputs and succession planning.
  
• Support and deputise for the Deputy Chief Information Security Officer, escalating material cyber risks and acting on their behalf when appropriate.
  
• Lead policy creation, development and management, ensuring alignment with departmental and cross government priorities.
  
• Represent ICS and the Department in cross government forums and initiatives.
• Digital Governance and Assurance: Regularly conduct reviews of architectural and technical documentation
• Maintain direct engagement with ICS Digital, supporting delivery of live service operations including incident management, ad hoc escalations and driving mitigation and remediation activities.

As a line manager, you will be responsible for working with your members of staff to define their objectives, as well as managing their development and performance.

Essential Criteria

A demonstrable passion for Cyber & Information Security, with the following skills or experience aligned with the Government Security Profession Career Framework:

• Information Risk Assessment & Risk Management: Ability to conduct and review cyber risk assessments using appropriate methods and to inspect and report on the security characteristics of systems and services.
• Applied security capability: Ability to elicit security requirements using threat, vulnerability and impact analysis and apply control frameworks with an understanding of their strengths and limitations.
• Threat understanding: Ability to remain up to date with the cyber threat landscape and communicate potential impact clearly to the business.
• Communication: Strong ability to communicate cyber risks, assessments and assurance outcomes to both technical and non technical stakeholders.
• Stakeholder engagement: Ability to build effective relationships with senior stakeholders, raise awareness of security issues and communicate the outcomes of assurance activity, audits and investigations.
• GovAssure: Experience supporting GovAssure or equivalent cyber assurance activity, including articulating cyber risk, contributing to assurance outcomes and advising on proportionate remediation actions.
• Professional leadership: Experience providing technical leadership and line management to cyber security professionals.

Desirable Criteria

• Experience representing an organisation or security function in cross government forums, working groups or initiatives.
• Experience deputising for a senior security leader and supporting escalation and management of material cyber risks.

Behaviours

We'll assess you against these behaviours during the selection process:

• Making Effective Decisions
• Communicating and Influencing
• Working Together

Technical skills

We'll assess you against these technical skills during the selection process:

• Analysis - Security architect - Government Digital and Data Profession Capability Framework
• Communication - Security architect - Government Digital and Data Profession Capability Framework
• Enabling and informing risk-based decisions - Security architect - Government Digital and Data Profession Capability Framework

Benefits

Alongside your salary of £56,900, Department for Energy Security & Net Zero contributes £16,483 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

The Department for Energy Security and Net Zero offers a competitive mix of benefits including:

• A culture of flexible working, such as job sharing, homeworking and compressed hours.
• Automatic enrolment into the Civil Service Pension Scheme, with an employer contribution of 28.97%.
• A minimum of 25 days of paid annual leave, increasing by 1 day per year up to a maximum of 30.
• An extensive range of learning & professional development opportunities, which all staff are actively encouraged to pursue.
• Access to a range of retail, travel and lifestyle employee discounts.

Office attendance

The Department operates a discretionary hybrid working policy, which provides for a combination of working hours from your place of work and from your home in the UK. The current expectation for staff is to attend the office or non-home based location for 40-60% of the time over the accounting period.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

As part of the application process you will be asked to complete a CV and personal statement.

Further details around what this will entail are listed on the application form.

Please use your personal statement (in no more than 750 words) to outline how you meet the essential criteria for the role.

Applications will be sifted on personal statement and CV.

In the event of a large number of applicants, applications may be sifted on the CV only.

Candidates who pass the initial sift may be progressed to a full sift, or progressed straight to assessment/interview.

The interview will consist of questions on behaviours and technical skills.

Sift and interview dates

Sift and interview dates to be confirmed.

Further Information

For further information on National Security Vetting please visit the Demystifying Vetting website.

Reasonable Adjustment

We are proud to be a disability confident leader and we welcome applications from disabled candidates and candidates with long-term conditions.

Information about the Disability Confident Scheme (DCS) and some examples of adjustments that we offer to disabled candidates and candidates with long-term health conditions during our recruitment process can be found in our DESNZ Candidate Guidance. A DESNZ Plain Text Version of the guidance is also available.

We encourage candidates to discuss their adjustment needs by emailing the job contact which can be found under the contact point for applicants section.

If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.

If successful and transferring from another Government Department a criminal record check may be carried out.

New entrants are expected to join on the minimum of the pay band.

A location based reserve list of successful candidates will be kept for 12 months. Should another role become available within that period you may be offered this position.

Candidates who meet the minimum benchmark may be placed on a Reserve List for consideration for similar roles, including those at a lower grade. Candidates who narrowly miss the benchmark and are not placed on the Reserve List may still be considered for an offer in a similar role at a lower grade.

Please note terms and conditions are attached. Please take time to read the document to determine how these may affect you.

Any move to the Department for Energy, Security and Net Zero from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare; for further information visit the Childcare Choices website.

DESNZ does not normally offer full home working (i.e. working at home); but we do offer a variety of flexible working options (including occasionally working from home).

DESNZ cannot offer Visa sponsorship to candidates through this campaign.

DESNZ holds a Visa sponsorship licence but this can only be used for certain roles and this campaign does not qualify.

In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service /Disclosure Scotland on your behalf.

However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.grs@cabinetoffice.gov.uk stating the job reference number in the subject heading.

For further information on the Disclosure Scotland confidential checking service telephone: the Disclosure Scotland Helpline on 0870 609 6006 and ask to speak to the operations manager in confidence, or email Info@disclosurescotland.co.uk

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

Feedback

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : Danitta Patel
• Email : Danitta.Patel@ics.gov.uk

Recruitment team

• Email : desnzresourcing.grs@cabinetoffice.gov.uk

Further information

Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. If you feel that your application has not been treated in accordance with the recruitment principles, and wish to make a complaint, then you should contact in the first instance DESNZrecruitment.grs@cabinetoffice.gov.uk. If you are not satisfied with the response that you receive, then you can contact the Civil Service Commission. For further information on bringing a complaint to the Civil Service Commission please visit their web pages: Click here to visit Civil Service Commission/Complaints

Attachments

DESNZ TCs v1.2 Opens in new window (doc, 174kB)