UK Research and Innovation Salary: £56,745 to £72,509 per annum dependent on skills and experience (this may include allowances) Hours: Full time Contract Type: Open ended Location: Polaris House, Swindon or Keyworth, Nottingham (Hybrid working available) Closing Date Sunday 12th January 2025 About us The UKRI CIO Group plays a pivotal role in managing and optimising the organisations critical enterprise technical services that underpin and enable UKRI's business capabilities. Within the group a team of Information Security Professionals support the delivery of modern, secure, resilient and scalable services across a larger federated team of Digital, Data and Technology professionals to deliver impact across the organisation and the wider UK research and innovation system. Purpose This post provides a rare opportunity for an experienced information security professional to step into a lead planning and operations role in an organisation at the heart of research and innovation in the UK. Working as part of a team of technical specialists, and reporting directly to the deputy he ad of information security, your broad remit is to provide the Organisation with security advice and best practice whilst develop ing 'Secure by Design' protections for organisational assets across our cloud environment and embed a culture that considers security and everybody 's responsibility Main outputs and activities Supporting the development of business-focused security solutions for digital products Ensure compliance with industry standards and regulatory requirements. Ensure that security policies and controls remain appropriate and proportionate to the assessed risks, are responsive and adaptable to the changing threat environment and business requirements Oversee daily operations of cloud security infrastructure. Monitor cloud environments for unusual activities and potential threats. Lead incident response efforts in the event of a security breach. Identify and mitigate security risks associated with cloud environments. Perform regular risk assessments and implement corrective actions. Provide guidance and training to employees on cloud security best practices. Work closely with other IT teams to integrate security measures into all cloud-based solutions. Shortlisting criteria (S) - Assessed at shortlisting (I) - Assessed at interview (S&I) - Assessed at both shortlisting and interview Applicants will be able to demonstrate skills in line with the Cyber Security Risk Manager role using the Government Security Profession career framework. Essential: Proven ability to work effectively with cross-functional teams, including developers, operations and business units, to integrate security into all aspects of the organisation (S) Expert knowledge of cloud application, infrastructure and networking security controls, particularly in relation to data management (I) Experienced in providing detailed security advice and technical security solutions (I) Good knowledge of cyber security and information assurance standards, e.g. ISO 27001, DPA and experience (S) Proven track record of leading security initiatives and projects, demonstrating the ability to manage resources and drive security initiatives (S&I) Experience in handling security incidents, including detection, response, and recovery (S&I) Experience in ensuring compliance with industry standards and regulations and developing policies to maintain compliance (S) Able to shape leadership decision-making through: Reporting and communication regarding the effectiveness of security processes across an organisation (S) Providing recommendations to highly complex problems (I) Act as an SME for complex cyber risk management concerns, issues and problems (I) Desirable: (optional) Experience in managing or participating in cloud migration projects, ensuring security is maintained throughout the transition (S) Conducting comprehensive security audits and assessments to evaluate the effectiveness of security measures and identify areas for improvement (I) Experience in managing relationships with cloud service providers and security vendors to ensure they meet the organisation's security requirements (S) Ability to conduct training sessions and presentations to educate employees and stakeholders about cloud security best practices (I) Experience in a public sector organisation. (S) Qualifications A professional certification (e.g., CISM, CISSP, CCSP or AWS certification) (S) Degree in a related subject or relevant comparable education. (S) Security As a minimum, due to the nature of this role, candidates must be eligible for clearance in line with UK National vetting guidelines and willing to undertake the process. The level of clearance required is security check Behaviours We'll assess you against these behaviours during the selection process at Grade 7: Seeing the Big Picture Changing and improving Making effective decisions Delivering at Pace Communication and Influencing About UK Research and Innovation (UKRI) UKRI launched in April 2018, UKRI is a non-departmental public body sponsored by the Department for Science, Innovation and Technology (DSIT). Our organisation brings together the seven disciplinary research councils, Research England, which is responsible for supporting research and knowledge exchange at higher education institutions in England, and the UK's innovation agency, Innovate UK. Together we build an independent organisation with a strong voice and vision to ensure the UK maintains its world-leading position in research and innovation. More information can be found at www.ukri.org. Choosing to come to work at UKRI means that you will have access to a whole host of benefits from a defined benefit pension scheme, excellent holiday entitlement, access to employee shopping/travel discounts and salary sacrifice cycle to work scheme. For more details, visit Benefits of working for UK Research and Innovation (UKRI). The role holder will be required to have the appropriate level of security screening/vetting required for the role. UKRI reserves the right to run or re-run security clearance as required during the course of employment. How we support EDI in the workforce At UKRI, we believe that everyone has a right to be treated with dignity and respect, and to be provided with equal opportunities to thrive and succeed in an environment that enables them to do so. We also value diversity of thought and experience within inclusive groups, organisations and the wider community. For further information, please visit ' How we support EDI in the workforce '. Disability Confident Employer As users of the disability confident scheme, we guarantee to interview all disabled applicants who meet the minimum criteria for the vacancy/ies. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. How to apply Online applications only preferred for this role. Please submit a CV and covering letter which clearly outlines how you fulfil the criteria specified along with your motivation for UKRI and the role. Ensure that the job reference number is included in the filename description of each document uploaded. Note that failure to address the above criteria or submit an application without a covering letter may result in the application not being considered. Assessment will only be based upon the content of your submitted covering letter and CV and not the 'experience' section of the application. UKRI seeks to ensure it creates and maintains a system of openness, fairness and inclusion - a collaborative, trusted environment, which is attractive to and accessible to everyone who is interested in developing their career with us. Additional Information Organisation: UKRI - Digital Data and Technology Contract Type: Open Ended External Closing Date: Jan 12, 2025 Minimum Salary: Pound Sterling (GBP) 54,043 Hours: Full-time