DBS DIT provides digital capability that supports corporate services across the Ministry of Defence, including Finance, Commercial, Payroll and Human Resources for Military Personnel, Civilian Personnel and Veterans.
Cyber Security Assessors are responsible for independent assessment of Delivery Teams’ adherence to Secure by Design and relevant risk and security policies and standards. They coordinate between Delivery Teams dealing with similar security challenges to optimise solutions and minimise duplication of effort. They are responsible for consistent, coherent advice and support to relevant capabilities. They identify, understand and mitigate cyber-related risks. They provide risk or service owners with advice to help them make well informed risk-based decisions.
As Cyber security Assessor within the DBS Cyber Team you will manage all day to day IT Security and System Information Assurance, and, applying Secure by Design, ensure that security is embedded in all stages of the application development life cycle, and that there is continuous monitoring through use. You will also advise on and test the efficacy of measures to build security into continuous integration and deployment with specific responsibilities for the day to day IT security for multiple Military and Civilian HR systems and Finance systems.
The role will require you to demonstrate a talent for solving complex problems and for effective communication at all levels. You will be able to advise on complex risk balance decisions, propose innovative solutions and to explain MOD’s security policy, governance and technology controls to non-IT/security experts. Senior Responsible Owners and Project Leads will rely on your expertise to ensure they have an accurate understanding of through-life cyber security risks, so they can make informed decisions. Projects may involve complex technical and security challenges and you will need a good understanding of technical controls and policy (JSP 440; JSP 604/453)
The Key Responsibilities are:
• Lead the embedment of Secure by Design (SbD) principles into application development by providing advice and internal consultancy on highly complex criteria and contexts for multiple systems.
• Manage system accreditation transition to SbD
• Lead multi-team assessment of application resilience throughout the DBS IT estate, reviewing regular application security reports, holding accountability and responsibility for secure design implementation;
• supporting delivery of main gate assurance of all projects and changes; ensuring compliance with Information Assurance Policy and Security Principles
• Lead and assure processes, and provide specialist advice though leadership on tooling and dynamic and static analysis in the product development life cycle.
• Lead Delivery Team Security Leads (previously Security Assurance Co-ordinator (SACs)) alongside senior decision makers to embed secure development life cycle and security awareness.
As a Principal Cyber Security Risk Manager, you will:
• Conduct cyber security risk assessments
• Implement continuous risk management; Lead and undertake risk management activities against the hardest or more novel scenarios, while applying the fundamental principles of risk management to a range of complex scenarios and lead regulatory or legislative compliance activities.
• Guide and direct specialist activities or others, actively promoting development in the applicable skills, providing leadership and sharing best practice widely across government, the public sector, and industry.
• Lead the analysis and derivation of complex security needs.
• Lead Cyber Security related risk assessments and other expert risk management activities, including providing guidance on establishing the organisation’s Cyber Security related governance arrangements.
• Provide guidance to ensure on-going confidence that fundamental organisational security needs have been met, including integrating a range of assurance approaches and techniques to give continued confidence to the risk, service or system owner.
• Shape leadership decision-making through
o Effective reporting and communication regarding the effectiveness of security processes across an organisation
o Providing recommendations to highly complex problems
o Acting as an SME for complex cyber risk management concerns, issues and problems
Proud member of the Disability Confident employer scheme
Disability Confident
About Disability Confident
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident .