Lead/Senior Cyber Security Risk Manager
Department for Work and Pensions
Apply before 11:55 pm on Tuesday 4th October 2022
Type of role
Number of posts
Are you a Cyber Security Risk Manager that has worked in a large-scale organisation?
If yes, we want you to join us at DWP Digital.
These are critical roles coordinating and delivering the Digital Security Risk management programme of work, with risk driving security, enabling a clear, practical, and realistic view of Cyber Security Risk information. The role forms a vital First Line capability within the HMG three-line defence model.
As a Lead Cyber Security Risk Manager you will report directly to the Digital Security Risk Management Team Lead, you will Lead within the Digital Group to help deliver 1st line risk identification, assessment, remediation, and treatment of risks. You will lead the work to implement controls and make recommendations to address security vulnerabilities and control weaknesses in products, projects, and programmes, working with product owners and Subject Matter Experts to enable them to make well informed risk-based decisions whilst leading and influencing the management of tactical and strategic risks.
As a Senior Cyber Security Risk Manager you will work within the Digital Group to help deliver 1st line risk identification, assessment, remediation, and treatment of risks. You will identify controls, make recommendations to address security vulnerabilities and control weaknesses in products, projects, and programmes, working with product owners and Subject Matter Experts to enable them to make well informed risk-based decisions whilst leading and influencing management of tactical and strategic risks.
• The Cyber security Risk Manager role provides effective security Risk expertise, advice and support is delivered to business managers, Senior Risk Owners, and the Executive Team within DWP.
• Using evidence and knowledge to support accurate, expert decisions and advice. Carefully consider alternative options, implications, and risks of decisions. Support strategic development of the service vision with programmes, enabling the prioritisation and delivery of solutions with appropriate security controls to mitigate Cyber Security Risks through a structured risk management process.
•To ensure proportionate, risk-informed decisions about current and future security investments can be taken to protect the Department’s assets and improve the Department’s security risk posture.
• Manage and support Digital’s Cybersecurity risk management lifecycle by working to help deliver 1st line risk identification, assessment, remediation, and treatment of risks.
• Identify controls and make recommendations to address security vulnerabilities and control weaknesses in products, projects, and programmes, working with product owners and Subject Matter Experts to enable them to make well informed risk-based decisions whilst leading and influencing the management of tactical and strategic risks.
• Identify, capture, or contextualise risks and mitigating controls, enabling risk owners and managers to take responsibility for the management and maintenance of their security.
• Support the implementation of the Digital Governance Risk and Compliance methodology and day to day utilisation of the risk management toolsets at all levels from the design, delivery, and operations support stages. Ensuring the timely recording and updating of risks throughout the lifecycle.
• Work closely with Security & Data Protection and other internal and external stakeholders, to ensure Cyber Security threats, vulnerabilities, and opportunities with the potential to impact or improve resilience of Digital IT Infrastructure are identified, and / or reported appropriately.
• Embed a culture of effective and accurate security risk management and facilitate the governance of Digital Security Enterprise Risk Management within the four stages of the Security/Fraud Risk management lifecycle.
• Research and evaluate business processes in alignment to known/emerging Security risks and controls to ensure expert advice is provided.
• Take responsibility for delivering timely and quality results with focus and drive.
The key difference between the two advertised roles are: -
The Lead Cyber Security Risk Manager will provide leadership and direction for a team for professional cyber security risk managers and the pitch of the work and outputs will be pitched more towards board level and working strategically across government in high profile work areas and lead on the drive to embed security culture within the department.
The Senior Cyber Security Risk Manager role will be more focused at the delivery of 1st line security controls assessment and the risk identification, assessment and management of any gaps or control failings. Ensuring these are framed in a way which reflects all compensatory controls in place and are easily understood by non-technical senior business leaders so they can make informed management decisions.
The responsibilities are outlined in the job description above.
Technology Services provide the foundations upon which digital services for DWP are developed and operate. Our purpose is to deliver secure, effective and cost-efficient digital infrastructure services and to run live IT operations that support DWP business objectives. We do this by putting users and quality of service at the heart of what we do.
Our team is made up of 1,500 colleagues working collaboratively across 10 portfolio-led teams in a fast-moving environment. Our teams deliver an end-to-end suite of digital products and services that support DWP colleagues and citizens in an ever-evolving technology landscape. Our work is focused around the following 6 themes:
1. Delivering a digital workplace that improves the way we work. We provide the products and services to make our users' jobs easier, encourage greater collaboration and support flexibility in working patterns, locations and on devices of their choice – helping to drive forward DWP’s digital transformation.
2. Delivering high-quality and resilient IT services and support. We are embedding a Full Stack Service Model to integrate our IT operations and ensure our services meet existing and future network demand.
3. Building a world-class performance-focused user experience control centre. We have created an end-to-end, data-driven performance environment to measure our systems and ensure we keep the department functioning.
4. Exploiting and enhancing hybrid cloud services. We provide hybrid cloud services that balance on-premise and public cloud to offer true platform independence and optimum price performance.
5. Protecting and securing our services. We ensure our IT systems remain secure and available, resilient to natural and human-caused disaster – ensuring citizens always have access to our key services.
6. Developing our people, capability and skills. We have created a sustainable service by developing our people, bringing key skills in-house to DWP, giving our teams professional pathways to develop and opportunities to progress within Technology Services.
As we continue our journey to service excellence we have identified a number of opportunities to join our Technology Services team.
We'll assess you against these technical skills during the selection process:
- Information Risk Assessment and Management
- Applied Security Capability
- Protective Security
- Threat Understanding
• An employer pension contribution of up to 27% For further information please click here.
• Annual leave rising up to 30 days, (based on your working pattern).
• Family friendly flexible working arrangements, such as hybrid working, job sharing, term-time working, flexi-time and compressed hours.
• Learning and development tailored to your role this could include industry recognised qualifications, coaching and mentoring.
• An inclusive and diverse environment with opportunities to join staff networks including: Women’s Network, National Race Network, National Disability Network (THRIVE) and many more.
This job role may be suitable for hybrid working, which is where an employee works part of the week in their DWP office and part of the week from home. This is a voluntary, non-contractual arrangement and your office will be your contractual place of work. The number of days that anyone will be able to work at home will be determined primarily by business need but personal circumstances and other relevant circumstances will also be taken into account. If you are successful, any opportunities for hybrid working, including whether a hybrid working arrangement is suitable for you, will be discussed with you prior to you taking up your post.
Grade 6 Salary for this role is from £66.860 (Band min) to £74,392 (Band max).
Where the maximum salary of £74,392 is offered, a Digital Allowance of up to £7,067 per annum is available for exceptional candidates, based on our assessment of your skills and experience.
Grade 7 Salary for this role is from £50,155 (Band min) to £60,781 (Band max).
Where the maximum salary of £60.781 is offered, a Digital Allowance of up to £5,411 per annum is available for exceptional candidates, based on our assessment of your skills and experience.
Our offer to successful candidates will be based on an assessment of your skills and experience as demonstrated at interview.
Existing Civil Servants who secure a new role on lateral transfer should maintain their current salary.
Existing Civil Servants who gain promotion may move to the bottom of the next grade pay scale or 10% increase in salary whichever would be the greater.
Selection process details
Stage 1: Application
Applications must include:
1. A completed Personal Details application form.
2. A curriculum vitae including education, professional qualifications and full employment history, giving details of key achievements.
When giving details in your CV you should highlight your experience in line with essential criteria below:
• Leads complex risk assessments, interfacing routinely with senior management.
• Develops complex and innovative information risk management plans under supervision. Develops complex and innovative information risk management plans either as an individual or leading a team.
• Experience of leading corporate threat intelligence processes.
• Experience of leading development of corporate Information Security strategies.
• Certified in Risk and Information Systems Controls (CRISC), or equivalent risk management qualifications, and or proven knowledge of risk management frameworks – identification, assessment, risk response and mitigation, control monitoring and reporting.
The sift panel will use the information in your employment history and personal statement to assess your experience, skills and knowledge against the essential criteria above.
For Hints and Tips on completing your application visit our blog Getting Hired at DWP Digital
• Please attach your CV as a separate additional document in either PDF or word format.
• Personal details that could be used to identify you including your name, contact details and address must be removed for your application to be considered.
• Please do not include any personal details in your document title.
• If your CV contains any personal details your application may be withdrawn.
Stage 2: Interview
If you’re successful at sift stage you will be invited to a video interview via Microsoft Teams. There, you will be assessed against the following Technical Skills:
• Information Risk Assessment and Management: Enables the organisation to deliver balanced and cost-effective risk management decisions on situations with complex scope or significant risk. Ensures that risk is embedded into corporate governance processes.
• Applied security capability: Provides security advice that extends beyond particular technologies of which the candidate is familiar and draws upon and directs appropriate expertise to solve the bigger security problem. Ensures the overall technical coherence and quality of advice.
• Protective Security: Leads innovation in protective security, taking into account other specialisms/enablers and business drivers.
• Threat Understanding: Combines external threat information, organisational context and situational awareness to provide a holistic threat understanding capability, including the use of threat models.
You will be asked to do a short 10 minute presentation on a specific topic. Further details will be provided to candidates invited to interview.
Sift dates to be confirmed.
Interviews will take place Mid/Late October.
A reserve list may be held for a period of 6 months from which further appointments can be made.
Any move to DWP from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk
If successful and transferring from another Government Department a criminal record check may be carried out.
In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service on your behalf.
However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.firstname.lastname@example.org stating the job reference number in the subject heading.
Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.
A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.
You must meet the security requirements before you can be appointed. The level of security needed is security check.
For meaningful checks to be carried out individuals you will need to have lived in the UK for a sufficient period of time, to enable appropriate checks to be carried out and produce a result which provides the required level of assurance. Whilst a lack of UK residency in itself is not necessarily a bar to a security clearance, and expectation of UK residency may range from 3 to 5 years. Failure to meet the residency requirements needed for the role may result in the withdrawal of provisional jobs offers.
Before applying for this vacancy, current employees of DWP should check whether a successful application would result in changes to their terms & conditions of employment, e.g. mobility, pay, allowances. Civil Servants that would transfer into DWP from other government organisations, following successful application, will assume DWP's terms & conditions of employment current on the day they are posted, unless DWP has stated otherwise in writing.
At DWP we value diversity and inclusion and actively encourage and welcome applications from everyone, including those that are underrepresented in our workforce.
We consider visible and non-visible disabilities, neurodiversity or learning differences, chronic medical conditions, or mental ill health. Examples include dyslexia, epilepsy, autism, chronic fatigue, or schizophrenia.
If you need a change to be made so that you can make your application, you should:Contact Government Recruitment Service via Digitalrecruitment.email@example.com as soon as possible before the closing date to discuss your needs.
Complete the “Reasonable Adjustments” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.
If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.
Feedback will only be provided if you attend an interview or assessment.
Working for the Civil Service
Contact point for applicants
Job contact :
- Name : DWP Digital Group TS Recruitment
- Email : firstname.lastname@example.org
Recruitment team :
- Email : email@example.com
If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission. Click here to visit the Civil Service Commission.