Lead Information Security Manager (Corporate Risk Manager)
As a Lead Information Security Manager (Corporate Risk Manager) you will oversee the development of security, risk management and compliance procedures. This will include the overview of major breaches of security and the development of information security policies and procedures. This will include providing an oversight of risk and compliance across the Department. You will monitor the auditing regime of critical national infrastructure services and ensure all access to data held on national systems is conducted in accordance with policies and procedures. You monitor security audits and investigations into internal unauthorised activity on national systems and services. You will act as the escalation point for any issues arising and need to communicate the outcomes to senior stakeholders through the most appropriate channels. You will incorporate the risk information collected by risk assurers, auditors and from the supply chain, to ensure that the Departmental Cyber Security Risk picture is accurate and maintained. You will work closely with a number of senior stakeholders across Home Office to ensure all information security policies and procedures are understood and adhered to, in line with best practice standards, as well as providing SME advice to IT projects that need information security support and ensure that cyber security investment is properly targeted. You will show technical and personal leadership, setting the direction for the team while exercising line management duties. We often have similar roles available at different grades. If a candidate is suitable for a similar role or a lower grade than they have applied for, we may offer the candidate that role without the need for them to go through a further selection process providing the role has the same competencies and essential skills. Responsibilities Your main day to day responsibilities will be: Reviewing and providing final sign off for all risks highlighted by assurance, audit and supply chain assurance activities Overseeing the risk management process, Communicating effectively with senior stakeholders across a variety of teams to ensure they recognise the importance of security considerations and respond accordingly to changes in policy and procedure Agreeing and overseeing remedial solutions that are the most appropriate and beneficial for the organisation Advising medium to large sized/complexity IT projects on systems, mechanisms, protocols, processes and procedures that satisfy information security and risk policy and standards Other day to day activities You will also be expected to carry out the following day to day activities: Demonstrating leadership qualities by mentoring and line managing members of the Information Security community, supporting them to perform to their full potential and driving succession planning Leading on continual service improvement work to analyse current processes, identify and implement opportunities to optimise them, and deliver service improvements Providing ad hoc support/consultancy to IT teams by answering general enquiries about information security risk requirements Working closely with other OCISO colleagues to ensure the knowledge of the technical security requirements and standards are kept up to date Participating, contributing to and supporting collaboration initiatives and career development within the IT Operations community, building in-house capability via a professional community of practice Essential criteria You'll have a demonstrable passion for information security, with the following skills or strong experience in: Working in line with best practice principles for information security and risk management Absorbing potentially large amounts of conflicting information and using it to produce recommendations and solutions, leveraging analysis to enhance business performance Building effective relationships with senior stakeholders in order to raise awareness of the importance of security issues, as well as communicating the outcome of audits and investigations sensitively Ensuring that all suppliers carry out processes to ITIL standards, or those that are defined by DDaT, managing them to SLAs where they are in place Understanding how your current work fits into broader DDaT contexts and strategies so that deeper underlying problems and opportunities can be addressed and managed appropriately. The skills listed above are reflective of the Home Office DDaT Profession Skills and Competency Model (based on the industry standard SFIA framework, see attached.) Desirable criteria Ideally you will also have the following skills or some experience in: Developing and driving strategy for an Information Security team Driving continual service improvements through the measurement and challenge of services and processes, tools and capability Leading and directing teams to enable the day-to-day delivery of services Understanding of Lean, Agile and DevOps principles within a Product-centric delivery model Qualifications ITIL v3/v4 Expert is desirable ISEB Certificate in Information Security Management Principles (CiSMP) ISEB Practitioner Certificate in Information Risk Management is desirable Behaviours We'll assess you against these behaviours during the selection process: Communicating and Influencing Making Effective Decisions Managing a Quality Service Benefits Learning and development tailored to your role An environment with flexible working options A culture encouraging inclusion and diversity A Civil Service pension Things you need to know Security Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check . See our vetting charter . People working with government assets must complete basic personnel security standard checks. Selection process details This vacancy is using Success Profiles , and will assess your Behaviours and Experience. As part of the application process you will be asked to complete a CV and Personal Statement (Max Limit: 500 words). Further details around what this will entail are listed on the application form. Please note, your Personal Statement should demonstrate your suitability for the role, giving evidence of how you meet the Essential Criteria providing examples of experience and skills. Those successful at sift stage, will be invited to an interview which will focus on the behaviours listed above. Sift and Interview dates Sift will take place from the 8th April 2021 Interviews will take place week commencing the 26th April 2021 (Subject to change). Further information Please read the essential skills for this position carefully. We will only consider those who meet the listed requirement. If you have previously made an unsuccessful application for a role with the same essential skills and are not able to demonstrate how you have developed these skills since your last application please reconsider applying as your application is unlikely to be successful. A reserve list may be held for a period up to 12 months from which further appointment may be made. Every day, Home Office civil servants do brilliant work to develop and deliver policies and services that affect the lives of people across the country and beyond. To do this effectively and fairly, the Home Office is committed to representing modern Britain in all its diversity, and creating a welcoming, inclusive workplace where all our people are able to bring their whole selves to work and perform at their best. We are flexible, skilled, professional and diverse. We work to recruit and retain disabled staff and area Disability Confident Leader. We are proud to be one of the most ethnically diverse departments in the civil service. We are Stonewall top 100 Workplace Equality Employer and a Social Mobility Foundation top 75 employer. New entrants are expected to join on the minimum of the pay band. Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant's details held on the IFD will be refused employment. For further information please see the attached notes for candidates which must be read before making an application. Existing Civil Servants should note that some of the Home Office terms and conditions of employment have changed. It is the candidate's responsibility to ensure they are aware of the Terms and Conditions they will adopt should they be successful in application and should refer to the notes for candidates for further details. Transfer Terms: Voluntary. If you are invited to an interview you will be required to bring a range of documentation for the purposes of establishing identity and to aid any pre-employment checks. Please see the attached list of Home Office acceptable ID documents. Any move to the Home Office from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk Reasonable Adjustments If a person with disabilities is at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes. If you need a change to be made so that you can make your application, you should: Contact Government Recruitment Service via HOrecruitment.grscabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs Complete the "Assistance Required" section in the "Additional Requirements" page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you're deaf, a language service professional If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section. Feedback Feedback will only be provided if you attend an interview or assessment. Nationality requirements This job is broadly open to the following groups: UK nationals nationals of Commonwealth countries who have the right to work in the UK nationals of the Republic of Ireland nationals from the EU, EEA or Switzerland with (or eligible for) status under the European Union Settlement Scheme (EUSS) relevant EU, EEA, Swiss or Turkish nationals working in the Civil Service relevant EU, EEA, Swiss or Turkish nationals who have built up the right to work in the Civil Service certain family members of the relevant EU, EEA, Swiss or Turkish nationals Further information on nationality requirements Working for the Civil Service The Civil Service Code sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles . The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.