Job Description

This role will deliver the agency’s security and privacy agenda. The postholder will be part of the Data, Knowledge and Information Management (DKIM) team, deputising for the Head of DKIM as necessary.

This role exists to ensure that information security remains front and centre in our digital transformation. You will be a skilled and experienced Information Security Officer with the ability to lead a team to deliver the agency’s security agenda.

This is a high profile role, leading a small team you will lead, coordinate and support information risk management and the Agency’s Information Security Management System.

Your role will include working with the Senior Information Risk Owner, and Data Protection Officer to make risk-based decisions on strategic and tactical issues, working with internal and external stakeholders at various levels.

You will work with network and architecture colleagues to review and influence designs of systems, and to provide substantial input into the transformation of the function in line with the Information Security Roadmap and significant projects.

The postholder will be expected to quickly get up to speed with agency culture and processes, not least so you are in a stronger position to share and develop the culture around cyber security and privacy.

Imagine having a talent that could benefit someone you’ve never met and solve problems you didn’t even know existed. Well, you do, and you can. And we’re here to help you do just that. At PSR we are the go-to place for talented contractors and temps for a rich variety of Civil Service Jobs.

As a Senior Cyber Security Risk Manager, you will:

• Be Responsible for Information Security within the Agency including risk assessment and information assurance, working closely with Data Protection Officer.
• Provide management, leadership, development and strategic direction for the Information Security function.
• Provide risk management and assurance to the Senior Information Risk Owner (SIRO), and the Audit and Risk Committee on cyber security.
• Maintain an awareness of emerging security risks and control technologies, procuring and managing services and tooling.
• Review security and privacy risks, designs and decisions for new and existing technology solutions, working closely with programme managers and digital delivery partners, managing our information security architecture service.
• Manage response to security incidents and data breaches, providing a pro-active and effective response.
• Own, maintain and embed appropriate cultural values of the agency’s security strategy, ensure continuous professional development through training, communication and educational activities.
• Manage and develop a framework of policies and procedures to support effective information security in the Agency.
• Work with colleagues within the Data, Knowledge and Information Management team to protect and govern information through an information lifecycle governance framework.

It would be great to also have:

• Previous Public Sector/ Central Government experience

Required Knowledge, Skills, and Abilities

Certified CISSP, ISO 27001 Lead Implementer or Auditor, and CISM qualifications or equivalent experience within the government security profession. Experience of communicating complex technical information relating to cybersecurity to a non-technical audience. Able to communicate effectively across organisational, technical and political boundaries, understand the context. Able to advocate and communicate what a team does to create trust and authenticity. Proven ability to develop and implement processes that ensure security and also meet the needs of the Agency. Significant experience of working within a risk management framework, making threat assessments and advising senior stakeholders on risk acceptance. Proven ability to lead a team of specialists through a period of change, and to build cyber security and privacy capabilities.