Senior Security Risk Assurance Manager

Department for Work and Pensions

Apply before 11:55 pm on Sunday 16th May 2021

 

Reference number

109804

Salary

£35,310 - £45,018
The salary for this role is from £35,310 up to £40,666 (National) and from £39,301 up to £45,018 (London).

Grade

Senior Executive Officer

Contract type

Permanent

Business area

DWP - Finance - Security & Data Protection

Type of role

Security

Working pattern

Flexible working, Full-time, Job share, Part-time

Number of posts

10

Location

Blackpool, Leeds, London, Manchester, Newcastle-upon-Tyne, Sheffield

About the job

Summary

Join our new Security Risk Assurance Team and help us drive continuous improvement across the Security Assurance service in DWP.

We are looking for enthusiastic candidates to become part of an exciting and growing area of work who demonstrate a willingness to learn and develop their knowledge to help drive performance and deliver a positive and efficient service.

This is a key role in supporting the DWP Security Strategy by providing internal independent assurance to Senior Leaders, service owners, stakeholders and relevant external bodies that strategic security risks to DWP business objectives are being managed effectively.
This roles supports the vital second line of assurance within the Governments three lines of defence model.

This is an ideal opportunity to become part of a specialised function as a Government Security Assurance Professional.

Successful applicants must be willing to travel to other DWP locations, with occasional overnight stays required (dependent on COVID restrictions).

Successful candidates must be willing to undertake security vetting to Security Check (SC) level before taking up duty.

Job description

About the team:

DWP is at the forefront of risk and controls based security within Government and leading on the tranches of the Transformed Security model in HMG. Within DWP, the Enterprise Security Risk Management (ESRM) Security Risk Assurance team:

• Provides impartial assurance that strategic security risks to DWP business objectives are managed effectively.

• Provide the DWP executive team (ET) and senior leadership with confidence that business processes, projects and supporting assets are well protected and effectively risk managed by DWP.

• Provide DWP ET with assurance that the security of Department is sufficient to enable them to meet their DWP Business Objectives.

• Provide DWP ET with a professional opinion of where and how the departments security posture could be improved.

The Security Risk Assurance team undertake multiple activities to gather evidence on the security of DWP assets e.g. interviews, sampling, design review, IT health checks and controls testing. The team analyse findings from these activities to provide confidence that DWP is sufficiently secured against the NIST cyber security framework and make recommendations for areas for investment and improvement.

About the role:

A Senior Security Risk Assurance Manager will work within a team to determine what information and evidence is required to enable the assurance activity to be undertaken. Utilising security knowledge to provide security assurance, and therefore confidence, to the product owner that their product is appropriately secured and therefore that DWP is secure to deliver its priorities. They will:

• Identify sources of the information and support the Higher Executive Officer (HEO) in obtaining and analysing the information, resolving issues where necessary.

• Lead the production of the assurance report which will provide confidence to product owners.

Successful candidates must be prepared to undergo SC clearance prior to taking up duty.

Responsibilities

The roles and responsibilities include, but are not restricted to the following:

• To research, evaluate and interpret evidence to provide a holistic and robust opinion on the security posture of People, Process and Technology.

• Create evidence based findings and recommendations for improvement on areas where assurance has been undertaken and found to be of a low level.

• Identify and share good practises whilst undertaking assurance activities.

• Testing and verifying the effectiveness of controls in achieving the desired security outcome, rather than focusing purely on whether the right ones are in place.

• Provide recommendations where additional activities will support the assurance activities and further activities or testing may be required e.g. IT health checks, control and vulnerability assessments.

• To provide assurance after a security incident has been identified, addressed and closed, as necessary.

• To participate in security investigations as needed, representing assurance reports and providing clarity on findings.

• To identify and assess existing/new threats (threat actor and vectors) and security alerts, and provide assurance against current state of controls suitability and strategic direction of travel.

• Proactively develop your own skills and knowledge and those of the wider team, to enable continuous improvement of the service

Essential criteria:

The right candidate for this role will be able to demonstrate the essential criteria listed below:

• Understand and interpret information quickly; provide advice and guidance on requirements to stakeholders at all levels.

• An effective decision maker, who utilises evidence, available data and personal knowledge to provide clear, accurate and professional decisions.

• An understanding of Information Security and Risk Management.

• Self-motivated with a passion for security and technology, a willingness to develop your skills, to enable career enhancement within security and risk management.

• The ability to thrive in a challenging environment, working to tight deadlines while prioritising a large and varied workload.

• Have proven leadership experience and the ability to engage, negotiate and communicate easily and confidently with people at all level.

Desirable qualifications

These qualifications are desirable and where not already in place, successful applicants may be required to work towards gaining them - CGEIT, 27005 risk management professional, ISO27001 Lead Auditor, PCIRM, COMTIA security+

Desirable past experience and skills includes but is not limited to –

• Security management or analysis experience.

• An understanding of security controls (technical, procedural, personnel and physical).

• Knowledge of technical applications and architectures.

• Knowledge of third party security assurance methods and deliverables.

• Understanding of the NIST Cyber Security Framework.

• Understanding of Information Security Management Systems and risk assessment methodologies.

• Understanding of security monitoring and testing processes such as vulnerability scanning, penetration testing, SIEM, IDS.

Behaviours

We'll assess you against these behaviours during the selection process:

  • Making Effective Decisions
  • Delivering at Pace
  • Communicating and Influencing

Technical skills

We'll assess you against these technical skills during the selection process:

  • Business Skills
  • Communication and knowledge sharing

Benefits

• Family friendly work policies
• Flexible working hours
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension
• 25 days Annual Leave and Bank holidays from day 1 of employment (30 days’ post qualifying period)
• Paid training courses to gain relevant qualifications
• Discount schemes
• Travel to work schemes/loans

Salary Information:

The salary for this role is from £35,310 up to £40,666 (National) and from £39,957 up to £45,018 (London). There is also a recruitment and retention allowance of £7000 available (the award of retention allowance is reviewed on an annual basis each November).

Our offer to successful candidates will be based on an assessment of your skills and experience as demonstrated at interview.

Existing Civil Servants:

For existing Civil Servants normal civil service rules on successful appointment will apply.

Those who secure a new role on lateral transfer will maintain their current salary. Existing Civil Servants who gain promotion may move to the bottom of the next grade pay scale or 10% increase in salary whichever would be the greater. Only in very few circumstances (where there have been exceptional skills demonstrated which are in limited supply for example) may existing Civil Servants be able to negotiate their starting salary if the role has been advertised externally, prior to accepting the post.

Things you need to know

Security

Successful candidates must pass a disclosure and barring security check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check.

See our vetting charter.
People working with government assets must complete basic personnel security standard checks.

Selection process details

This vacancy is using Success Profiles, and will assess your Behaviours, Experience and Technical skills.
Stage 1: Application & Sift

As part of the application process you will be asked to complete a CV & personal statement. Further details around what this will entail are listed in the advert.

All applications will be assessed and sifted based on the essential criteria in the advert, using the information you provide in your completed application form. The sift panel will use the information relating to your employment history (your CV) and your personal statement to assess your experience, skills and knowledge.

When giving details of your employment history, you should therefore include details of the work and projects that you have been involved in, and your role therein.

Applications must include:

A. A completed Personal Details application form.

B. A curriculum vitae* with education, professional qualifications and full employment history, giving details of key achievements relevant to the skills and experience outlined in this job description. Please limit each role to no more than 200 words.

C. A personal statement outlining how you meet the essential criteria as detailed in the job advert in no more than 1250 words.

A NOTE ON ANONYMISATION

*Due to DWP’s use of anonymised recruitment practices it is not possible for applicants to upload/attach a CV; any information that you would customarily share on a CV should therefore be entered onto the application form. Please ensure you provide sufficient information to enable to sift panel to make an informed judgement about your suitability for this role.

IMPORTANT INFORMATION

Please include all other information that you would customarily provide when presenting a CV/cover letter, as the sift panel use this information to assess your application.

DWP operates an anonymised recruitment process. When entering information relating to your employment history you will be asked to remove any personal details that could be used to identify you. This relates to name and contact details which might usually appear on your CV/Cover letter.

Failure to do so will result in your application being withdrawn.

Stage 2 – Interview

The final stage of the process will be a video interview where you will be assessed against the behaviours and technical skills outlined in the advert.

Candidates who are invited to interview will be asked to deliver a 5 minute presentation to the panel. Details of what this will entail will be provided prior to the interview.

Only candidates that have been successful at the previous stage will be invited to attend.

If at any time through the selection process you do not meet the minimum standard required for this role, we may contact you to discuss an alternative position.

Sift and Interview information

Applications will be sifted at regular intervals from the date the posts are advertised, so please apply as soon as you can, do not wait until the end of the campaign.

Sifting for this role will be concluded as soon as possible after the advert closes.

Interviews will take place from 27th May 2021.

Further Information

Reasonable adjustment
If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.

If you need a change to be made so that you can make your application, you should:

Contact Government Recruitment Service via DWPrecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs.

Complete the “Assistance required” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.

If successful and transferring from another Government Department a criminal record check may be carried out.

Applicants who are successful at interview will be, as part of pre-employment screening subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.

New entrants are expected to join on the minimum of the pay band.

In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service on your behalf. However, we recognise in exceptional circumstance some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.grs@cabinetoffice.gov.uk stating the job reference number in the subject heading.

Any move to DWP from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk.

A reserve list may be held for a period of 6 months from which further appointments can be made.

Before applying for this vacancy, current employees of DWP should check whether a successful application would result in changes to their terms & conditions of employment, e.g. mobility, pay, allowances. Civil Servants that would transfer into DWP from other government organisations, following successful application, will assume DWP's terms & conditions of employment current on the day they are posted, unless DWP has stated otherwise in writing.

If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.

Feedback will only be provided if you attend an interview or assessment.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the Republic of Ireland
  • nationals from the EU, EEA or Switzerland with (or eligible for) status under the European Union Settlement Scheme (EUSS)
  • relevant EU, EEA, Swiss or Turkish nationals working in the Civil Service
  • relevant EU, EEA, Swiss or Turkish nationals who have built up the right to work in the Civil Service
  • certain family members of the relevant EU, EEA, Swiss or Turkish nationals
Further information on nationality requirements

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles.
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Apply and further information

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :
Name :  Stephanie Cato
Email :  Stephanie.cato@dwp.gov.uk
 
Recruitment team :
Email :  dwprecruitment.grs@cabinetoffice.gov.uk

Further information

If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should in the first instance contact DWP by email: HR.BUSINESSASSURANCE@DWP.GOV.UK. If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission here to visit Civil Service Commission

Share this page