Blackpool, Leeds, London, Manchester, Newcastle-upon-Tyne, Sheffield
About the job
Join our new Security Risk Assurance Team and help us drive continuous improvement across the Security Assurance service in DWP.
We are looking for enthusiastic candidates to become part of an exciting and growing area of work. who demonstrate a willingness to learn and develop their knowledge to help drive performance and deliver a positive and efficient service.
This is a key role in supporting the DWP Security Strategy by providing internal independent assurance to Senior Leaders, service owners, stakeholders and relevant external bodies that strategic security risks to DWP business objectives are being managed effectively.
This roles supports the vital second line of assurance within the Governments three lines of defence model.
This is an ideal opportunity to become part of a specialised function as a Government Security Assurance Professional.
Successful applicants must be willing to travel to other DWP locations, with occasional overnight stays required (dependent on COVID restrictions).
Successful candidates must be willing to undertake security vetting to Security Check ‘SC’ level before taking up duty.
About the team:
DWP is at the forefront of risk and controls based security within Government and leading on the tranches of the Transformed Security model in HMG. Within DWP, the Enterprise Security Risk Management (ESRM) Security Risk Assurance team:
• Provides impartial assurance that strategic security risks to DWP business objectives are managed effectively.
• Provide the DWP executive team (ET) and senior leadership with confidence that business processes, projects and supporting assets are well protected and effectively risk managed by DWP.
• Provide DWP ET with assurance that the security of Department is sufficient to enable them to meet their DWP Business Objectives.
• Provide DWP ET with a professional opinion of where and how the departments security posture could be improved.
The Security Risk Assurance team undertake multiple activities to gather evidence on the security of DWP assets e.g. interviews, sampling, design review, IT health checks and controls testing. The team analyse findings from these activities to provide confidence that DWP is sufficiently secured against the NIST cyber security framework and make recommendations for areas for investment and improvement.
About the role:
A Lead Security Risk Assurance Manager will lead and manage a team of Senior Executive Officers (SEOs) and Higher Executive Officers (HEOs) to ensure they have the right working environment and tools to deliver assurance activities.
• Engage collaboratively with stakeholders to set priorities for the team and communicate what is achievable.
• Encourage a culture of innovation focussed on adding value.
• Provide support and guidance to the SEOs and HEOs in their activities, resolving issues which cannot be resolved at SEO/HEO level.
• Collaborate and coordinate activities across teams to prioritise and optimise the work schedule.
• Confidently present findings at appropriate governance forums and meetings.
• Proactively develop team members, and themselves, to ensure an effective and efficient service is provided.
Successful candidates must be prepared to undergo SC clearance prior to taking up duty.
ResponsibilitiesThe roles and responsibilities include, but are not restricted to the following:
• Engage with stakeholders to ensure they are on board with the assurance activities being undertaken.
• Undertake scoping exercises, gaining agreement of key stakeholders on scope of assurance activities.
• Ensure activities aligns with strategic risks.
• Ensure scope aligns with NIST functions.
• To ensure SEO and HEO research, evaluation and interpretation of evidence provides a holistic and robust opinion on the security posture of people, processes and technology.
• Identifying the specific assurance needs of different business stakeholders and providing appropriate level of diligence against the requirement.
• Communication of identified good practises across policy process and design.
• Actively participate in the assurance activities, learning, sharing and re-applying skills and knowledge and bringing in good practice.
• Provide input to the G6 in respect of business cases for security investments.
• Assess whether recommendations by the SEO on supplementary activities are cost effective and provide value for money.
• To participate in security investigations as needed, representing assurance reports and providing clarity on findings.
• To identify and assess existing/new threats (threat actor and vectors) and security alerts, and provide assurance against current state of controls and strategic direction of travel.
• Responsible for the drafting of the assurance report and sign off the assurance report.
• Represent ESRM and report findings to stakeholders as required.
• Monitor and report on outcomes.
The right candidate for this role will be able to demonstrate the essential criteria listed below:
• Have proven leadership experience can demonstrate the ability to think strategically and engage, negotiate and communicate easily and confidently with people at all levels
• Self-motivated with a passion for security and technology, a willingness to develop your skills, to enable career enhancement within security and risk management
• An understanding of Information Security and Risk Management
• An effective decision maker, who utilises evidence, available data and personal knowledge to provide clear, accurate and professional decisions
• The ability to thrive in a challenging environment, working to tight deadlines while prioritising a large and varied workload
• Understand and interpret information quickly; provide advice and guidance on requirements to stakeholders at all levels via excellent communication skills
These qualifications are desirable and where not already in place, successful applicants may be required to work towards gaining them - CISM, CRISC, CISSP, CISA, CGEIT ISO27001 Lead Auditor.
Desirable past experience and skills includes but is not limited to –
• Experience of security management and analysis.
• Good understanding of security controls (technical, procedural, personnel and physical).
• Good understanding of security monitoring and testing processes.
• Good technical knowledge of applications and architectures.
• Good knowledge of third party security assurance methods and deliverables.
• Strong understanding of the NIST Cyber Security Framework.
• Experience of information security management systems and risk assessment methodologies.
We'll assess you against these behaviours during the selection process:
- Seeing the Big Picture
- Making Effective Decisions
We'll assess you against these technical skills during the selection process:
- Innovation and Business Improvement
- Management, Leadership and Influence
• Family friendly work policies
• Flexible working hours
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension
• 25 days Annual Leave and Bank holidays from day 1 of employment (30 days’ post qualifying period)
• Paid training courses to gain relevant qualifications
• Discount schemes
• Travel to work schemes/loans
The salary for this role is from £49,171 up to £59,589 (National) and from £52,817 up to £64,656 (London). There is also a recruitment and retention allowance of £7000 available (reviewed on an annual basis each November).
Our offer to successful candidates will be based on an assessment of your skills and experience as demonstrated at interview.
Existing Civil Servants
For existing Civil Servants normal civil service rules on successful appointment will apply.
Those who secure a new role on lateral transfer will maintain their current salary. Existing Civil Servants who gain promotion may move to the bottom of the next grade pay scale or 10% increase in salary whichever would be the greater. Only in very few circumstances (where there have been exceptional skills demonstrated which are in limited supply for example) may existing Civil Servants be able to negotiate their starting salary if the role has been advertised externally, prior to accepting the post.
Things you need to know
Successful candidates must pass a disclosure and barring security check.
Selection process details
This vacancy is using Success Profiles
, and will assess your Behaviours, Experience and Technical skills.
Stage 1: Application & Sift
As part of the application process you will be asked to complete a CV & personal statement. Further details around what this will entail are listed in the advert.
All applications will be assessed and sifted based on the essential criteria in the advert, using the information you provide in your completed application form. The sift panel will use the information relating to your employment history (your CV) and your personal statement to assess your experience, skills and knowledge.
When giving details of your employment history, you should therefore include details of the work and projects that you have been involved in, and your role therein.
Applications must include:
A. A completed Personal Details application form.
B. A curriculum vitae* with education, professional qualifications and full employment history, giving details of key achievements relevant to the skills and experience outlined in this job description. Please limit each role to no more than 200 words.
C. A personal statement outlining how you meet the essential criteria as detailed in the job advert in no more than 1250 words.
A NOTE ON ANONYMISATION
*Due to DWP’s use of anonymised recruitment practices it is not possible for applicants to upload/attach a CV; any information that you would customarily share on a CV should therefore be entered onto the application form. Please ensure you provide sufficient information to enable to sift panel to make an informed judgement about your suitability for this role.
Please include all other information that you would customarily provide when presenting a CV/cover letter, as the sift panel use this information to assess your application.
DWP operates an anonymised recruitment process. When entering information relating to your employment history you will be asked to remove any personal details that could be used to identify you. This relates to name and contact details which might usually appear on your CV/Cover letter.
Failure to do so will result in your application being withdrawn.
Stage 2 – Interview
The final stage of the process will be a video interview where you will be assessed against the behaviours and technical skills outlined in the advert.
Candidates who are invited to interview will be asked to deliver a 5 minute presentation to the panel. Details of what this will entail will be provided prior to the interview.
Only candidates that have been successful at the previous stage will be invited to attend.
If at any time through the selection process you do not meet the minimum standard required for this role, we may contact you to discuss an alternative position.
Sift and Interview information
Applications will be sifted at regular intervals from the date the posts are advertised, so please apply as soon as you can, do not wait until the end of the campaign.
Sifting for this role will be concluded as soon as possible after the advert closes.
Interviews will take place from 27th May 2021.
If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.
If you need a change to be made so that you can make your application, you should:
Contact Government Recruitment Service via DWPrecruitment.firstname.lastname@example.org as soon as possible before the closing date to discuss your needs.
Complete the “Assistance required” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.
If successful and transferring from another Government Department a criminal record check may be carried out.
Applicants who are successful at interview will be, as part of pre-employment screening subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.
A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.
New entrants are expected to join on the minimum of the pay band.
In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service on your behalf. However, we recognise in exceptional circumstance some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.email@example.com stating the job reference number in the subject heading.
Any move to DWP from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk.
A reserve list may be held for a period of 6 months from which further appointments can be made.
Before applying for this vacancy, current employees of DWP should check whether a successful application would result in changes to their terms & conditions of employment, e.g. mobility, pay, allowances. Civil Servants that would transfer into DWP from other government organisations, following successful application, will assume DWP's terms & conditions of employment current on the day they are posted, unless DWP has stated otherwise in writing.
If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.
Feedback will only be provided if you attend an interview or assessment.
Working for the Civil Service
The Civil Service Code
sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
Apply and further information
Once this job has closed, the job advert will no longer be available.
You may want to save a copy for your records.
Contact point for applicants
|Job contact :|
|Name : || ||Stephanie Cato|
|Email : || ||Stephanie.firstname.lastname@example.org|
|Recruitment team :|
|Email : || ||email@example.com|
If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should in the first instance contact DWP by email: HR.BUSINESSASSURANCE@DWP.GOV.UK. If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission here
to visit Civil Service Commission