Website UK Ministry of Defence
About the job
Are you ready to work in one of the most interesting cyber security environments and share your experience to support national security?
Are you looking to start a career in the exciting world of cyber security or further develop the skills you already have in this field then we have some fantastic opportunities to learn and develop your professional career.
Cyber security plays an integral role in protecting the UK against external and internal threats, acting as a deterrence to ensure that our Armed Forces have the strong cyber defences they need.
This role supports the head of the Cyber Assessment and Advisory Service (CySAAS) which provides assurance, support and advice to teams across defence. It consists of sub teams which assess specialist ICT, communication, and weapons systems.
The team is within the Cyber Defence and Risk (CyDR) organisation which sits at the forefront of Cyber Security and Information Technology within Defence and is responsible for enabling Defence through the provision of specialist assurance and cyber security services across UK Defence including industry partners, other Government Departments and our international allies. Services provided by CyDR include:
- Advice and guidance on cyber security policy
- National and MOD defensive cyber strategy development
- Managing and driving mitigation of Departmental cyber risk
- Security assurance and accreditation support and advice
- Security incident reporting
CyDR sits within the Defence Digital team who provide digital and technology services to our Armed Forces. Defence Digital operates at scale, with an annual budget in excess of £2Bn and a diverse team of 2,500 colleagues, it aims to make our Armed Forces some of the most technologically advanced in the world.
With a fantastic growing team of military and civilian staff operating across the UK it is a great time to be a cyber security professional in the Ministry of Defence.
If you can see yourself contributing to the world of CySAAS the next chapter of your career may be with us!
As a Cyber Security Risk Manager Associate, you will identify, understand and mitigate cyber-related risks. You’ll provide risk or service owners with advice, to help them make well informed risk-based decisions.
Working within established security and risk management governance structures, you will support, review and undertake risk management activities such as, helping with the analysis and derivation of business-supporting security needs and undertaking Cyber Security related risk assessments, basic threat assessments and other risk management activities.
You’ll need to build an understanding of the applicability of appropriate legislation and regulations and provide advice, to address identified Cyber Security related risks, by applying a variety of security capabilities, which may include using published guidance, standards or experts as appropriate.
You will be able to provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different assurance activities (such as a pen test) making recommendations for improvement and help risk or service owners to make well-informed decisions.
To track and monitor all MOD in-service systems registered on the Defence Assurance Risk Tool (DART). Obtaining information from the DART team and providing a monthly update on in-service systems status, bringing to the attention of the HEO any known or expected events that may affect the status. Developing and maintaining a tracker for all consultancy work coming into the In-service systems team and providing regular reports on their position and progress.
Liaising with key stakeholders. Participating in Deep Dives, Red Teaming etc.
We are committed to providing learning and development opportunities, tailored to your role and beyond, helping you continue your professional development. You can also expect great benefits, including flexible working and a generous Civil Service pension.
What you’ll be doing:
- Oversight of all in-service systems recorded on the CyDR provided security support tool.
- Obtaining relevant in-service systems data from the CyDR provided security support tool and developing and producing regular reports on their status.
- Reporting any known or expected events affecting the status of in-service systems, including assurance review points, and keeping the In-service Team informed.
- Proposing to the in-service team appropriate action to events.
- Liaising with Assessors as appropriate.
- Developing and maintaining record all consultancy tasks in the in-service team.
- Regularly reporting on the progress of consultancy tasks in the in-service team.
- Develop and maintain a log to capture common Cyber Security issues and themes identified through in-service assessments.
- Arranging meetings and organising events as required by the in-service team in response to issues/events e.g. Tiger Teaming, Deep Dives.
- Building constructive relationships with Assessors and other members of the CySAAS organisation.
- Liaising with appropriate subject matter experts (SME) across Defence including the National Technical Authority (NTA), Cryptographic Service for Defence, Defence Cyber Operations and, where appropriate other Government Departments and Security Agencies.
- Maintain currency in all mandatory training and keep personal MyHR and training records up to date.
If you have the following knowledge, skills and experience or a desire to develop a career in information risk management, we would love to hear from you!
- Experience or a desire to learn about risk auditing and reviews, ideally in a Cyber Security or similar environment
- Experience, knowledge or qualifications in information risk management and information security or similar environments
- Excellent decision-making, relationship-building and all-round communication skills
- Strong problem-solving and analytical abilities, with the ability to quickly assess large quantities of information, making credible and evidence-based recommendations at pace.
- The ability to work autonomously as well as part of a team and form effective partnerships, across different organisations, gaining buy-in and inspiring change.
- Be a self-starter, able to lead and drive a process, with excellent time management and prioritisation skills.
Beneficial industry qualifications or willingness to undertake the following or similar
- Certified Cyber Professional (CCP)
- Certificate in Information Security Management Principles (CISMP)
- ISO27001 Lead Implementer
A few more details:
This job role may be suitable for hybrid working, which is an informal, non-contractual and voluntary arrangement, blending a balance of attendance in the workplace (the permanent duty station, which is based on business assessment of where the work is best done) and working from home as a personal choice (if the role is suitable for this). If you are successful, any opportunities for hybrid working will be discussed with you prior to you taking up your post.
This position is open to Sole UK Nationals only.
Why we’re great to be part of!:
- Learning and development tailored to your role
- An environment with flexible working options
- A culture encouraging inclusion and diversity
- A Civil Service pension with an average employer contribution of 27%
- Family Friendly – Maternity, Paternity and Adoption Leave.
- A wide range of discounts – Defence Discount Service, Civil Service societies for Sports and Leisure, Healthcare, Insurance, Motoring, company discounts with Virgin, Vodafone, and Microsoft Office.
- 5 days per year Learning & Development
- In year rewards and ‘thank you’ schemes.
- Flexible working.
- Generous leave allocations.
- Please see Benefits Leaflet for more detail
Equality and Diversity
Our people are at the heart of everything we do at Defence Digital. It’s vital that our workforce reflects the diversity of both our audience and the wider society in the UK, so we’re proud to be an equal opportunities employer and we actively seek candidates from diverse backgrounds and communities. We also recognise the importance of a good work life balance, so we do everything we can to accommodate flexible working, including part-time and job shares for all our roles. Please let us know in your application or at any stage throughout the process if this is something you want to explore.
For full details about this role, please click ‘Apply’.