Supplier Security Assurance Analyst

Department for Environment, Food and Rural Affairs

Apply before 11:55 pm on Thursday 13th May 2021


Reference number



£35,895 - £43,847
National: £35,895 - £40,613, London: £38,751 - £43, 847


Senior Executive Officer

Contract type


Business area

DEFRA - Digital, Data and Technology Services (DDTS)

Type of role

Information Technology

Working pattern

Flexible working, Full-time, Job share, Part-time

Number of posts



The post holder must be attached to one of the Defra National offices. Space in the London office is limited, and it may not be possible to work from there.

About the job


Located within DDTS, Defra Group Security are creating a Supplier Security Assurance function to gain visibility of, and help manage, the risks to Defra’s services, data and ICT infrastructure from its IT suppliers. This is a growing area of work.

The Supplier Security Assurance function within DDTS is recruiting a Supplier Security Assurance Analyst with a strong interest, skills and experience to support the delivery of the department’s supplier security assurance agenda. Working in collaboration with a range of internal and external stakeholders to set & communicate minimum security requirements and encourage continuous improvement of security assurance for suppliers.

Job description

This is a critical role coordinating and delivering security risk management activity within the supplier assurance environment, enabling a clear and realistic view of security risk within our supply chain.

You will be a member of a team managing the day to day security risk of the supply chain through all stages of the Defra supplier lifecycle: from supplier selection and on-boarding, ongoing supplier assessments, supplier issue management and status reporting, through to end of contract.

Successful candidates must be willing to undertake SC clearance prior to taking up duty. Please see below for additional Security Clearance details.


• Ensuring that suppliers of IT services to Defra effectively risk manage departmental information. Postholder will be involved in the design and Management operation of our overarching assurance framework and processes towards supplier security assurance:
- Focussing attention and resources onto the highest impact suppliers/contracts
- Improving supplier compliance with recognised security standards and best practice
- Identifying potential information risks that can arise from contracting with a specific supplier, so that proportionate and appropriate arrangements are put in place

• Ensure that all business areas include proportionate and appropriate security requirements and due diligence within supplier bid/procurement processes.

• Involvement in setting up and operating mechanisms to monitor the effectiveness of the supplier security assurance framework, adjusting these as necessary

• Collaborate with the business in order to provide suppliers with early insight into the mandatory minimum security requirements expected of them during the life of a contract.

• Conduct assurance activities post contract award to ensure suppliers maintain compliance with minimum security requirements throughout contract lifecycle.

• Production of regular Management Information/reporting

• Conduct supplier security assessments (via remote questionnaire or on-site visits).

• Supporting the review of supplier contract compliance with Defra's security schedules and clauses.

• Establishing and maintaining excellent relationships with internal and external partners to influence their activities and promote and enhance supplier security assurance.

Skills and Experience
• Experience of undertaking technical and information risk assessments/ using good practice standards such as ISO 27001

• A clear understanding of Information Security and Risk Management.

• Experience of analysing disparate sources of security information quickly and providing sound advice and recommendations on requirements to stakeholders at all levels.

• Proven excellent written and verbal communication skills with a range of stakeholders at different levels and the ability to build strong working relationships internally and externally.

• Effective decision making, using evidence, available data and personal knowledge to provide clear, accurate and professional decisions.

• Able to assess business context and apply it to security assurance.

• Understanding of and/or experience of working with security audit techniques.

• Good knowledge of security controls.

• Understanding of and/or experience of working with Legal and Commercial teams to deliver security outcomes.

• An advocate of continuous improvement, enjoying the challenge and benefits that this can bring to your own work and that of the team.


We'll assess you against these behaviours during the selection process:

  • Making Effective Decisions
  • Communicating and Influencing
  • Working Together

We only ask for evidence of these behaviours on your application form:

  • Making Effective Decisions

Technical skills

We'll assess you against these technical skills during the selection process:

  • Information Security SCTY - Responsibility Level 6 (SFIA V7.0) (Please see SFIA Attachment for full details of both Technical Skills)
  • Information Assurance INAS - Responsibility Level 6 (SFIA V7.0) (Please see SFIA Attachment for full details of both Technical Skills)


Equality, diversity and inclusion
We have strong staff networks covering mental health, disability and other needs. We also have a range of special leave policies for hospital appointments and will put reasonable adjustments in place for people who need them.

The department places significant emphasis on talent programmes that help everyone to achieve their full potential.

The Civil Service as a whole is committed to providing a work environment free from discrimination, harassment, bullying and victimisation. Support available includes a Bullying and Harassment network and mediation services.

Your pension is a valuable part of your total reward package.

Defra contributes at a rate between 20% and 24.5%, dependent upon salary. Pension contributions you make are deducted from your salary before tax is taken.

Generous annual leave and bank holiday allowance
Defra offers 25 days’ annual leave (rising, over 5 years, to 30 days) for full time new entrants to the Civil Service. Employees receive 8 public holidays a year, plus an additional day in May to mark the Queen’s birthday.

Staff recognition
We have a Staff Recognition Scheme to reward exemplary work.

Learning and development
All new employees joining (and returning to) Defra will have an induction to the department, our work and policies. You will have access to a broad range of learning and development opportunities with world class providers.

Mentoring and coaching
Mentoring is way of developing your career and boosting your confidence that benefits both mentor and mentee. All our employees have the opportunity to work with a mentor or coach, if they wish to.

Defra employees are entitled to 3 days’ special leave with pay, each year, for volunteering. We encourage our employees to take this up: it can be a great way to share skills with worthy charitable causes, while developing new insights and stronger links with the civil society sector.

We fully support reservists and offer 15 days’ special leave with pay for training

Childcare vouchers
The government has introduced the Tax-Free Childcare scheme. Working parents can open an online childcare account and, for every £8 they pay in, the government adds £2, up to a maximum of £2,000 a year for each child or £4,000 for a disabled child. Parents can then use the funds to pay for registered childcare.

Bicycle loan schemes
Defra offers interest-free loans towards the cost of a bike and the Cycle to Work scheme. Defra ‘lends’ you a bike for your commute as a tax-free benefit. At the end of the loan period, you have the option to buy the bike, saving 30% of the original cost.

Season ticket loan
We offer interest-free season ticket loans to all Defra employees with more than three months’ service, for purchasing train and bus season tickets, as well as station car parking.

Sick pay
We have a supportive sick pay policy. Pay progressively increases, by length of service, beginning at one month’s sick pay in your first year.

Employee discounts
Defra employees have access to a range of discounts at hundreds of top retailers via our employee discount scheme.

Give as you earn
Defra is registered with the Give as You Earn scheme, which enables you to make regular deductions directly from your salary, in support of a chosen charity. This is simple and tax efficient.

Flexible working
Defra is committed to providing a great place to work and is open to smarter ways of working that let you choose how, when and where you want to work in line with business needs. This includes the ability to work from home, work compressed hours and choose from a range of locations suited to when and where you need to be.

Our offices have fitness centres, staff canteens and many more facilities. You can discuss where you will be based and the amount of travel you will need to do at the interview with the vacancy holder.

Employee assistance programme
This is a free and confidential 24/7 telephone advice service available to all our staff.

Occupational health service
Provides a range of support services, to optimise attendance and performance at work.

Sports and social association
Promotes sports and social activities and organises our annual sports day and staff lottery.

Things you need to know


Successful candidates must pass a disclosure and barring security check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check.

See our vetting charter.
People working with government assets must complete basic personnel security standard checks.

Selection process details

This vacancy is using Success Profiles, and will assess your Behaviours, Experience and Technical skills.
Application Process
As part of the application process you will be asked to complete a CV, personal statement, a behaviour and two technical statements.

Your personal statement should be no longer than 750 words, and should be aligned to the following guidance: Please refer to the skills and experience sections of this advert to show how you’re suitable for the role

Further details around what this will entail are listed on the application form.

Should a large number of applications be received, an initial sift may be conducted using the lead Behaviour, Making Effective Decisions. Candidates who pass the initial sift may be progressed to a full sift, or progressed straight to assessment/interview.

Sift and interview dates as well as the interview location to be confirmed.

If successful at application stage, you will be invited to interview where you will be assessed on your experience, the listed Behaviours & Technical Skill.

A presentation or additional exercise may also be assessed.

Reserve List
A reserve list may be held for a period of 12 months from which further appointments can be made.

New entrants are expected to start on the minimum of the pay band.

Reasonable Adjustment
If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.

If you need a change to be made so that you can make your application, you should:

- Contact Government Recruitment Service via as soon as possible before the closing date to discuss your needs.
- Complete the “Assistance required” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.

Criminal Record Check
If successful and transferring from another Government Department, a criminal record check maybe carried out.

In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service on your behalf. However, we recognize in exceptional circumstance some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing stating the job reference number in the subject heading.

Childcare Vouchers
Any move to Defra from another employer will mean you can no longer access childcare vouchers. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at

Internal Fraud Database Check
Applicants who are successful at interview will be, as part of pre-employment screening subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

If you are experiencing accessibility problems with any attachments on this advert, please contact
the email address in the Contact point for applicants section.

We are closely monitoring the situation with regard to Coronavirus, and will be following central Government advice as it is issued. There is therefore a risk that recruitment to this post may be subject to change at short notice. Please continue to follow the application process as normal and ensure that you check your emails regularly for any updates from us as this is how we will communicate with you.

Feedback will only be provided if you attend an interview or assessment.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the Republic of Ireland
  • nationals from the EU, EEA or Switzerland with (or eligible for) status under the European Union Settlement Scheme (EUSS)
  • relevant EU, EEA, Swiss or Turkish nationals working in the Civil Service
  • relevant EU, EEA, Swiss or Turkish nationals who have built up the right to work in the Civil Service
  • certain family members of the relevant EU, EEA, Swiss or Turkish nationals
Further information on nationality requirements

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles.
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Apply and further information

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :
Name :  Damian Sills
Email :
Recruitment team :
Email :

Further information

Complaints: If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, in the first instance, you should contact Government Recruitment Services via email: If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission: Click here to visit Civil Service Commission


SFIA7 Opens in new window (pdf, 1329kB)

Share this page