The Government Security Function (GSF) oversees the delivery of protective security across Government. Our Mission is to enable Government to protect citizens and provide vital public services by understanding and managing security risks. We set the strategy and standards for Government Security, monitor departmental security performance, manage pan-government security incidents, support the delivery of key security capabilities and lead the Government Security Profession.
The Government Security Group (GSG) is the centre of the Security Function, based within the Cabinet Office. This role offers an exciting opportunity to work in a fast-paced, dynamic team, with a breadth of stakeholders including in other Government departments, the National Technical Authorities and the Agencies, and to contribute to delivering improved security across Government.
The Cyber Directorate was formed in September 2022 following an independent review of GSG capability and priorities. A new Cyber Director post was created within GSG and existing teams leading three deputy directors, each leading the following teams: Cyber Operations and Assurance, Cyber Transformation, and Cyber Policy and Solutions. We are responsible for delivering the first Government Cyber Security Strategy.
GSG’s culture embraces a diverse workforce: we come from all walks of life. GSG values the fact that our different backgrounds, cultures, genders, experiences and ways of working ultimately bring us together as a more effective team. We strive for a collegiate and inclusive working culture that means our voice at every level is heard. Each one of us has a part to play in helping the Government to keep the UK secure.
GSG also wants to do better at recognising that we have responsibilities outside of work – so that we not only work hard, but we work smart – whether that’s full time, part-time or job sharing, we work flexibly. We promote hybrid working with a combination of time spent in the office and at home, where appropriate. This role, as a job sharer, is a great example of that flexibility and we welcome returners to the workplace.
GSG is committed to being an equal opportunities employer. We value and welcome diversity. We will not tolerate harassment or other unfair discrimination on grounds of sex, marital status, race, colour, nationality, ethnic origin, disability, age, religion or sexual orientation. We promote and support the diversity of our workforce, promote learning and development, and celebrate our successes.
Role Description:
This post leads our work in evaluating and improving cyber security across government.and is responsible for the Assurance, Engagement and Red teams. To date we have completed two years of GovAssure, our flagship scheme for cyber assurance across government. You will be responsible for evaluating the results from GovAssure, and identifying and implementing improvements to the scheme for the next year. As part of our plan to transition to continuous assurance, you will be responsible for evaluating control library solutions, working with departments to understand their experience and building an enduring solution to embed assurance into day to day business.
The post works closely with stakeholders in NCSC, DSIT, and the Cyber GSEC as well as stakeholders across the government security community, and is responsible for directing relationship management through the Cyber Engagement Team, who work with portfolios of government departments to understand security challenges and manage consultation including departmental journeys through GovAssure. As part of holistic assurance, the post also manages the GSG Red Team, who coordinate a programme of adversary simulation testing. You will be responsible for overseeing the Red Team’s programme of activity and integrating assurance techniques into departmental practice, building a community and mainstreaming testing in government.
The three teams also work with the Operations function to support understanding of broader government vulnerabilities and incidents and provide surge capacity for crisis management.
We have a strong focus on building an inclusive environment where every member of the team feels valued and able to share their experiences and skills, and welcome applications from candidates who share this ethos. You will gain a unique insight into the cyber security challenges facing Government and its partners, and will work with National Technical Authorities, the national security community and industry to tackle these challenges.
The post holder will need a strong understanding of cyber security, in particular assurance frameworks and real world experience of cyber defence in a government context. Relationship management with multiple stakeholders will be critical and you will be responsible for a team of 15. You will form a strong partnership with the other half of the job share, on a roughly 0.6/0.6 split (logistics can be discussed). Please do get in touch with the post holder to discuss how this might work.
Our cyber posts attract a skills based DDAT pay lead. This post is subject to a DDAT skills assessed non pensionable pay lead. In certain circumstances exceptional candidates may be eligible for a higher starting salary.
Responsibilities will include:
* Directing the GovAssure programme, including working with departments to understand the scoping and challenges of the scheme, and directing service delivery in support through partners.
* Reporting on progress of delivery and development through stakeholder engagement and programme reporting through the Programme Management Office.
* Evaluating continuous improvement of GovAssure and working on new ways to embed continuous assurance.
* Directing analysis of GovAssure results to understand the challenges of government and prioritising the security development needs of departments, working with the Programme Management Office to build metrics for evaluating progress against the Government Cyber Security Strategy.
* Communicating the progress and results to government fora, working with departments to understand and build on the results, and presenting on the scheme more widely including to international partners and industry.
* Prioritising engagement activity across government, building relationships and tooling with other security organisations to deconflict engagement activity and better assist departments, and improving collective data exploitation; building reciprocal processes with the Engagement and Operations teams including exercising.
* Coordinating a prioritised programme of Red Team activity and developing stakeholder relationships to fully realise the benefits, including closer alignment with broader assurance practices.
* Growing and supporting a dynamic, inclusive and dedicated team, building technical skills and providing opportunities to excel and develop.
Proud member of the Disability Confident employer scheme
Disability Confident
About Disability Confident
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident .