Job Description

The role is a diverse and challenging one that includes:

• Manages DIO Information Cyber Security and Advisory services including DIO TLB Accreditation Services.
• Provides constructive and impartial subject matter expert advice and guidance on all Information Cyber Security and Assurance queries to DIO stakeholders including Industry Partners.
• Acts as an impartial assessor of the risks that an information system may be exposed to in the course of meeting a business requirement and formally accredits that system on behalf of the DIO TLB or act as Security Assurance Coordinator (SAC) for CyDR accredited systems.
• Provides input into the development of the Information Cyber Security and Assurance Programme and conducts assurance checks and audits in line with the agreed programme.
• Maintains DIO Cyber Resilience documentation and conducts exercises against DIO Business Area’s Cyber Resilience Response Plans as part of an overarching Cyber Resilience programme.
• Provides ISO27001 advice and guidance and audit function.
• Manages the WARP function including supporting complex investigations and JSyCC engagement for DIO TLB.
• Crypto Custodian for DIO TLB and management of supporting Assistant Crypto Custodians to ensure adequate cover across the DIO estate.
• Accountable for the Information Technology Security Officer (ITSO) duties for DIO TLB including regional ITSOs across the DIO estate.
• Acts as Subject Matter Expert for IT Security, breach, ITSO and Crypto queries for DIO TLB and its Industry Partners.
• Manages the Information Cyber Security & Assurance education and awareness programmes to target areas of non-compliance and embed security as a BAU activity within DIO.
• Accountability for all ITSO audits and muster programmes for DIO.
• Assistant Data Protection Advisor supporting the Warning Advisory Reporting Point (WARP) and MOD Data Protection Officer in investigating data breaches.
• Advises and assist Information Asset Owners (IAOs) and project teams throughout the Data Protection Impact Assessment (DPIA) process and supports the DIO DPA with Subject Access Requests (SARs) and liaison with Freedom of Information (FOI) Team.
• Assists with the DIO Cyber Communication Plan ensuring key messages are developed and issued using the most appropriate media.
• Coordinates production of ITSO, WARP and Accreditation reports, statistics and updates for DIO stakeholders and MOD Centre.
• Communicates with senior stakeholders to present Information Cyber Security & Assurance findings that will support the continuous improvement of InfoCySec &IA in DIO.
• Tasks the DIO ITSO / WARP incumbent on a daily basis.

Behaviors

We'll assess you against these behaviors during the selection process:

• Making Effective Decisions
• Changing and Improving
• Leadership
• Communicating and Influencing
• Delivering at Pace
• Seeing the Big Picture

We only ask for evidence of these behaviors on your application form:

• Making Effective Decisions
• Changing and Improving

Benefits

• Highly competitive Pension Scheme
• Flexi-time scheme
• Alternative working practices such as working from home
• 25 days annual leave rising (1 day per year) to 30 days upon completion of 5 years’ service
• Ability to roll over up to 10 days annual leave per year
• In addition to 8 public holidays per year you will also receive leave for HM The Queen’s birthday
• Minimum of 15 Days Special Leave in a rolling 12-month period to for volunteer military or emergency service reserve commitments
• Special Paid Leave for volunteering up to 6 days a year
• Enhanced maternity, paternity and adoption leave
• Employee Assistance Programme to support your wellbeing
• Most sites have good travel links with free car parking; many also have other facilities such as a Sports & Social Club, Gym and / or site shops

Required Knowledge, Skills, and Abilities

Degree in the Information Cyber Security & Assurance discipline. Professional Membership in Information Security and Cyber (e.g.: Institute of Information Security Professionals (IISP), NCSC Certified Professional (CCP), ISACA CISM or ISC2 CIISP. MOD or OGD Accreditor and / or Security Assurance Coordinator (SAC) experience. ISO 27001 or ISO 9001 auditor experience. Data Protection Act (DPA18) experience including Subject Access Requests (SARS) and DPIAs. Defense Information Technology Security Officer (DITSO) experience. MOD or OGD Crypto Custodian experience. We'll assess you against these technical skills during the selection process: Information Risk Assessment & Risk Management NCSC Information Risk Assurance Skill 5.2 - Practitioner Please see page 271 of the framework document. Applied Security Capability NCSC Information Risk Assurance Skill 5.5 - Practitioner Please see page 271 of the framework document. Incident Management, Incident Investigation & Response NCSC CIISec Framework Skill F2 - Practitioner Please see page 271 of the framework document.