The Defra Group Security function within DDTS is recruiting a Security Incident Response Officer. The Security Incident Response Management Team is a growing team where you will have an opportunity to shape the role and make it your own. The purpose of the Security Incident Response Officer is to triage and respond to security-related incidents affecting the Defra group, including helping the coordination of the response, escalating where appropriate and functioning as a conduit for information to the Senior Security Incident Response Officer or to the Head of the Security Incident Response Management team.
The role involves managing both volume security incidents as well as coordinating incidents with no clear guidance across the physical, personnel, information, and cyber security. There may be line management responsibilities as part of this role. No prior cyber security knowledge is needed. Key responsibilities include obtaining security-related statements, compiling relevant papers for HR/legal teams where prosecution could be pursued, maintaining the integrity and continuity of evidence and subsequent case management.
Civil servants and Ministers must have confidence that information sent across the department is handled securely, and that should any information be disclosed to outside parties that a thorough, legally compliant proportionate investigation is conducted by a suitably qualified and experienced person. Failure to investigate leaks and security incidents could have serious consequences for Ministers’ and civil servants’ confidence in the department and increase the risk of sensitive information being released.
Limited travel and overnight stays are also expected.
Please note this post requires Security Check (SC) clearance. To gain (SC) clearance all applicants are required to have been a UK resident for a minimum of 5 years. If this requirement is not met, the individual will not be able to progress their application further.
Responsibilities
* Developing Standard Operating Procedures with key stakeholders, creating a contacts database for use in a response, feeding into the incident management playbooks and response plan.
* Helping the response to major incidents, including assimilating available information, providing clear summaries to SEO and G7 staff, and running the logistics of the response (such as setting up calls, taking minutes of meetings, drafting dissemination/notification emails).
* Ensuring a high level of customer service for both DDTS/Defra and wider government departments.
* Helping investigations into security incidents, including creating and compiling evidence and providing clear recommendations to SEOs and G7s in the team.
* Triaging incidents, including monitoring an inbox where necessary - applying a clear knowledge of team scope and structure to ensure requests, incidents and other communications are dealt with appropriately.
* Capturing all appropriate information to effectively triage requests and incidents, including establishing whether incidents have Data Protection implications, and log incidents appropriately.
Skills and Experience
The role requires experience in managing security incidents/investigations and knowledge of different domains of the Security profession. Ensuring that security investigations are managed and led by a suitably qualified and experienced person reduces the risk of insider activity and its consequences in terms of Departmental and Cross-Government reputational harm. A background in Protective Security and should have one of the following, be currently on programme to achieve, or willing to achieve:
* BCS Certificate in Information Security Management Principles (CISMP),
* Certified Security Management Professional (CSMP),
* Certified Protection Professional (CPP),
* BCS Certified Information Security Manager (CISM) or equivalent qualification.
Or any other suitable Security or information security related qualifications.
* Experience of being part of an incident management and response team/function, including applying risk-based security controls in decision making and using security risk management methodology and techniques for the assessment and management of business and information risk.
* Experience of identifying and implementing service improvements (lessons learned) as a result of investigations.
* Experience communicating complex security-related messages and presenting updates and recommendations in a clear and comprehensive manner to a senior audience.
* Working in an environment that can fluctuate between fast-paced and steady state, long-term projects with short-term, and high-energy responses.
* Experience helping investigations and delivering responses, able to deliver quality products at pace, communicate effectively and work as part of a geographically disparate team.
* Ability to build relationships with a variety of stakeholders, often with conflicting priorities. Excellent verbal and written communication skills.
Job Types: Full-time, Permanent
Pay: £32,136.00-£38,551.00 per year
Benefits:
* Additional leave
* Canteen
* Casual dress
* Cycle to work scheme
* Employee discount
* Health & wellbeing programme
* Sick pay
* Work from home
Schedule:
* Flexitime
* Monday to Friday
Work Location: Hybrid remote in Reading, RG1 1AF
Reference ID: 369853
#J-18808-Ljbffr