Are you a Cyber Security Risk Analyst that has worked in a large-scale organisation?
If yes, we want you to join us at DWP Digital!
These are critical roles coordinating and delivering the Digital Security risk management programme of work, with risk driving security, enabling a clear, practical, and realistic view of Cyber Security Risk information. The role forms a vital First Line capability within the His Majesty's Government Three Lines Defence model.
As a Cyber Security Risk Analyst you will work within the Digital Group to help deliver 1st line analysis of control implementation against Centre of Internet Security (CIS) safeguards and drive risk identification, assessment, remediation, and treatment of risks on any identified control gaps. A solid working knowledge of the 8 Certified Information Systems Security Professional (CISSP) domains is required. Ideally gained from working in technical security / infrastructure roles, along with extensive Risk Analyst experience.
You will identify compensating controls, make recommendations to address security vulnerabilities and control weaknesses in products, projects, and programmes, working with product owners and Subject Matter Experts to enable them to make well informed risk-based decisions.
Please note this role requires you to pass Security Check clearance. For further information, please see 'Selection process details'.
The Cyber Security Risk Analyst role will be focused on the delivery of 1st line security controls analysis validating they provide the correct security outcomes for DWP and undertaking deep risk analysis of any identified control gaps or failings. You will be writing formal risk reports for presentation to Senior Leaders, which must be factually correct, articulate and clear. Ensuring these are framed in a way which reflects all compensatory controls in place and are easily understood by technical delivery teams as well as non-technical senior business leaders so they can make informed management decisions.
The Cyber Security Risk Analyst will work on complex deliveries across a range of technologies, including cutting edge technology as well as complexities of tech debt ensuring appropriate defence in depth and compensatory technical controls are built into designs and tested prior to deployment to ensure vulnerabilities are fully understood to reduce risk exposure.
As a Cyber Security Risk Analyst you will work to ensure the timely recording and updating of risks throughout the lifecycle, delivering timely and quality results with focus and drive.
You will also manage and support DWP Digital’s Cybersecurity risk management lifecycle by working to help deliver 1st line risk identification, assessment, remediation, and treatment of risks.
The Cyber Security Risk Analyst sit within Digital Security Risk Management team (DSRM), which is part of the wider Digital Security function. The scale of the transformational work that DSRM is driving out across DWP is massive and exciting and leading the way across His Majesty's Government.
The role is technical in nature and will draw upon your knowledge and experience to influence design decisions and identify suitable controls and mitigations. Part of the role will involve giving technical Cyber Security advice to business delivery teams.
The roles will not have any direct line management responsibility, but successful candidates will have the autonomy to make empowered decisions and problem solve within the technical services they lead in collaboration with their functional Grade 6 lead.
Cyber Security Risk Analysts are part of our wider Cyber Security Risk Management community, and incorporate risk practices outlined in The Orange Book – Management of Risk – Principles and Concepts
Proud member of the Disability Confident employer scheme
Disability Confident
About Disability Confident
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident .