JOB SUMMARY

An expert in information security and information risk management, this may be the most unique and important opportunity in your career to date. Not only will you assure data that matters hugely to the interests of the UK and our partners around the world. You’ll also have scope to reshape the way we do digital assurance. If you’ve got the skills and vision, this is your chance to step into a leadership role of great importance, with a small team of specialists who are passionate about our essential work.
At FCDO Services, we protect the UK’s interests at home and overseas. We design and construct secure government buildings, courier diplomatic packages worldwide, safeguard government tech, and a whole lot more.

JOB DESCRIPTION

Our work is as varied and vital as it gets, but we never lose sight of our people. Their skills, aspirations and growth mean as much as the global mission we’re on. In our world, it all matters.

QUALIFICATIONS

Appropriate professional qualification in relevant discipline, e.g. CISSP, CESG Certified Professional

TECHNICAL SKILLS

We’ll assess you against these technical skills during the selection process:

• Substantial combined experience in information security and information risk management
• Significant technical experience in information technology
• Experience implementing / maintaining ISO27001 compliance or certification at an enterprise level
• Appropriate professional qualification in relevant discipline, e.g. CISSP, CESG Certified Professional -
• Member of a relevant professional body

NATIONALITY REQUIREMENTS

Open to UK nationals only.

Responsibilities Include but are not limited too:

• Develop and communicate FCDO Services’ Information Security and Cyber Assurance Vision and Strategy, that supports both the organisation’s strategy and wider government security strategy, including setting strategic objectives and measuring performance against them; key stakeholder in the cyber operational strategy in terms of assurance and governance;
• Lead the organisation in implementing the information and cyber security (assurance) strategy, including providing second line of defence and lead coordinator for third line of defence;
• Evaluate the current status and maturity of information and cyber (assurance) security in the organisation and determine how to get to the level of information and cyber (assurance) security maturity the organisation needs
• Understand information security risks across the organisation and advise the Executive, SIRO and other senior leaders on how to mitigate risks in their areas and in future plans
• Enable the organisation to be innovative in a safe and secure way
• Ensure that information aspects of crisis management are effective - lead and act as primary point of contact for all major information security and IT related incidents, coordinating response and delegating responsibilities as required
• Encourage a culture of cyber security awareness and good security practices
• Advise the Executive and SIRO on corporate information security matters; including risk, assurance, compliance, threat and vulnerability management
• Owner of the digital assurance process, and chair of the Digital Assurance Board
• Establish appropriate standards and controls; oversee security monitoring and continuous improvement of information systems, including risk assessment, gap analysis, new security capability assessments and recommendations, through the establishment of a comprehensive assurance and audit capability
• Oversee regulatory compliance and the maintenance of all information security accreditations
• Create and own the delivery of Information Security initiatives to ensure the organisation and its products are capable of protection against the latest vulnerabilities and cyber threats
• Lead and manage the information security team Engagement across organisation, promoting the function and the benefit