The DBS Cyber Security Co-Ordinator Risk Manager Principal is a pivotal role in DBS in ensuring that our systems are resilient, secure and that any cyber security risks are effectively managed. You will anticipate challenges, drive performance and build the capability required to ensure the security of new and existing services.
You’ll identify and evaluate cyber security risks to information, systems and processes owned by the DBS Security Risk Owners advising on the balance between business needs and security requirements, taking account of affordability.
Leading on the implementation of Secure by Design, you will ensure that security is embedded in all stages of the application development, from pre-concept phase through to continuous cyber security risk monitoring throughout the system life cycle.
You will have proven leadership and management experience, as well as experience of leading cross functional teams and managing relationships with stakeholders.
Working in a small team of Secure by Design cyber security professionals you will have the following responsibilities:
Role Specific Accountabilities
Ensuring Secure by Design (SbD) principles are embedded across all application developments
Management of the Cyber Security Applications Dashboard; Critical Systems list; Cyber Security Risk Register and Cyber Security audit action plans
Ensuring policy and process documents for SbD are fit for purpose and remain relevant
Leading on Cyber Security resilience
Line management of three or more direct reports within the team.
Role Specific Responsibilities
Secure by Design (SbD):
Ensure that Cyber Security controls remain appropriate and proportionate to the assessed risks, by embedding Secure by Design, ensuring our capabilities are protected from the outset. Be responsive and adaptable to the changing threat environment, business requirements and Defence and central government policies, designed to be resilient against cyber-attacks.
Co-ordinate SbD requests: Management of workloads for SbD Assessors and Delivery Team Security Leads (DTSL). Triaging all requests for new system capability and assigning to the Security Assessors/DTSLs, managing resource and planning workloads ensuring the embedment of ‘secure by design’ principles into application development by providing specialist internal consultancy and integrating security tools, standards, and processes into product life cycles
Provide update reports at Weekly Cyber Security Meetings, manage the Cyber Security Applications Dashboard and submit reports/dashboards to DIT’s Delivery Board and the Security Management Committee
Track and manage the SbD transition plan for legacy accredited systems over to SbD
Support adherence to JSP 453 Policy and Standards
Carry out SbD assessments of capabilities as required to support the wider team; conduct 2LA of SbD assessments as required.
Lead the embedment of ‘secure by design’ principles into application development by providing advice and internal consultancy on highly complex criteria and contexts
Lead and assure processes, provide advice and guidance as required by Business areas
Ensure all relevant polices and processes are provided in order to evidence compliance with JSP 440, NIST and CAF frameworks and SbD principles etc.
Participation at Security Working Group, Assurance Delivery Meetings and the Security Management Meeting, providing relevant updates as required
Resilience
Lead multi-team assessment of application resilience throughout the IT estate, reviewing regular application security reports, and prioritising based on risk appetite and business requirements
Represent DBS at the Cyber and Resilience Oversight Board (CROB) as required and the Critical Systems Forums, producing reports and associated documentation to demonstrate assessments of application resilience as required
Ensure NCSC CAF Assessments are held and reviewed annually.
Cyber Security Audit Co-Ordination
Provide details of management actions to address cyber security and cyber risk audit actions. Assign, track and provide updates on actions.
Lead on Cyber Security assessments/audits, engaging with Integrated Assurance Leads and other business Leads as required.
Working with wider IA Professional Leads ensure DBS attains a high percentage of the Indicators of Good Practice in the NCSC Cyber Assessment Framework and develop Improvement Plans where there are gaps.
Cyber Security Risk Management Co-Ordination
Ensure that the DBS risk management approach provides good governance, achieves compliance and ensures that risk mitigation plans and funding are in place to continue driving cyber security forward.
Maintain a clear view of critical and high-risk DBS systems and ensure that systems not centrally managed by Defence Digital have the security controls required by policy.
As Principal Cyber security risk manager regularly review all cyber security risks with the Delivery Team Security Leads and the CySec Risk Lead providing guidance and directing activities, and, where necessary, escalate to the CROB or internally to PSyA/DSIP Lead for escalation outside of DBS.
Ensure that the Cyber Security Risk Register is updated and that analysis of risks is carried out appropriately and complying with the SbD continuous monitoring requirement. Ensure that risk dependencies are mapped and trend analysis conducted to ensure consistent mitigation controls are in place.
Lead the analysis and derivation of complex security risks and seek out relevant, and if necessary innovative, controls to manage the risks.
Lead on risks arising out of threat and vulnerability assessments
Further information can be provided by applying using the link below.