Job summary
Here at the Ministry of Housing, Communities and Local Government. (MHCLG), .�
Whether it's through the homes we live in, the work of our local councils, or the communities we�re all part of, our work is at the top of the political agenda. We have ambitious and far-reaching outcomes to achieve this year and, if you�re thinking of joining us, there�s never been a more exciting time.�
We have over 3,500 staff who are based in 20 offices across the UK.�
As a cyber assurance risk advisor for MHCLG you�ll sit within the heart of our internal cyber security team, part of the technology function within the digital directorate, who are responsible for cyber security, core IT digital tools, networks, SAP and IT infrastructure/hosting. You will be part of a team that is growing to meet the needs of the Department as it further embraces cloud technologies and products. Cyber is responsible for the overall cyber security of the Department�s services, applications and suppliers so has a broad remit and a mission to keep us safe from a variety of threats plus help others build and deliver services securely.�
�
We aim to provide high quality digital services using a mix of internal and external teams to deliver evergreen cloud services. Delivering this responsibility comes with a high demand for adoption of new technologies, systems and applications that require security review and scrutiny to ensure the department operates in a safe and secure environment. ��
The primary responsibility of this cyber role is to review third party suppliers and products, such as SAAS applications, however, will also include occasional involvement in the review of IT systems, services and applications developed or purchased by the department, identifying any security issues, design flaws and making security recommendations in line with industry security best practices and the HMG Security Policy Framework. Supported by our technical teams, architects and engineers you will provide high quality cyber security advice and guidance across all matters relating to proposed digital services, applications and suppliers.
Job description
We particularly welcome candidates from an ethnic minority background and other underrepresented groups to apply, as we work to continually improve our ability to represent the places and communities we support through our work.�
including our culture, ways of working, career progression and staff benefits. You can also to learn about the work we're doing.�
As a Cyber Assurance Risk Advisor, you�ll:
1. analyse security requirements, taking account of both internal and external guidance, policy and regulations
2. assist with developing /promoting information security policies to achieve security outcomes within a defined scope and in line with cross-government policies and the new GovAssure service
3. assist with designing and implementing security awareness campaigns
4. be part of the assurance process, identifying security threats, vulnerabilities and hazards to the department�s suppliers, systems, services, or processes to inform risk assessments and design of security features
5. use your increasing knowledge and expertise in assurance to make decisions on the levels of risk the Department is being exposed to and recommendations of how to remediate these within particular systems, suppliers, applications or services
6. support and conduct cyber security risk assessments, cyber security audits and cyber security incident management
7. support cyber security operations processes in accordance with organisational policies and standards and business requirements
8. assist in managing contracts, suppliers or services related to cyber security
9. work with other teams to help them create services that are secure by design
10. promote good cyber security practices across the Department and support product teams to ensure their services continue to be secure as they are run and updated to meet new business requirements
Person specification
We will use the essential criteria below to evaluate you during the recruitment process. Make sure your CV and cover letter details how you meet the criteria.
As a Cyber Assurance Risk Advisor you'll have:
11. at least two years experience in information security, information assurance, or a related role
12. hold recognised and relevant qualifications. This may include qualifications such as CISMP or ISO27001 Internal Auditor, however this is for a guide only.�
13. an understanding of information security principles, concepts, and best practices
14. knowledge of relevant laws, regulations, and industry standards, such as GDPR, NIST, ISO 27001, NCSC Cyber Assessment Framework etc.�
15. knowledge of risk assessment methodologies and tools in cyber security
16. familiarity with security principles and technologies for cloud hosted services such as AWS, Azure and SaaS�
17. excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to non-technical stakeholders
It would be great if you�re also keen in developing your cyber security and technical design skills further. �We actively support your learning and development in achieving additional qualifications that enhance your skillset.�
Behaviours
We'll assess you against these behaviours during the selection process:
18. Making Effective Decisions
19. Communicating and Influencing
20. Delivering at Pace
Benefits
Alongside your salary of �42,466, Ministry of Housing, Communities and Local Government contributes �12,302 towards you being a member of the Civil Service Defined Benefit Pension scheme.
21. Learning and development tailored to your role
22. An environment with flexible working options
23. A culture encouraging inclusion and diversity
24. A with an average employer contribution of 27%