Defence Business Services - DBS - Cyber Security Assessor Risk Manager Prin

at  Ministry of Defence

JOB DESCRIPTION

DBS DIT provides digital capability that supports corporate services across the Ministry of Defence, including Finance, Commercial, Payroll and Human Resources for Military Personnel, Civilian Personnel and Veterans.
Cyber Security Assessors are responsible for independent assessment of Delivery Teams’ adherence to Secure by Design and relevant risk and security policies and standards. They coordinate between Delivery Teams dealing with similar security challenges to optimise solutions and minimise duplication of effort. They are responsible for consistent, coherent advice and support to relevant capabilities. They identify, understand and mitigate cyber-related risks. They provide risk or service owners with advice to help them make well informed risk-based decisions.
As Cyber security Assessor within the DBS Cyber Team you will manage all day to day IT Security and System Information Assurance, and, applying Secure by Design, ensure that security is embedded in all stages of the application development life cycle, and that there is continuous monitoring through use. You will also advise on and test the efficacy of measures to build security into continuous integration and deployment with specific responsibilities for the day to day IT security for multiple Military and Civilian HR systems and Finance systems.
The role will require you to demonstrate a talent for solving complex problems and for effective communication at all levels. You will be able to advise on complex risk balance decisions, propose innovative solutions and to explain MOD’s security policy, governance and technology controls to non-IT/security experts. Senior Responsible Owners and Project Leads will rely on your expertise to ensure they have an accurate understanding of through-life cyber security risks, so they can make informed decisions. Projects may involve complex technical and security challenges and you will need a good understanding of technical controls and policy (JSP 440; JSP 604/453)

DESIRABLE SKILLS.

• Knowledge/experience of implementing Secure by Design Principles.
• Knowledge and experience of risk management

TECHNICAL SKILLS

We’ll assess you against these technical skills during the selection process:

• Information risk assessment and risk management. Level - Expert
• Applied security capability Level - Practitioner
• Protective security Level - Expert
• Threat understanding. Level - Practitioner

Benefits

Alongside your salary of £57,670, Ministry of Defence contributes £16,706 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• An environment with flexible working options Monday-Friday
• 25 days paid annual leave rising (1 day per year) to 30 days upon completion of 5 years’ service (pro rata). In addition to 8 public holidays per year, you will also receive leave for HM The Sovereign’s birthday
• Hybrid working where role permits
• An opportunity to be considered for Reward and Recognition - £250-£5000 per year
• Family-friendly policies including - parental leave and adoption leave
• Learning and development tailored to your role
• Professional and personal development of skills
• A culture encouraging inclusion and diversity
• Minimum of 15 days special leave in a rolling 12 month period for volunteer reserve commitments
• Special paid leave to volunteer up to 6 days per year
• A Civil Service pension with an average employer contribution of 27%

THIS POST IS ELIGIBLE FOR A DIGITAL SKILLS ALLOWANCE OF UP TO [£15,300] PER ANNUM. ELIGIBILITY FOR THIS ALLOWANCE WILL BE ASSESSED AT INTERVIEW AGAINST THE 4 CORE TECHNICAL SKILLS ONLY AND REVIEWED ANNUALLY IN LINE WITH DEPARTMENTAL POLICY.

The post does not offer relocation expenses.
Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.
External recruits who join the MOD who are new to the Civil Service will be subject to a six-month probation period.

SELECTION PROCESS DETAILS

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.
Please ensure that at the application and interview stages of the campaign you review the Success Profiles Framework to assist you in the demonstration of your skills and experience.
Your suitability for the role will be assessed using the Success Profile elements that have been chosen for this campaign. Each element will be scored accordingly, and the successful candidate will be appointed on merit.
Applications will be sifted on all Success Profile elements, but in the event of a high number of applications, an initial sift will be conducted on the following success profile elements:
Primary: Experience - Personal statement

At application stage you will be assessed against the following:

• Experience - CV
• Experience - Personal statement - In no more than 1000 words please provide information of how you meet the criteria set out in the job description. You may wish to further include examples of how you have tackled similar tasks or demonstrated the skills outlined in the job advert.

At interview you will be assessed against the following:

• Behaviour - Making Effective Decisions
• Behaviour - Seeing the Big Picture
• Technical - Information risk assessment and risk management Level - Expert
• Technical - Protective security - Level - Expert
• Technical - Threat understanding - Level - Practitioner
• Technical - Applied security capability - Level - Practitioner

PLEASE REFER TO THE ATTACHED DOCUMENT FOR THE TECHNICAL SKILLS FRAMEWORK.

In the rare case where individuals have exact matching scores, the order of merit will be determined based on the behaviour scores at interview in the following order:

- - Technical - Information risk assessment and risk management
- - Behaviour - Making Effective Decisions
- - Behaviour - Seeing the Big Picture

If candidate scores are still exact, the merit order will then be determined on the sift score in the below order or priority:

- - Experience - Personal statement
- - Experience - CV
- - Behaviour - Making Effective Decisions
- - Behaviour - Seeing the Big Picture

We want to offer opportunities to all who are successful at interview for our roles, but this isn’t always possible, so we do hold candidates on an active reserve list for 12 months.
Application sifting to take place mid November.
Interviews are currently taking place via the following method: MS Teams and will be conducted Late November.
A minimum of 2 full working days’ notice will be provided for interviews.We endeavour to stick to these dates, but these are subject to change around business needs.The Civil Service embraces diversity and promotes equality of opportunity. There is a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
If you need to advise us that you need additional help or reasonable adjustments for the recruitment process, please contact: DBS-EnhancedRecruitmentTeam@mod.gov.uk
When choosing your Behaviour examples, please make sure you use real life scenarios that relate to your own experiences. Whilst technology may help to enhance your written submission, presenting the ideas of others or those generated by technology, could result in your application being rejected.
MOD Recruitment Satisfaction Survey – we may contact you regarding your experience to help us improve our customer satisfaction. The survey is voluntary and anonymous. You may however be given the opportunity to provide additional information to help us improve our service which includes the collection of some personal data as defined by the United Kingdom General Data Protection Regulation (UK GDPR). The MOD Privacy Notice sets out how we will use your personal data and your rights.
As a result of the changes to the UK immigration rules which came into effect on 1 January 2021, the Ministry of Defence will only offer sponsorship for a skilled worker visa under the points-based system, where a role has been deemed to be business critical.
The role currently being advertised has not been assessed as business critical and is therefore NOT open to applications from those who will require sponsorship under the points-based system. Should you apply for this role and be found to require sponsorship, your application will be rejected, and any provisional offer of employment withdrawn.
To assist with your application please find attached -
DBS Candidate Information Guide - Working for Defence Business Services - GOV.UK (www.gov.uk)
(26) UK Ministry of Defence: Life , LinkedIn
https://www.gov.uk/government/publications/digital-information-technology
Feedback will only be provided if you attend an interview or assessment.

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

THE KEY RESPONSIBILITIES ARE:

• Lead the embedment of Secure by Design (SbD) principles into application development by providing advice and internal consultancy on highly complex criteria and contexts for multiple systems.
• Manage system accreditation transition to SbD
• Lead multi-team assessment of application resilience throughout the DBS IT estate, reviewing regular application security reports, holding accountability and responsibility for secure design implementation;
• supporting delivery of main gate assurance of all projects and changes; ensuring compliance with Information Assurance Policy and Security Principles
• Lead and assure processes, and provide specialist advice though leadership on tooling and dynamic and static analysis in the product development life cycle.
• Lead Delivery Team Security Leads (previously Security Assurance Co-ordinator (SACs)) alongside senior decision makers to embed secure development life cycle and security awareness.