The Cyber Security Risk Analyst role will be focused on the delivery of 1st line security controls analysis validating they provide the correct security outcomes for DWP and undertaking deep risk analysis of any identified control gaps or failings. You will be writing formal risk reports for presentation to Senior Leaders, which must be factually correct, articulate and clear. Ensuring these are framed in a way which reflects all compensatory controls in place and are easily understood by technical delivery teams as well as non-technical senior business leaders so they can make informed management decisions. The Cyber Security Risk Analyst will work on complex deliveries across a range of technologies, including cutting edge technology as well as complexities of tech debt ensuring appropriate defence in depth and compensatory technical controls are built into designs and tested prior to deployment to ensure vulnerabilities are fully understood to reduce risk exposure. As a Cyber Security Risk Analyst you will work to ensure the timely recording and updating of risks throughout the lifecycle, delivering timely and quality results with focus and drive. You will also manage and support DWP Digitals Cybersecurity risk management lifecycle by working to help deliver 1st line risk identification, assessment, remediation, and treatment of risks. The Cyber Security Risk Analyst sit within Digital Security Risk Management team (DSRM), which is part of the wider Digital Security function. The scale of the transformational work that DSRM is driving out across DWP is massive and exciting and leading the way across His Majesty's Government. The role is technical in nature and will draw upon your knowledge and experience to influence design decisions and identify suitable controls and mitigations. Part of the role will involve giving technical Cyber Security advice to business delivery teams. The roles will not have any direct line management responsibility, but successful candidates will have the autonomy to make empowered decisions and problem solve within the technical services they lead in collaboration with their functional Grade 6 lead. Cyber Security Risk Analysts are part of our wider Cyber Security Risk Management community, and incorporate risk practices outlined in The Orange Book Management of Risk Principles and Concepts Person specification When giving details in your employment history and personal statement you should highlight your experience in line with essential criteria below: Significant experience of technical security controls analysis across various platforms such as networks, cloud, legacy, web-based applications. Working knowledge of current technical controls in the 8 CISSP security domains. Experience of scoping and planning security testing through interpretation of architecture diagrams. Experience of using evidence and knowledge to support accurate, expert advice, decisions and recommendations. Considering alternative options, implications, and risks of decisions. Enabling the prioritisation and delivery of solutions with appropriate security controls to mitigate cyber security risks through a structured risk management process. Evidence that you can make proportionate, risk-informed decisions about current and future security investments can be taken to protect a large-based business organisations assets and improve their security risk posture. Evidence of working with product owners and Subject Matter Experts to enable them to make well informed risk-based decisions whilst leading and influencing the management of tactical and strategic risks. Proficient at writing and presenting articulate formal risk reports to senior management and able to work on work items concurrently. Threat Understanding - Uses lessons learned to maintain an understanding of the organisations attack surface, and uses local and strategic threat information in decision-making and planning. Significant evidence of researching and evaluating business processes in alignment to known/emerging Security risks and controls to ensure expert advice is provided. If you would like to learn more about the role, please contact richard.hanleydwp.gov.uk. Technical skills We'll assess you against these technical skills during the selection process: Information Risk Assessment and Management Applied Security Capability Protective Security Threat Understanding Benefits Alongside your salary of 55,557, Department for Work and Pensions contributes 16,094 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides. We also have a broad benefits package built around your work-life balance which includes: Working patterns to support work/life balance such as job sharing, term-time working, flexi-time and compressed hours. Generous annual leave at least 25 days on entry, increasing up to 30 days over time (prorata for part time employees), plus 9 days public and privilege leave. Support for financial wellbeing, including interest-free season ticket loans for travel, a cycle to work scheme and an employee discount scheme. Health and wellbeing support including our Employee Assistance Programme for specialist advice and counselling and the opportunity to join HASSRA a first-class programme of competitions, activities and benefits for its members (subscription payable monthly). Family friendly policies including enhanced maternity and shared parental leave pay after 1 years continuous service. Funded learning and development to support progress in your role and career. This includes industry recognised qualifications and accreditations, coaching, mentoring and talent development programmes. An inclusive and diverse environment with opportunities to join professional and interpersonal networks including Womens Network, National Race Network, National Disability Network (THRIVE) and many more. This job role may be suitable for hybrid working, which is where an employee works part of the week in their DWP office and part of the week from home. This is a voluntary, non-contractual arrangement and your office will be your contractual place of work. The number of days that anyone will be able to work at home will be determined primarily by business need but personal circumstances and other relevant circumstances will also be taken into account. If you are successful, any opportunities for hybrid working, including whether a hybrid working arrangement is suitable for you, will be discussed with you prior to you taking up your post. Salary Information Pay for this role is from 55,557 to 73,517. The maximum salary for the grade is 66,058, however a Digital Allowance of up to 7,459 per annum is available for exceptional candidates. Digital Allowance is non-salary, and non-pensionable, and is classed as a temporary allowance. It is reviewed annually where it could be retained, amended, or removed. Our offer to successful candidates will be based on an assessment of your skills and experience as demonstrated at interview. Existing Civil Servants who secure a new role on lateral transfer should maintain their current salary. Existing Civil Servants who gain promotion may move to the bottom of the grade pay scale or 10% increase in salary whichever would be the greater. Things you need to know Selection process details This vacancy is using Success Profiles (opens in a new window), and will assess your Experience and Technical skills. Stage 1: Application Your application will consist of three parts: 1. A Personal Details application form. 2. Employment history - this should contain your work experience and any skills, qualifications and accomplishments relevant to the jobs you have completed based on the essential criteria. 3. Personal statement - up to 1000 words. This statement should be used to provide examples of how you meet the essential criteria listed in the Person specification. Further details around what this will entail are listed on the application form. The sift panel will use the information in your employment history and personal statement to assess your experience, skills and knowledge against the essential criteria. You will be provided with one combined overall assessment score for both your CV and Personal Statement. For Hints and Tips on completing your application visit Applying for jobs at DWP Digital. Applications will be sifted at regular intervals from the date the posts are advertised. Please apply as soon as you can, do not wait until the end of the campaign. Important Information You will be asked to complete your employment history any information that you would customarily share on a CV should therefore be entered onto the application form. Personal details that could be used to identify you including your name, contact details and address must be removed for your application to be considered. If your employment history/personal statement contains any personal details your application will be withdrawn. Stage 2: Interview Your interview will either be conducted face to face or by video. You will be notified of the location if you are selected for interview. There, you will be assessed against the experiences listed in the Technical Skills. You will be asked to do a 10-minute presentation on the specified topic below: Explain the benefits and challenges of different risk identification methodologies (controls-based vs risk-based) within a large, interconnected organisation. The use of visual aids such as PowerPoint is optional. There will also be a further 5 minutes for questions. Further details will be provided to candidates invited to interview. Interviews will take place from early March 2025. Interview dates to be confirmed. Offers of employment: Following the interview stage, should you not reach the required standard for the advertised Grade 7 role, we may be able to offer you a role which would be a grade below the advertised post under our Near Miss process. Any candidates falling into this category will be contacted once the interview results have been released. Security Clearance Requirement You must meet the security requirements before you can be appointed. The level of security needed is security check. For meaningful checks to be carried out, you will need to have lived in the UK for a sufficient period of time, to enable appropriate checks to be carried out and produce a result which provides the required level of assurance. Whilst a lack of UK residency in itself is not necessarily a bar to a security clearance, and expectation of UK residency may range from 3 to 5 years. Failure to meet the residency requirements needed for the role may result in the withdrawal of provisional jobs offers. For further information on National Security Vetting please visit the following page https://www.gov.uk/government/publications/demystifying-vetting Further Information: Find out more about Working for DWP A reserve list may be held for a period of 6months from which further appointments can be made. All successful candidates and those placed on reserve will be posted in merit list order by location. The Civil Service values honesty and integrity and expects all candidates to abide by these principles. Please ensure that all examples provided in your application are taken directly from your own experience and that you describe the examples in your own words. Applications will be screened and if evidence of plagiarism or copying examples/answers from other sources is found, your application will be withdrawn. Internal DWP candidates may also face disciplinary action. Reasonable Adjustment At DWP we value diversity and inclusion and actively encourage and welcome applications from everyone, including those that are underrepresented in our workforce. We consider visible and non-visible disabilities, neurodiversity or learning differences, chronic medical conditions, or mental ill health. Examples include dyslexia, epilepsy, autism, chronic fatigue, or schizophrenia. If you need a change to be made so that you can make your application, you should: Contact Government Recruitment Service via DigitalRecruitment.grscabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs. Complete the Reasonable Adjustments section in the Additional requirements page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if youre deaf, a Language Service Professional. For further information on reasonable adjustments, terms and conditions and how we recruit visit the How We Recruit page. Feedback will only be provided if you attend an interview or assessment. Security Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window). See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks. Nationality requirements This job is broadly open to the following groups: UK nationals nationals of the Republic of Ireland nationals of Commonwealth countries who have the right to work in the UK nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window) nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS) individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020 Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service Further information on nationality requirements (opens in a new window) Working for the Civil Service The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy. Diversity and Inclusion The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window) .