IT Security Assurance Manager

Job summary

What you’ll do:

This role provides an excellent opportunity to join the Forestry England IT Security Governance, Risk and Compliance team. You will be responsible for taking forward and developing our IT Security assurance and audit activities, governance, risk-awareness, security, and compliance obligations in a dynamic environment. The IT Security Assurance Manager will be:

• Overseeing audit assessment, assurance and remedial/improvement actions.
• Leading liaison activities to drive awareness and collaborative improvement workstreams.

• Leading efforts to attain and work to industry frameworks, standards and best practice.

You will help us drive forward security standards and capabilities, understanding and identifying the risks associated with systems, services and suppliers to align standards to HMG security requirements, legislative obligations, and best practices effectively.

Where you’ll work:

• If local to Bristol, you will be required to work from the office approx. 2 days per week. If you are not local to Bristol you may be contracted and able to work from a local site.
• You would be able to attend our north Bristol office ideally once/twice per month.
• You may occasionally be required to make planned site visits across England with some overnight stays.
• You will be required to participate in planned on call rotas.
• Other infrequent out of hours work may be necessary, e.g. supporting resolution of incidents.

Job description

Key work areas: responsibilities & accountabilities

• Assessment, audit, assurance and remedial improvement.

You will have responsibility for overseeing and responding to internal audits and assurance testing programmes, and for managing and driving our programme of external audit and assurance testing. Forming strong relationships, you will use the results of assessments, audits, assurance exercises and testing, to lead and drive continuous improvement; overseeing planned improvement actions until vulnerabilities are treated. You will also provide information and guidance to contract managers, system owners and managers to drive change and improvement across our procurements, contracts, and supply chains; working to improve their security posture and meet HMG standards.

• Cross-departmental liaison

You will be responsible for and lead IT Security Team efforts to proactively improve protective security standards for all departments and the Forestry Commission as a whole. You will position yourself as a consultant focussing on new product/service evaluation, procurements, and improvement to existing third-party products/services. You will promote and embed IT security governance, principles and best practice; and provide tailored advice on risk and information management, guidance to System Owners and Managers, and colleagues as required.

•Delivering Beneficial System Change

You will stay abreast of evolving threats, industry trends, and government guidance to elevate our system-security standards while serving as an escalation point for vulnerabilities and risks, offering clear risk treatment planning and management. You will also advise and support physical security initiatives in collaboration with the Estates Department, prioritising high-value and exposed assets. You will also contribute to Disaster Recovery, Incident Management, and Business Continuity efforts, and participate in collaborative IT Security initiatives.

• Standards and accreditation

The ITSAM will contribute to efforts to drive forward accreditation applications to demonstrate our approach, and competencies, and protective standards for the benefit of all departments and the Forestry Commission as a whole. You will act as lead and subject matter expert to progress attainment of accreditations from start to completion.

Person specification

Skills, knowledge & experience

Essential Professional and Technical experience

• Strong experience in all aspects of IT/Cybersecurity and technology audit, assessment, assurance, and compliance.
• Strong demonstrable experience and knowledge within an enterprise IT environment and strong familiarity with enterprise IT security or service-provision requirements.
• The ability to write fluently, accurately and concisely with clarity and authority.
• Proven abilities documenting and presenting concise reports, explaining complex information to varied audiences.
• Excellent relationship-building and collaboration skills.
• Strong negotiation and problem-solving skills at all levels.
• Well-developed Microsoft 365 skills, (Teams, SharePoint, Outlook, Excel, Word).

Desirable Professional and Technical experience

• An understanding of the requirements and principles of GDPR and the Data Protection Act.
• Familiarity with HM Government security and assurance frameworks and standards such as GovAssure, Government Functional Standards, SecureByDesign.
• Experience of managing technology testing activities, e.g. pen-testing.
• Awareness of Artificial Intelligence, it's use in government settings, and the associated risks. Awareness of AI Assurance is highly desirable.
• BCS professional membership or membership of other role related authoritative Professional Accreditation body.
• A track-record of the ability to influence and guide senior IT leadership team on strategy direction and delivery.
• Awareness of ITIL.
• Ownership of personal development.

Qualifications

Essential

• A formal qualification or accreditation in the field of IT Security or Audit, such as CISM or CISA, or proven equivalent experience in an audit, governance, communications, IT Security role, or very similar.

Desirable

• Any formal qualification or accreditation in an Information Technology technical field.

Behaviours

We'll assess you against these behaviours during the selection process:

• Changing and Improving
• Making Effective Decisions
• Communicating and Influencing
• Working Together

Technical skills

We'll assess you against these technical skills during the selection process:

• Your experience will be tested through technical and scenarios-based questioning, discussion, and exercises.

Benefits

Alongside your salary of £40,388, Forestry Commission contributes £11,700 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• Learning and development tailored to your role
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension with an employer contribution of 28.97%

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

How to apply…

You will be asked to write a 200 word statement on your relevant experience and career history, along with a personal statement of no more than 500 words. You will be assessed on both during sifting. More details about how to apply are listed on the application form.

Your experience will be tested through technical and scenarios-based questioning, discussion, and exercises.

The Behaviours being assessed at interview are –

Changing and Improving

Making Effective Decisions

Communicating and Influencing

Working Together

Successful candidates will undergo a criminal record check and the government baseline personnel security standard check.

If you require any reasonable adjustments, please email fcrecruitmentteam@forestryengland.uk.

If you're planning to use AI to support your application, please ensure you've read our guidelines here first.

Read more about our application process and working with us on the Forestry England website.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : FC Recruitment Team
• Email : fcrecruitmentteam@forestryengland.uk

Recruitment team

• Email : fcerecruitment.grs@cabinetoffice.gov.uk

Further information

Our recruitment process is underpinned by the principle of appointment on the basis of fair and open competition and appointment on merit, as outlined in the Civil Service Commissioners’ Recruitment Principles.If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should in the first instance contact FCE by email: englandhr.services@forestryengland.uk. If you are not satisfied with the response you receive, you can contact the Civil Service Commission, which regulates all Civil Service recruitment.

Attachments

Jod Description Opens in new window (pdf, 114kB)