In this role, you will be responsible for developing and implementing a robust security policy framework for Defra. You will oversee the creation of technical cybersecurity policies and guidance that align with the department’s risk appetite and ensure they are clear and accessible to all staff, supported by effective governance and approval processes.
You will play a key role in fostering a strong security culture across Defra by delivering tailored materials, briefings, and training for diverse audiences, including Ministers, senior staff, and specific employee groups. Your efforts will address thematic risks and promote greater awareness and understanding of security practices.
Your work will include measuring progress on security maturity and awareness through reports to SSB, dashboards for senior leadership, and assessments of the security education program’s success. These metrics will guide improvements in Defra’s security efforts.
By taking on this role, you will help mitigate strategic risks like Insider Risk and Protective Security while driving compliance with government standards such as GovS007. Your contributions will strengthen Defra’s security posture and ensure accountability across the department.
Please note this post requires Security Check (SC) clearance. To gain (SC) clearance all applicants are required to have been a UK resident for a minimum of 5 years. If this requirement is not met, the individual will not be able to progress their application further.
Person Specification
Responsibilities
* Implementing key mission and individual strategic objectives within the Defra group security strategy.
* Driving completion of the annual security and data protection training across Defra and our main Arms Length Bodies from the 80% baseline to 90% target.
* Measuring the strength and effectiveness of security culture across both Core Defra and Arms Length Bodies.
* Conducting phishing exercises and security campaigns across Defra group.
* Maintaining and growing a robust security policy framework that delivers 2nd line of defence against security threats and risks across all security domains.
* Management and delivery of the Security Strategy implementation plan, defining strategic success measures that support the Defra group Security strategy and Mission 4 of the Digital Transformation Strategy.
* Developing a new Security Champions network into an effective pan-Defra group who help to deliver effective security outcomes in their local areas.
Skills and Experience
* Specific experience across all domains of the Security profession in order to lead security policy development, create security awareness campaigns and analyse and present security metrics for Board reporting.
* Technical understanding of security policy frameworks and experience of delivering baselined security policies in large and complex organisations.
* A solid technical background in Government Security or equivalent, possessing or working towards membership of the Security Institute, SANS Strategic Planning, Policy & Leadership & SANS Security Awareness Professional.
* Experience creating frameworks for data driven metrics to support Board level reporting and security strategies and improvement programmes.
* Experience of leading the drafting, development and consultation on security policies in all security domains.
* Experience communicating complex security related messages and/or measurement and presenting updates and recommendations in a clear and comprehensive manner to a senior audience, using behaviour insight techniques.
* Understanding and adapting to the security implications of transformation - Can interpret and apply understanding of policy and process, business architecture, and legal and political implications to assist the development of technical solutions or controls and application of artificial intelligence solutions.
Job Types: Full-time, Permanent
Pay: £54,470.00-£67,090.00 per year
Benefits
* Additional leave
* Canteen
* Casual dress
* Cycle to work scheme
* Employee discount
* Flexitime
* Health & wellbeing programme
* Sick pay
* Work from home
Schedule
* Monday to Friday
Work Location: Hybrid remote in Reading RG1 1AF
Reference ID: 384070
#J-18808-Ljbffr