Job Description
1
Vulnerability Management Lead
Job Description
Name of Client Organisation:
CDDO
Team Name:
Domains Team - Securing Government Services
Client Contract Managers:
Contingent Workforce Programme Office
Contract ID No:
C712
Contract Length:
Until 28/03/2025
Contract Type:
Temporary
Who we are:
The leads the digital, data and technology (DDaT) function for the government. We put the right conditions in place to achieve digital, data and technology transformation at scale by working with departments, and other government functions like commercial, project delivery and security professionals.
CDDO is responsible for:
1. Digital, Data and Technology Strategy and Standards
2. Cross-government DDaT performance and assurance, including
3. DDaT Capability Development, including the
4. Providing guidance to help secure government services
The Domains Team protects public sector domain name spaces such as “”, and ensures that they remain stable, trusted, well managed and resistant to compromise. The team also helps protect the infrastructure tools and services associated with these domains.
You can read more about these missions and our vision for the transformation of government in our .
What you’ll do:
As a Vulnerability Management Lead for the Domains Team you will:
5. Broaden the capability of the Domains Team. Currently the team has expertise around domains-related vulnerabilities. The Vulnerability Management Lead will develop this expertise such that the Team can help stakeholders deal with vulnerabilities found in the infrastructure, tools and services that Public Sector bodies commonly use in the development and delivery of their own digital services.
6. Enable the Domains Operations Team to quickly classify and triage vulnerabilities at scale, according to priority
7. Help Public Sector bodies understand, assess and act on the vulnerability information they receive
8. Help Public Sector bodies plan and prioritise how vulnerabilities are addressed to meet organisational objectives, using a risk-based approach
9. Help Public Sector bodies improve their vulnerability management life cycle
10. Proactively identify and leverage threat intelligence sources to inform strategic vulnerability mitigation measures
11. Help create a knowledgebase of written guidance to help stakeholders manage, prioritise and fix their vulnerabilities
12. Develop and maintain good working relationships with stakeholders across the Public Sector to accelerate the reduction of risk through the fixing of vulnerabilities.
13. Identify improvements to be made, specifically, and generally, identifying common problems and solutions across multiple organisations
14. Work with the Domains Team to design and deliver effective services that meet user needs and are measurable through meaningful KPIs
15. Work closely with the Government Cyber Coordination Centre (GC3), the UKs government’s focal point for cross government collaboration on operational cyber security.
16. Work with the product owner to improve the quality of the data we share with public sector bodies
17. Identify gaps in our monitoring capability - to improve what we can provide organisations
Who you are:
We are interested in people who have:
18. Expert knowledge of the security advantages and vulnerabilities of commodity products and technologies.
19. Good working knowledge of current cyber security threats, risks.
20. Experience in performing risk assessments, including business impact assessment, threat assessments and vulnerability (control gaps) assessments.
21. Experience in developing security advice guidelines and specific mitigation advice, aligning these with business risk in a proportionate way.
22. Extensive experience in specifying and deploying security technical controls and developing design patterns based on solid understanding of security design principles.
23. Good working knowledge of the marketplace of cyber security products and services
24. Good working knowledge of cloud computing architecture and related technologies.
25. Ability to interact with a broad cross-section of personnel to explain and encourage the implementation of security measures
Indicative professional qualifications / accreditations:
26. Relevant industry qualifications and accreditations Certified Cyber Professional (CCP), Certified Information Systems Security Professional (CISSP), ISO27001 Lead Implementer
Civil Service Competencies
In the Civil Service, we use our. This gives us the best possible chance of finding the right person for the job, drives up performance and improves diversity and inclusivity. For this role, the following competencies are the most relevant:
27. Leadership: Show pride and passion for public service. Create and engage others in delivering a shared vision. Value difference, diversity and inclusion, ensuring fairness and opportunity for all.
28. Seeing the Big Picture: Understand how your role fits with and supports organisational objectives. Recognise the wider Civil Service priorities and ensure work is in the national interest.
29. Making Effective Decisions: Use evidence and knowledge to support accurate, expert decisions and advice. Carefully consider alternative options, implications and risks of decisions.
30. Working Together: Form effective partnerships and relationships with people both internally and externally, from a range of diverse backgrounds, sharing information, resources and support.
How your contract will work:
Your Employment Status:
As this is a temporary role you will be classified as a contingent worker or simply ‘worker’.
.
Our Partner Suppliers:
You will be onboarded and paid via one of our partner service suppliers who will act as an intermediary between yourself and us.
Our partner suppliers provide recruitment, onboarding and payroll services.
You will be able to choose from a list of approved umbrella companies provided by the supplier and will select one based on different packages and benefits offered to you.
Your Pay:
Initially the pay rate will be disclosed when you apply for the role or when you are contacted by the GDS Contracting Team and/or our partners about the opportunity.
Your pay rate will also be set out in the offer letter and on the work order should you be offered the role.
You will submit timesheets that will be paid in line with our partners’ payroll terms. Usually this means that you will be paid 30 days from the date of first timesheet approval, but it can be sooner depending on the supplier and umbrella company.
IR35 Status:
Your contract is in scope, which means the off payroll working rules apply.
Unsure about IR35? .
Framework:
As a Government department we will engage you and any suppliers via a Crown Commercial Service approved framework for contracting.
On this occasion we will be engaging you via:
Non Clinical Staff - RM6277
Acceptance:
Your acceptance of the role is confirmed via a signed offer letter and via the contract that will be issued to you by the supplier.
Call-off Incorporated Terms:
The Call-Off Contract, Core Terms and Joint Schedules’for this Framework Contract are available on the Crown Commercial Service (CCS) website.
Full call-off terms and conditions can be found at
Our Notice Period (Client):
0 days
Your Notice Period (Contingent Worker):
0 days
This document has been generated at the Government Digital Service by the GDS Contracting Team. All information, rights, obligations and terms set out in this document fully correspond with the contract issued by © Alexander Mann Solutions Limited for the supply of services via the Public Sector Resourcing framework - RM3749 and/or call-off terms for all suppliers on the Non Clinical Temporary and Fixed Term Staff Framework - RM6160.