Principal Cyber Security Risk Manager

at  Department for Business and Trade

London, England, United Kingdom -

Start DateExpiry DateSalaryPosted OnExperienceSkillsTelecommuteSponsor Visa
Immediate21 Jan, 2025GBP 78981 Annual21 Oct, 2024N/ANorway,Security Certification,Service Delivery,Risk Assessment,It,C Suite,Communication Skills,Learning,Cissp,Risk,Security Assurance,Technology ArchitectureNoNo
Add to Wishlist Apply All Jobs
Required Visa Status:
CitizenGC
US CitizenStudent Visa
H1BCPT
OPTH4 Spouse of H1B
GC Green Card
Employment Type:
Full TimePart Time
PermanentIndependent - 1099
Contract – W2C2H Independent
C2H W2Contract – Corp 2 Corp
Contract to Hire – Corp 2 Corp

Description:

ABOUT US

The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.
Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.
Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.
Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.
The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission.
DBT Cyber work to improve the security of the systems and processes that affect the operation of the Department. The Governance Risk and Compliance (GRC) team were established to create a safer Cyber landscape to deliver DBT’s vision and do this through establishing good practice in new information projects, reviewing compliance and setting standards for the department.

SKILLS AND EXPERIENCE

It is essential that you have:

  • A professional information security certification – CISSP or similar
  • Experience managing a team and managing contracts
  • Experience leading risk management and assurance activities in complex environments - balancing service delivery with security assurance
  • Working knowledge of cloud technology architecture
  • Solid knowledge of information security frameworks, such ISO 27001, and applying those frameworks in assessing risk
  • Effective verbal and written communication skills up to and including C-Suite

It is desirable that you have:

  • Experience working within large, complex organisations
  • Experience of executing cases and managing outsourced assurance teams

Benefits

  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • A Civil Service pension with an employer contribution of 28.97%

Things you need to know

MORE ABOUT US

This role can only be worked from within the UK, not overseas. If you are based in London, you will receive London weighting. DBT employees work in a hybrid pattern, spending 2-3 days a week (pro rata) in the office on average. Travel to your primary office location will not be paid for by DBT, but costs for travel to an office which is not your main location will be covered.
You can find out more about our office locations, how we calculate salaries, our diversity statement and reasonable adjustments, the Recruitment Principles, the Civil Service code and our complaints procedure on our website.
Find out more about life at DBT, our benefits and meet the team by watching our video or reading our blog!
Feedback will only be provided if you attend an interview or assessment.

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Responsibilities:

TYPE OF ROLE

Administration / Corporate Support
Digital
Information Technology
Other

ABOUT THE ROLE

The Principal Cyber Security Risk Manager identifies, understands, and mitigates cyber-related risks. They provide risk and service owners with advice to help them make well informed risk-based decisions. Reporting to the Head of Cyber, the role will collaborate with the other teams in Cyber and the broader DDaT community and is responsible for the IRAP service, process enhancements, IRAP case approvals to medium and liaising with SIRO for high-risk cases.
You’ll need to possess cloud expertise, experience, integrity and be able to communicate across all levels and professions within the department, working with teams that are under pressure to provide the most informed risk assessment possible to decision makers. It will take strong collaboration skills to work across the department and with external stakeholders to protect and promote a governed, Cyber risk aware and compliant DBT.

There are four key areas of this role:

  • Assess - leading risk and threat assessments activities at pace
  • Explain - creating tailored oral and written communications, briefings and preparing advice on regulation, guidance, policy, standards and risk assessment documentation
  • Influence - establishing a reputation of authority & influence to enable risk owners, suppliers, developers, and project leads to make well informed decisions
  • Inspire - line managing SEOs and below in the team and support their progression

MAIN RESPONSIBILITIES

You will be a risk assurance professional who understands technology and can:

  • Independently lead and undertake Cyber risk identification and management activities, making use of established security and risk management governance structures and where necessary developing new ones
  • Undertake Cyber Security risk assessments as part of the IRAP (Information Risk Assurance Process), conduct tailored threat assessments and other risk management activities, to ensure activities are consistent with applicable regulations, legislation, good practice, and Government guidance
  • Mentor and develop junior team members in Risk assessment
  • Be the point of contact for the CTO and SIRO about Cyber Security Risk
  • Provide tailored advice to a range of stakeholders on how to mitigate identified risks by proportionately applying security good practice, ensuring credible advice that is aligned to published guidance and standards and drawing on the breadth of expert support available
  • Supporting Cyber compliance and audit activities
  • Work across the Cyber team and other professions to provide practical expert advice that enables risk-based decision making at all levels within the department


REQUIREMENT SUMMARY

Min:N/AMax:5.0 year(s)

Other Industry

IT Software - Network Administration / Security

Other

Graduate

Proficient

1

London, United Kingdom