JOB SUMMARY

The Government Digital Service (GDS) is the digital centre of government. We are responsible for setting, leading and delivering the vision for a modern digital government.

Our priorities are to drive a modern digital government, by:

• joining up public sector services
• harnessing the power of AI for the public good
• strengthening and extending our digital and data public infrastructure
• elevating leadership and investing in talent
• funding for outcomes and procuring for growth and innovation
• committing to transparency and driving accountability

We are home to the Incubator for Artificial Intelligence (I.AI), the world-leading GOV.UK and at the forefront of coordinating the UK’s geospatial strategy and activity. We lead the Government Digital and Data function and champion the work of digital teams across government.
We’re part of the Department for Science, Innovation and Technology (DSIT) and employ more than 1,000 people all over the UK, with hubs in Manchester, London and Bristol.
The Government Digital Service is where talent translates into impact. From your first day, you’ll be working with some of the world’s most highly-skilled digital professionals, all contributing their knowledge to make change on a national scale.
Join us for rewarding work that makes a difference across the UK. You’ll solve some of the nation’s highest-priority digital challenges, helping millions of people access services they need

JOB DESCRIPTION

GOV.UK One Login represents a once-in-a-generation opportunity to simplify and widen access to all digital government services. Sitting at the heart of the government, we are building one straightforward, secure and inclusive way for users to log in and prove who they are that will work across all government services.
The GOV.UK One Login programme is full of talented and passionate people who are consistently delivering high quality products for services and individuals. We’re half way through our build phase and features are being shipped almost weekly as we work to mature our product set so that we can expand the range of services and departments benefitting from our work.
Sometimes described as the most strategic programme in government, GOV.UK One Login represents a once in a career opportunity to work on a software product that will be used by the majority of the people living in the UK. It’s a fast paced, dynamic and challenging environment that is sure to offer you career satisfaction as well as a chance to develop and enhance your skills.
If this sounds like the next role for you on your career journey then we’d love to hear from you. Find out more at the GDS Blog.
As Head of Security Operations for One Login and Digital Identity you will play a central role in protecting the UK’s current and future digital identity ecosystem. At scale, One Login will be the front door for millions of users to access digital public services. Security, reliability and resilience are absolutely critical to delivering our mission. This is a high profile role, suited to an experienced security operations leader with a track record of setting direction and running security operations for a complex area.

As Head of Security Operations you will have oversight for the Digital Identity Security Operations team, taking responsibility for designing, implementing and managing threat detection and response, incident management, security monitoring, and vulnerability management. In addition, you will be responsible for:

• security operations leadership: Building civil servant capability to run a mature, responsive 24/7 Security Operations Center (SOC), working in collaboration with One Login’s dedicated Technical Service Desk and wider GDS and DSIT cyber teams. Work in partnership with GDS (Privacy, Information Assurance, Security Architecture, Cyber), GSG, CDIO Cyber, NCSC and other government departments.
• security monitoring: Take responsibility for the maintenance and enhancement of a proactive security monitoring capability, informed by a combination of commercial and closed-source threat intelligence reporting.
• incident detection and response: Take accountability for the end-to-end incident response lifecycle — from detection to containment, investigation, recovery, and post-incident review. Ensuring incident readiness through regular testing and reviews, and creation of run/playbooks. Work closely with business continuity planning leads to ensure that the programme has well defined business continuity, resilience and disaster recovery plans
• threat intelligence & monitoring: Working in collaboration with One Login’s Threat Intelligence and Counter Fraud team, continue to develop One Login’s capabilities for industry leading proactive threat detection, sharing insights as appropriate with senior management and stakeholders across government to enable One Login and key partners stay ahead of an emerging range of threats. Represent the Security Operations team in collaborative threat modelling exercises, offering technical expertise which can be used to identify novel threats to systems, leading to the deployment of new detective controls.
• threat briefing: Deliver threat briefings and status updates to key stakeholders, such as the head of security, wider live operations community, and the programme’s senior management team
• threat hunting: Lead proactive threat hunting engagements within GOV.UK One Login systems, to prove or disprove competing hypotheses, and influence future detection requirements.
• vulnerability management: Maintain oversight for vulnerability scanning and work with teams across the programme to ensure timely and effective remediation within required SLOs; escalating as required.
• governance & reporting: Establish and maintain operational metrics and reporting processes to measure threat posture, incident response performance, and SOC maturity.
• technology ownership: Working together with GDS InfoSec and One Login’s service tooling team, take responsibility for the selection, deployment, and tuning of key security technologies and capacity.
• alignment with relevant standards and frameworks: Ensure all operations meet stringent public sector security requirements, including those from NIST, FedRAMP, CJIS, or other applicable frameworks.
• security culture leadership: Working in close collaboration with the Head of Product Security for One Login and the GDS CISO, take responsibility for embedding a robust security culture across the programme. Act as a champion for security; setting out a vision and strategy with appropriate governance.

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements

As Head of Security Operations you will have oversight for the Digital Identity Security Operations team, taking responsibility for designing, implementing and managing threat detection and response, incident management, security monitoring, and vulnerability management. In addition, you will be responsible for:

• security operations leadership: Building civil servant capability to run a mature, responsive 24/7 Security Operations Center (SOC), working in collaboration with One Login’s dedicated Technical Service Desk and wider GDS and DSIT cyber teams. Work in partnership with GDS (Privacy, Information Assurance, Security Architecture, Cyber), GSG, CDIO Cyber, NCSC and other government departments.
• security monitoring: Take responsibility for the maintenance and enhancement of a proactive security monitoring capability, informed by a combination of commercial and closed-source threat intelligence reporting.
• incident detection and response: Take accountability for the end-to-end incident response lifecycle — from detection to containment, investigation, recovery, and post-incident review. Ensuring incident readiness through regular testing and reviews, and creation of run/playbooks. Work closely with business continuity planning leads to ensure that the programme has well defined business continuity, resilience and disaster recovery plans
• threat intelligence & monitoring: Working in collaboration with One Login’s Threat Intelligence and Counter Fraud team, continue to develop One Login’s capabilities for industry leading proactive threat detection, sharing insights as appropriate with senior management and stakeholders across government to enable One Login and key partners stay ahead of an emerging range of threats. Represent the Security Operations team in collaborative threat modelling exercises, offering technical expertise which can be used to identify novel threats to systems, leading to the deployment of new detective controls.
• threat briefing: Deliver threat briefings and status updates to key stakeholders, such as the head of security, wider live operations community, and the programme’s senior management team
• threat hunting: Lead proactive threat hunting engagements within GOV.UK One Login systems, to prove or disprove competing hypotheses, and influence future detection requirements.
• vulnerability management: Maintain oversight for vulnerability scanning and work with teams across the programme to ensure timely and effective remediation within required SLOs; escalating as required.
• governance & reporting: Establish and maintain operational metrics and reporting processes to measure threat posture, incident response performance, and SOC maturity.
• technology ownership: Working together with GDS InfoSec and One Login’s service tooling team, take responsibility for the selection, deployment, and tuning of key security technologies and capacity.
• alignment with relevant standards and frameworks: Ensure all operations meet stringent public sector security requirements, including those from NIST, FedRAMP, CJIS, or other applicable frameworks.
• security culture leadership: Working in close collaboration with the Head of Product Security for One Login and the GDS CISO, take responsibility for embedding a robust security culture across the programme. Act as a champion for security; setting out a vision and strategy with appropriate governance

The standard selection process for roles at GDS consists of:

• a simple application screening process - We only ask for a CV and for you to answer 2 application questions.
• a 90 minute video interview. As part of the interview process there will be a task to be prepared. Details around the task will be provided to shortlisted candidates

For this role we’ll be assessing you against the following Civil Service Behaviours:

• Leadership
• Seeing the Big Picture
• Making Effective Decisions
• Working together
• Technical competenc

We’ll also be assessing your experience and specialist technical skills against the following skills defined in the Government Security profession Framework for the Head of Cyber Security role (Page 111)

• Applied security capability
• Protective security
• Threat understandin