Defence Business Services (DBS) Cyber Response and Information Governance L

at  Ministry of Defence

JOB SUMMARY

Are you a dedicated person who is passionate about making a difference?
Would you like to work for the Ministry of Defence?

Defence Business Services (DBS) is one of the largest shared service organisations in Europe that provides a wide range of corporate services, to over 1.2 million end users, including serving and past military and families, as well as MoD civil servants and industry. DBS delivers large scale administration and smaller specialist services to enable the wider MOD to focus on its core aims, maintaining the UK’s Defence and Security. Services include Human Resources, Pay, Veterans, Finance and Procurement.

• Our Vision - To support UK defence customers with outstanding service every time.
• Our Mission – Together we will proudly support Defence, continuously improving and delivering flexible, timely, sustainable and value for money services that underpin the whole force and enhance operational capability.

DBS is committed to creating a great place to work for all our colleagues. We are building an inclusive culture and respectful environment that reflects the diversity of the society.
We want to maximise the potential of everyone who chooses to work for us through opportunities to develop your skills and experience. We also offer a range of flexible working patterns and support to make a fulfilling career accessible to you and offer a Civil Service pension with an average employer contribution of 27%. Where your role permits, we support a blended working approach alternatively known as hybrid working.
Where business needs allow, some roles may be suitable for a combination of office and home-based working. This is a non-contractual arrangement where all office-based employees will be expected to spend a minimum of 60% of their working time in office, subject to capacity and any required workplace adjustments. Requirements to attend other locations for official business, or work in another MOD office, will also count towards this level of attendance. Applicants can request further information regarding how this may work in their team from the Vacancy Holder (see advert for contact details). Defence Business Services cannot respond to any questions about working arrangements.
DBS has recently undertaken a review of its operational locations in the North West, and have consolidated all activities in Norcross, Blackpool. A further move, to the new Government Hub at Talbot Gateway in Blackpool, is scheduled to take place in 2026.
Come and join the DBS community today!

JOB DESCRIPTION

DBS DIT provides digital capability that supports corporate services across the Ministry of Defence, including Finance, Commercial, Payroll and Human Resources for Military Personnel, Civilian Personnel and Veterans. The role of Response is to manage the response procedures and investigations of security events or incidents. Response colleagues must contain and remediate those incidents, identify potential process improvements, and maintain organisational readiness through preparedness exercises and co-ordinating red team activity. Response also advises product and service owners of potential mitigations.
Warning Advisory and Reporting Points (WARPs) are a mandated appointment in accordance with Defence Policy and provide a focal point for security advice and the reporting and management of security incidents and breaches on behalf of their Principal Security Advisor (PSyA).
DBS WARP includes the Cyber Information Security Operations Centres (CyISOC) it integrates People, Processes and Technology to conduct limited proactive and reactionary cyber operations and associated MOD directives as part of the Defence Digital led Cyber Security Operations Centre (CSOC) federation.

ESSENTIAL QUALIFICATIONS

• Certificate in Information Security Management Principles (CISMP) or recognised equivalent security qualification

QUALIFICATIONS

Qualifications: Certificate in Information Security Management Principles (CISMP) or recognised equivalent security qualification

TECHNICAL SKILLS

We’ll assess you against these technical skills during the selection process:

• Incident management, incident investigation and response
• Information risk assessment and risk management
• Intrusion detection and analysis
• Threat intelligence and threat assessment

Benefits

Alongside your salary of £44,590, Ministry of Defence contributes £12,917 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• An environment with flexible working options Monday-Friday
• 25 days paid annual leave rising (1 day per year) to 30 days upon completion of 5 years’ service (pro rata). In addition to 8 public holidays per year, you will also receive leave for the King’s birthday
• Hybrid working, where role permits
• An opportunity to be considered for Reward & Recognition- £250-£5000 per year.
• Family friendly policies including parental leave and adoption leave
• Learning and development tailored to your role
• Professional and personal development of skills
• A culture encouraging inclusion and diversity
• Minimum of 15 days special leave in a rolling 12 month period for volunteer reserve commitments
• Special paid leave to volunteer up to 6 days per year
• A Civil Service pension with an employer contribution of 28.97%

EXPERIENCE:

• CV
• Personal Statement. In no more than 1000 words, please detail your experience of the following. Please provide information of how you meet the criteria set out in the job description. You may wish to further include examples of how you have tackled similar tasks or demonstrated the skills outlines in the job advert. The Government Security Profession career framework - Response Lead is a useful reference.
  At interview you will be assessed against the following:

TECHNICAL SKILLS FRAMEWORK GUIDES:-

https://assets.publishing.service.gov.uk/media/5e418898e5274a08e9dc7464/GovernmentSecurityProfessioncareerframework.pdf
https://modgovuk.sharepoint.com/:x:/r/teams/8970/_layouts/15/Doc.aspx?sourcedoc=%7BC1226317-BB67-422E-9088-9D26A531C748%7D&file=Cyber%20Security%20Group%201%20Core%20Skills%20for%20Recruiting.xlsx&action=default&mobileredirect=true
Feedback will only be provided if you attend an interview or assessment.

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

THE CYBER SECURITY INCIDENT RESPONSE LEAD IS RESPONSIBLE FOR MANAGING THE WARNING ADVISORY & REPORTING POINT (WARP) AS THE CENTRAL FUNCTION COVERING ALL DBS BUSINESS TEAMS AND IS RESPONSIBLE FOR:

• Ensuring all security incidents and breaches occurring within DBS are being reported promptly and are investigated appropriately to ensure that risk is mitigated, and Post Incident Reviews are undertaken.
• Security Incident Reporting to the Joint Security Coordinating Centre (JSYCC), MOD Chief Information Officer (CIO) and MOD Data Protection Officer Team (DPOT) takes places within the stipulated timeframes.
• Supporting DBS Principal Security Advisor (PSyA) on all aspects of security and information governance that requires escalation to MOD Defence Security & Resilience.
• Supporting DBS Cyber Response Head in relation to time critical and sensitive investigations.
• Ensure all cyber security incidents and breaches including areas of non-compliance with DBS and MOD security policy occurring within the Organisation are being reported promptly to the Cyber Security Operations Capability (CSOC) federation for further investigation. Supporting requests for Forensic Investigations through the defined MOD channels in JDCU.
• Supporting Defence Computer Network Defence (CND) capability. Ensure all DBS systems are recorded on Vigilant Cyber Vulnerability Management Tool providing updates on MODCERT compliance to Cyber Response and Information Governance Head, ensuring non compliance is appropriately following Security Risk Management.
• Cyber Threat Intelligence (CTI) dissemination through the WARP to DBS Teams.
• Maintain effective working relationships with wider Defence WARPs and Cyber Information Security Operations Centres (CyISOC) JSYCC and Defence Digital MOD Computer Emergency Response Team (MODCERT).

INFORMATION GOVERNANCE LEAD RESPONSIBILITIES INCLUDE:

• Ensure confidentiality, integrity and availability (CIA) of information and assets is maintained through the effective deployment of procedural and technical controls. Where DBS are unable to deploy mandated controls, escalate through security risk management process.
• Maintain the suite of DBS IA Policies, ensuring reviewed for changes against JSP 440 Defence Manual of Security and wider HMG Security (GOVS 007).
• Analyse and evaluate cyber and information security risks, as part of the Post Incident Review (PIR) and Lessons Identified (LI) processes making recommendations for improvement.
• Lead the development of incident response exercises scoping, design and governance and remedial action plans.
• Provide specialist, tailored advice to address identified Cyber Security related risks by applying a variety of security capabilities, which may include using published guidance standards.
• Review Service Delivery Contract (SDC) against relevant (Identitify, Protect, Detect and Respond) schedule 2.4 deliverables reporting non-compliance to the Contract Management Team as required.
• Support DBS Cyber Assessors in the completion of ‘Threat Assessments’ using the agreed NIST framework and DBS templates.
• Lead the annual NIST CCF Assessment and support Third Line of Defence (3LOD) assurance activity on behalf of the Cyber Response and Information Assurance Head.
• Provide real-time Management Information (MI) to DBS Management Board showing incident statistics and trends across DBS. Presented through the monthly Executive Dashboard.
• Maintain the DBS Critical Information Asset and Data Flow Control Registers, ensuring all new capabilities and/or data flows are accurately recorded, supporting IAO network

YOU WILL NEED THE FOLLOWING SKILLS FOR THIS ROLE:

Incident management, incident investigation and response. Incident management, incident investigation and response refer to the set of processes, procedures and systems used to reduce the harm caused to victims of cyber incidents and deter future attacks. The principles of the skill include engagement with the overall organisation incident management process to ensure that information security incidents are handled appropriately, defining, and implementing processes, procedures and configuring system policies for responding to and investigating information security incidents, establishing, and maintaining a Computer Emergency Response Team (CERT) and systems to deal with information security incidents.
Information risk assessment and risk management. Information risk assessment and risk management identifies and evaluates security risks to information, systems, and processes owned by the organisation, and proactively provides appropriate advice, drawing on a wide variety of sources, to stakeholders across the organisation and at a variety of levels.
Intrusion detection and analysis. Intrusion detection and analysis consists of network and system activities to identify potential intrusion or other anomalous behaviour. Processes, methods, and procedures include information analysis, security analytics including outputs from intelligence analysis, predictive research, and root cause analysis, vulnerability report analysis, and the production of warning materials. Further principles of the skill include monitoring, collating, and filtering external vulnerability reports for organisational relevance, ensuring that relevant vulnerabilities are rectified through formal change processes, and ensuring that disclosure processes are put in place to restrict the knowledge of new vulnerabilities until appropriate remediation or mitigation is available.
Threat understanding. Threat understanding encompasses evidence-based knowledge, including context, about an existing or emerging threat to assets that can be used to inform decisions.
Threat intelligence and threat assessment. Threat intelligence and threat assessment encompasses evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging concern or risk that has been aggregated, transformed, analysed, interpreted or enriched to provide the necessary context for decision-making processes. Principles of the skill include assessing and validating information from several sources on current and potential cyber and information security threats to the business, analysing trends and highlighting information security issues relevant to the organisation, including security analytics for big data; processing, collating and exploiting data, taking into account relevance and reliability to develop and maintain ‘situational awareness’; predicting and prioritising threats to an organisation and their methods of attack; analysing the significance and implication of processed intelligence to identify significant trends, potential threat agents and their capabilities, predicting and prioritising threats to an organisation and their methods of attack; using human factor analysis in the assessment of threats; using threat intelligence to develop attack trees; and preparing and disseminating intelligence reports, providing threat indicators and warning

Applied security capability Applied security capability is formed of a set of complementary security skills. Individual roles may have a requirement for a different profile across these skills. Applied security capability involves 4 elements:-

• Security requirement elicitation: gathering and deriving meaningful security requirements to support an identified need
• Application of security capabilities: apply standardised or unique security capabilities to address security needs
• Provision or assurance and confidence: provide confidence that business priorities are appropriately protected
• Security and risk reporting: communicate security and risk effectively.

Protective security Protective security encompasses the combination and multi-layering of appropriate and proportionate Physical, Personnel and Cyber Security measures to help identify and respond to any attack. Security requirements will change accordingly with the locally identified threats and vulnerabilities.