Security Risk & Assurance Lead (Ref: 17884)

Job summary

This position is based Nationally

Job description

Security Risk and Assurance Lead (SEO)

The MoJ Information Security Team sits at the heart of the Ministry of Justice, enabling good security practices through the provision of security policies, guidance and education, by understanding cyber security risks from all parts of the Ministry of Justice and providing assurance to the departmental SIRO, the Permanent Secretary and other senior stakeholders that these risks are being effectively managed in the delivery of MoJ objectives.

The role of the Security Risk and Assurance Lead is to lead the programme of cyber security assurance for their assigned area of the organisation, highlighting non-compliance with required standards and providing appropriate challenge to the owners of cyber security risks arising from control gaps.

The Security Risk and Assurance Lead may also mentor and support others in good risk management practices to enable them to manage residual risk well, identify trends resulting from risk and assurance activities and use these to initiate and lead improvements to processes, policies and guidance, and own the resolution of tactical requests to the team.

All members of the team are expected to help develop the MoJ Security Function as a centre of excellence for the department and to contribute to building a brilliant and diverse team that is a welcoming place for all.

Typical role expectations and responsibilities

• Lead the security Incident Management Improvement Project (e.g., ServiceNow reporting form, process implementation and continuous improvements across MoJ, lessons learned, education, training).
• Provide line management, including setting objectives, supporting development and wellbeing, and managing performance in line with MoJ policies.
• Conduct assurance investigations on MoJ systems to identify potential issues.
• Lead the implementation and delivery of security assurance processes, including GovAssure and supplier assurance activities for their assigned area, to support the overarching assurance programme.
• Lead on the communication of assessment and assurance outcomes to stakeholders in ways that support effective security, risk management and decision-making, and advise stakeholders on their approach to risk assessment in the context of their business outcomes.
• Play a leading role working with Justice Digital and Information Assurance colleagues (or supervise third party suppliers) to gather evidence of the performance of technical services and organisational processes against security baselines, controls and requirements, using key performance indicators.
• Analyse relevant data to provide an informed opinion on the quality of evidence provided and effectiveness of controls in place, with a focus on business-critical services and associated operational areas.
• Identify and report on trends arising from assurance assessments in their assigned area of the organisation and make sure appropriate remediation plans are in place and being actively managed.
• Lead on ensuring that Cyber Security risks for the business area are appropriately documented and reflect outcomes of the assurance work to enable senior stakeholders to make appropriate evidence-based decisions.
• Align risk decisions and advice with relevant regulation, policy and standards to provide proportional, practical advice that is tailored to the local environment, and advise on any residual risk.
• Escalate risks to more senior stakeholders when needed and take responsibility for closure of follow up actions.
• Provide input into the development and enablement of security policy and security culture by collaborating with the Security Policy, Culture, Awareness and Education team through insights on trends identified from security assurance activities.
• Assure the ongoing appropriateness of policy in accordance with regulation and wider departmental and government policies.
• Lead risk-related work and enable compliance and governance.
• Play a leading role in building the network of security partners across government and national technical authorities, and within industry.
• Contribute to submissions and reports for senior MoJ officials and play a leading role in efforts needed to respond to requests and advisories received from government partners.
• Monitor the efficiency and effectiveness of security processes across the organisation, and lead continuous improvement efforts, including improving methods of escalation or reporting where necessary.

About you:You will need experience of working well within a security, technology or risk team, and preferably be able to demonstrate successful prior experience of leading, mentoring and motivating a small team. You will be able to demonstrate examples of your own motivation to grow your leadership and management skills and abilities.You will demonstrate an understanding of cyber security and technology, showing willingness to continue to grow your awareness of current and emerging technologies and their impact on existing security practices.You will be able to communicate well and confidently with a variety of stakeholders, up to board level, and relay technical information to a non-technical audience.You will possess excellent analytical and problem-solving skills, adopting a positive approach and displaying flexibility of mind when encountering new situations. You will display attention to detail and discretion in dealing with confidential topics and senior stakeholders.You will have experience of, or a strong interest in, emerging technologies and their security implications, including artificial intelligence (AI), post-quantum cryptography/computing, and cloud concepts (for example shared responsibility models, identity and access management, and secure-by-design cloud services).You will need to be analytical and inquisitive, probing for information where appropriate to understand business context and reasoning. You will be a trusted partner for your areas of the organisation and demonstrate an understanding of how to appropriately challenge security decisions, including those made by senior stakeholders.BehavioursWe'll assess you against these behaviours during the selection process:

• Leadership
• Delivering at Pace
• Making Effective Decisions
• Seeing the bigger picture
• Communicating and Influencing

Technical Skills

We may assess your current level of knowledge of cyber security and risk management during the selection process.

Person specification

Please refer to Job Description

Qualifications

Please answer 'yes' to meeting the qualification requirements if you are either:

1) Qualified and full member of a professional accountancy body (CCAB or CIMA) or
2) willing to work towards the qualification/membership.

If you are answering yes to option 2, please upload a note indicating your willingness to work towards the qualification.

Behaviours

We'll assess you against these behaviours during the selection process:

• Leadership
• Delivering at Pace
• Making Effective Decisions
• Seeing the Big Picture
• Communicating and Influencing

Benefits

Alongside your salary of £42,914, Ministry of Justice contributes £12,432 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• Access to learning and development
• A working environment that supports a range of flexible working options to enhance your work life balance
• A working culture which encourages inclusion and diversity
• A Civil Service pension with an employer contribution of 28.97%
• Annual Leave
• Public Holidays
• Season Ticket Advance

For more information about the recruitment process, benefits and allowances and answers to general queries, please click the below link which will direct you to our Candidate Information Page.

Link: https://justicejobs.tal.net/vx/candidate/cms/About%20the%20MOJ

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience.

https://justicejobs.tal.net/vx/candidate/cms/About%20the%20MOJ

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : SSCL Recruitment Enquiries Team
• Email : moj-recruitment-vetting-enquiries@resourcing.soprasteria.co.uk
• Telephone : 0345 241 5359

Recruitment team

• Email : moj-recruitment-vetting-enquiries@resourcing.soprasteria.co.uk

Further information

Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. If you feel a department has breached the requirement of the Recruitment Principles and would like to raise this, please contact SSCL (Moj-recruitment-vetting-enquiries@gov.sscl.com) in the first instance. If the role has been advertised externally (outside of the Civil Service) and you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their web pages: http://civilservicecommission.independent.gov.uk/civil-service-recruitm…

https://jobs.justice.gov.uk/careers/JobDetail/17884?entityId=17884