The post holder must be attached to one of the Defra National offices. Space in the London office is limited, and it may not be possible to work from there.
About the job
Located within DDTS, Defra Group Security are creating a Supplier Security Assurance function to gain visibility of, and help manage, the risks to Defra’s services, data and ICT infrastructure from its IT suppliers. This is a growing area of work.
The Supplier Security Assurance function within DDTS is recruiting a Supplier Security Assurance Analyst with a strong interest, skills and experience to support the delivery of the department’s supplier security assurance agenda. Working in collaboration with a range of internal and external stakeholders to set & communicate minimum security requirements and encourage continuous improvement of security assurance for suppliers.
This is a critical role coordinating and delivering security risk management activity within the supplier assurance environment, enabling a clear and realistic view of security risk within our supply chain.
You will be a member of a team managing the day to day security risk of the supply chain through all stages of the Defra supplier lifecycle: from supplier selection and on-boarding, ongoing supplier assessments, supplier issue management and status reporting, through to end of contract.
Successful candidates must be willing to undertake SC clearance prior to taking up duty. Please see below for additional Security Clearance details.
Responsibilities• Ensuring that suppliers of IT services to Defra effectively risk manage departmental information. Postholder will be involved in the design and Management operation of our overarching assurance framework and processes towards supplier security assurance:
- Focussing attention and resources onto the highest impact suppliers/contracts
- Improving supplier compliance with recognised security standards and best practice
- Identifying potential information risks that can arise from contracting with a specific supplier, so that proportionate and appropriate arrangements are put in place
• Ensure that all business areas include proportionate and appropriate security requirements and due diligence within supplier bid/procurement processes.
• Involvement in setting up and operating mechanisms to monitor the effectiveness of the supplier security assurance framework, adjusting these as necessary
• Collaborate with the business in order to provide suppliers with early insight into the mandatory minimum security requirements expected of them during the life of a contract.
• Conduct assurance activities post contract award to ensure suppliers maintain compliance with minimum security requirements throughout contract lifecycle.
• Production of regular Management Information/reporting
• Conduct supplier security assessments (via remote questionnaire or on-site visits).
• Supporting the review of supplier contract compliance with Defra's security schedules and clauses.
• Establishing and maintaining excellent relationships with internal and external partners to influence their activities and promote and enhance supplier security assurance.
Skills and Experience
• Experience of undertaking technical and information risk assessments/ using good practice standards such as ISO 27001
• A clear understanding of Information Security and Risk Management.
• Experience of analysing disparate sources of security information quickly and providing sound advice and recommendations on requirements to stakeholders at all levels.
• Proven excellent written and verbal communication skills with a range of stakeholders at different levels and the ability to build strong working relationships internally and externally.
• Effective decision making, using evidence, available data and personal knowledge to provide clear, accurate and professional decisions.
• Able to assess business context and apply it to security assurance.
• Understanding of and/or experience of working with security audit techniques.
• Good knowledge of security controls.
• Understanding of and/or experience of working with Legal and Commercial teams to deliver security outcomes.
• An advocate of continuous improvement, enjoying the challenge and benefits that this can bring to your own work and that of the team.
We'll assess you against these behaviours during the selection process:
- Making Effective Decisions
- Communicating and Influencing
- Working Together
We only ask for evidence of these behaviours on your application form:
- Making Effective Decisions
We'll assess you against these technical skills during the selection process:
- Information Security SCTY - Responsibility Level 6 (SFIA V7.0)
(Please see SFIA Attachment for full details of both Technical Skills)
- Information Assurance INAS - Responsibility Level 6 (SFIA V7.0)
(Please see SFIA Attachment for full details of both Technical Skills)
Equality, diversity and inclusion
We have strong staff networks covering mental health, disability and other needs. We also have a range of special leave policies for hospital appointments and will put reasonable adjustments in place for people who need them.
The department places significant emphasis on talent programmes that help everyone to achieve their full potential.
The Civil Service as a whole is committed to providing a work environment free from discrimination, harassment, bullying and victimisation. Support available includes a Bullying and Harassment network and mediation services.
Your pension is a valuable part of your total reward package.
Defra contributes at a rate between 20% and 24.5%, dependent upon salary. Pension contributions you make are deducted from your salary before tax is taken.
Generous annual leave and bank holiday allowance
Defra offers 25 days’ annual leave (rising, over 5 years, to 30 days) for full time new entrants to the Civil Service. Employees receive 8 public holidays a year, plus an additional day in May to mark the Queen’s birthday.
We have a Staff Recognition Scheme to reward exemplary work.
Learning and development
All new employees joining (and returning to) Defra will have an induction to the department, our work and policies. You will have access to a broad range of learning and development opportunities with world class providers.
Mentoring and coaching
Mentoring is way of developing your career and boosting your confidence that benefits both mentor and mentee. All our employees have the opportunity to work with a mentor or coach, if they wish to.
Defra employees are entitled to 3 days’ special leave with pay, each year, for volunteering. We encourage our employees to take this up: it can be a great way to share skills with worthy charitable causes, while developing new insights and stronger links with the civil society sector.
We fully support reservists and offer 15 days’ special leave with pay for training
The government has introduced the Tax-Free Childcare scheme. Working parents can open an online childcare account and, for every £8 they pay in, the government adds £2, up to a maximum of £2,000 a year for each child or £4,000 for a disabled child. Parents can then use the funds to pay for registered childcare.
Bicycle loan schemes
Defra offers interest-free loans towards the cost of a bike and the Cycle to Work scheme. Defra ‘lends’ you a bike for your commute as a tax-free benefit. At the end of the loan period, you have the option to buy the bike, saving 30% of the original cost.
Season ticket loan
We offer interest-free season ticket loans to all Defra employees with more than three months’ service, for purchasing train and bus season tickets, as well as station car parking.
We have a supportive sick pay policy. Pay progressively increases, by length of service, beginning at one month’s sick pay in your first year.
Defra employees have access to a range of discounts at hundreds of top retailers via our employee discount scheme.
Give as you earn
Defra is registered with the Give as You Earn scheme, which enables you to make regular deductions directly from your salary, in support of a chosen charity. This is simple and tax efficient.
Defra is committed to providing a great place to work and is open to smarter ways of working that let you choose how, when and where you want to work in line with business needs. This includes the ability to work from home, work compressed hours and choose from a range of locations suited to when and where you need to be.
Our offices have fitness centres, staff canteens and many more facilities. You can discuss where you will be based and the amount of travel you will need to do at the interview with the vacancy holder.
Employee assistance programme
This is a free and confidential 24/7 telephone advice service available to all our staff.
Occupational health service
Provides a range of support services, to optimise attendance and performance at work.
Sports and social association
Promotes sports and social activities and organises our annual sports day and staff lottery.
Things you need to know
Successful candidates must pass a disclosure and barring security check.
Selection process details
This vacancy is using Success Profiles
, and will assess your Behaviours, Experience and Technical skills.
As part of the application process you will be asked to complete a CV, personal statement, a behaviour and two technical statements.
Your personal statement should be no longer than 750 words, and should be aligned to the following guidance: Please refer to the skills and experience sections of this advert to show how you’re suitable for the role
Further details around what this will entail are listed on the application form.
Should a large number of applications be received, an initial sift may be conducted using the lead Behaviour, Making Effective Decisions. Candidates who pass the initial sift may be progressed to a full sift, or progressed straight to assessment/interview.
Sift and interview dates as well as the interview location to be confirmed.
If successful at application stage, you will be invited to interview where you will be assessed on your experience, the listed Behaviours & Technical Skill.
A presentation or additional exercise may also be assessed.
A reserve list may be held for a period of 12 months from which further appointments can be made.
New entrants are expected to start on the minimum of the pay band.
If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.
If you need a change to be made so that you can make your application, you should:
- Contact Government Recruitment Service via firstname.lastname@example.org as soon as possible before the closing date to discuss your needs.
- Complete the “Assistance required” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.
Criminal Record Check
If successful and transferring from another Government Department, a criminal record check maybe carried out.
In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service on your behalf. However, we recognize in exceptional circumstance some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-Employment.Checks@cabinetoffice.gov.uk stating the job reference number in the subject heading.
Any move to Defra from another employer will mean you can no longer access childcare vouchers. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk
Internal Fraud Database Check
Applicants who are successful at interview will be, as part of pre-employment screening subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.
If you are experiencing accessibility problems with any attachments on this advert, please contact
the email address in the Contact point for applicants section.
We are closely monitoring the situation with regard to Coronavirus, and will be following central Government advice as it is issued. There is therefore a risk that recruitment to this post may be subject to change at short notice. Please continue to follow the application process as normal and ensure that you check your emails regularly for any updates from us as this is how we will communicate with you.
Feedback will only be provided if you attend an interview or assessment.
Working for the Civil Service
The Civil Service Code
sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
Apply and further information
Once this job has closed, the job advert will no longer be available.
You may want to save a copy for your records.
Contact point for applicants
|Job contact :|
|Name : || ||Damian Sills|
|Email : || ||Damian.email@example.com|
|Recruitment team :|
|Email : || ||firstname.lastname@example.org|
If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, in the first instance, you should contact Government Recruitment Services via email: email@example.com. If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission: Click here
to visit Civil Service Commission