Security Risk and Assurance Principal

at  Ministry of Justice

Salary
The national salary range is £56,532 - £64,048, London salary range is £61,201 - £69,338. Your salary will be dependent on your base location
Number of jobs available
1
Detail of reserve list
12 Months
Region
National
City/Town
National
Building/Site

NATIONAL

Please note: Some of our MoJ Office locations, such as our Liverpool Justice Collaboration Centre, require higher levels of National Security Vetting. The MoJ is working to open more Justice Collaboration Centres and Justice Satellite Offices over time. Click here to learn more about where our currently open Justice Collaboration Centres and Justice Satellite Offices are, to identify where you may be based and understand National Security Vetting requirements of each location.
Grade
Grade 7
Organisation Grade for MoJ
Grade 7
Post Type
Permanent
Working Pattern
Full Time
Role Type
Governance, Risk Management, Security
Will the successful applicant have line manager responsibilities?
Yes
Job description
We are looking for someone who is enthusiastic about helping the MoJ to keep its information secure, its information security risks well managed and to build and continuously improve its information security governance, while delivering its priorities. In this role in particular, you will be leading a small team to develop, deliver and embed measures against pillar 7 of the MoJ Cyber Security Strategy, as well as supporting work on other pillars as needed.
You’ll support your team to partner effectively with both technical and non-technical colleagues, providing oversight and guidance on our most complex and novel security risks. You will also play a part in reporting to the most senior level of the organisation and in making returns to colleagues at the centre of government.

TECHNICAL SKILLS AND EXPERIENCE

We will assess your current level of knowledge and experience of cyber security and risk management during the selection process.
Allowance Details
This role may attract a skills-assessment based additional allowance aligned with the Government Digital and Data Profession Capability Framework.
Additional Information
This role can be worked in hybrid manner, with a mixture of working from an office location and home (UK only). Colleagues are normally expected to spend a minimum of 40% of their time working from an office location.

Lead the implementation and delivery of security assurance processes, including GovAssure and supplier assurance activities across the MoJ, to support the overarching assurance programme. Lead on the communication of assessment and assurance outcomes to stakeholders in ways that support effective security, risk management and decision-making, and advise stakeholders on their approach to risk assessment in the context of their business outcomes.
Lead engagements with Justice Digital and Information Assurance colleagues, or supervise third party suppliers, to gather and audit evidence of the performance of technical services and organisational processes against security baselines, controls and requirements. Track the evidence provided using key performance indicators to feed into security dashboards.
Use business knowledge and technical expertise to translate evidence gathered from complex data sets into senior stakeholder reporting and recommendations for strategic risk improvement initiatives.
Identify and report on trends arising from assurance assessments across the MoJ and make sure appropriate remediation plans are in place and being actively managed.
Align risk decisions and advice with relevant regulation, policy and standards to provide proportional, practical advice that is tailored to the local environment, and advise on any residual risk for the most complex scenarios. Escalate risks to more senior stakeholders when needed and take responsibility for closure of follow up actions.
Provide direction on input into the development and enablement of security policy and security culture by collaborating with the Security Policy, Culture, Awareness and Education team through insights on trends identified from security risks and assurance activities. Assure the ongoing appropriateness of policy in accordance with regulation and wider departmental and government policies.
Play a leading role in building the network of security partners across government and national technical authorities, and within industry. Contribute to cross-government conversations on security risk and assurance.
Make substantial contributions to submissions and reports for senior MoJ officials, including presenting at senior boards, and oversee efforts needed to respond to requests and advisories received from government partners where needed.
Monitor the efficiency and effectiveness of security processes across the organisation, and lead continuous improvement efforts, including improving methods of escalation or reporting where necessary. Maintain and grow their knowledge of industry and government best practices. Apply new concepts and thinking to develop and innovate security risk and assurance frameworks, policies, processes and tooling.
Maintain understanding of local and strategic threat environments and trends affecting the landscape, and apply this to inform and provide context in decision-making and planning. Communicate tailored threat information to relevant local stakeholders within the organisation
Lead a small team of risk and security professionals, planning and tracking delivery against objectives, developing team skills, motivation and well-being. At times the team may include external third party delivery partners and require tracking of this delivery and spend.