Chief Information Security Officer

Grade: Grade 6 (B1)

Salary: £67,820

Digital Skills Allowance: The base salary for this grade is £67,820. Offers above this will be made up of a Digital Skills Allowance of up to £18,000 per annum for exceptional candidates.

Security: DV – Reserved – Sole UK National

Summary

This post is eligible for a Digital Skills Allowance of up to £18,000 per annum. Eligibility for this allowance will be assessed at interview against 4 core technical skills only and reviewed annually in line with MOD policy.

As a Civil Servant, you’ll also have access to our range of excellent benefits, including flexible working, discount schemes, generous leave allowance and a market-leading Civil Service pension.

Job description

The Chief Information Security Officer (CISO) is a designated individual responsible for the security of information, including in electronic form. You’ll provide strategic direction to the Defence Business Services (DBS) Management Board, anticipate challenges, drive performance and build the capability required to ensure the security of new and existing services.

You’ll identify and evaluate cyber security risks to information, systems, and processes owned by the DBS Security Risk Owners and assist with the management of top-level security risks, on behalf of the DBS CEO, advising on the balance between business needs and security requirements, taking account of affordability.

Responsibilities

Responsibilities include but are not limited to:

· Act as the primary DBS point of contact on Cyber Security issues with key stakeholders, including Defence Digital Cyber Defence and Risk (DD CyDR), Joint Defensive Cyber Unit (JDCU) and external parties; actively develop strong working relationships in relation to Cyber Security.

· Ensure that Cyber Security controls remain appropriate and proportionate to the assessed risks, by embedding Secure by Design, ensuring our capabilities are protected from the outset. Be responsive and adaptable to the changing threat environment, business requirements and Defence and central government policies, designed to be resilient against cyber-attacks.

· Champion learning, development and assurance, cultivating talent, fostering an inclusive, diverse and motivated workforce and providing assurance that individuals undertaking cyber security roles are suitably qualified and experienced personnel (SQEP); building a whole organisation security mindset.

· Ensure governance, compliance and risk management frameworks are in place with underpinning processes and that the DBS risk management approach provides good governance, achieves compliance and ensures that risk mitigation plans and funding are in place to continue driving cyber security forward.

· Maintain a clear view of critical and high-risk DBS systems and ensure that systems not centrally managed by Defence Digital have the security controls required by policy.

· Report on cyber security controls on the Annual Assurance Return and support the self-assessment cyber compliance framework, continuing to enhance our maturity.

· Enhance the DBS cyber security and information governance culture, providing assurance that all personnel in DBS are provided with adequate and timely cyber security, threat briefs and information governance training, embedding cyber resilience and secure handling of information assets.

· Ensure our integrated cyber defences cover our critical functions, providing the ability to detect and respond to cyber-attack and ensuring all cyber security incidents and breaches are managed and reported promptly to the Cyber Security Operations Capability (CSOC) and are investigated appropriately to ensure that risk is mitigated and lessons learnt.

· Line management of several direct reports within the team. Resource management across the team, ensuring that the relevant workload is delivered as agreed.

Person specification

This position may be suitable for individuals with relevant skills and experience in information security governance & management, risk assessment & information risk management, technical security architecture or with appropriate skills gained in an ICT assurance or compliance environment.

We are committed to encouraging and enabling our staff to develop in and above their role and we will support you in undertaking further learning and development opportunities, within your designated field and beyond. Wherever possible, we will provide upskill learning options and further training to support your continuous professional development.

Desirable qualifications, accreditation, memberships or skills:

· Certificate in Information Security Management Principles (CISMP)

· Certified Information Security Systems Professional (CISSP)

· Certified Cyber Professional (CCP)

· Membership of CIISP, CIISec, BCS or recognised equivalent

Ideally, you’ll also have the following:

· The ability to build long term relationships with key internal and external stakeholders.

· Highly effective networking and the ability to advise and influence people.

· Experience of leading and managing a team.

· Ability to communicate effectively to a variety of audiences, synthesising information to portray key messages and facilitate effective decision making.

This post is eligible for a Digital Skills Allowance of up to £18,000 per annum. Eligibility for this allowance will be assessed at interview against 4 core technical skills only and reviewed annually in line with MOD policy.

This position can be based at either MOD Abbey Wood, Stoke Gifford, Bristol BS34 8JH or Norcross, Blackpool, Lancashire, FY5 3WP.

Work location will be agreed once the successful candidate has been selected.

This job role may be suitable for hybrid working, which is an informal, non-contractual and voluntary arrangement, blending a balance of attendance in the workplace (your permanent duty station, which is based on business assessment of where the work is best done) and working from home as a personal choice (if the role is suitable for this). If you are successful, any opportunities for hybrid working will be discussed with you prior to you taking up your post.

Dependent on the business need, there may be a requirement to travel to meetings within the UK (or potentially occasional overseas visits).

If not already held, successful candidates will be required to undergo DV clearance. Please note this position is open to sole UK Nationals only.

Qualifications (Essential only)-

Security

Successful candidates must meet the security requirements before they can be appointed.

The level of security needed is .

Nationality requirements

Open to sole UK nationals only.

Selection process details

This vacancy is using Success Profiles and will assess your Behaviours, Experience and Technical skills.

To apply, please complete the CV template provided on the CS Jobs dashboard. The sift will be conducted on your CV, assessed against your relevant skills, knowledge and experience for the role and on your personal statement, assessed against the essential criteria listed below.

All applicants will also need to provide a personal statement (max. 1250 words) and it is essential that this includes evidence of the following essential criteria. Each one will be scored 1-7 and make up part of your overall score to assess your suitability to be invited to interview:

1. Describe your experience of managing cyber security governance, risk and compliance aspects within an organisation.

2. Provide an example of when you have managed a Cyber Security incident and the approach used.

3. Tell us about your ability to create, build and maintain strong working relationships with both internal and external stakeholders.

4. Describe your experience of leading, managing and developing resources, teams and staff.

Interviews

We’ll assess you against these behaviours, technical skills & experience during the interview process:

Presentation

You will be asked to prepare and deliver a 5-minute (max) presentation on a role-related subject. Further details will be sent prior to interview.

Behaviours

· Seeing the Big Picture

· Leadership

· Developing Self & Others

Technical Skills

· Information risk assessment and risk management

· Applied security capability

· Protective security

· Threat understanding

The Government Security Profession Career Framework and the Cyber Security - Head of Cyber Security role used in this vacancy can be found at: Government Security Profession career framework.

Feedback will only be provided if you attend an interview or assessment.

Benefits

This post is eligible for a Digital Skills Allowance of up to £18,000 per annum. Eligibility for this allowance will be assessed at interview against 4 core technical skills only and reviewed annually in line with MOD policy.

Our benefits include:
Learning and development tailored to your role with a dedicated minimum of 5 days per year
25 days paid annual leave rising (by 1 day per year) to 30 days upon completion of five years’ service
Ability to roll up to 10 days annual leave per year
In addition to eight public holidays per year, you will also receive leave for HM The King’s birthday
A Civil Service pension with an average employer contribution of 27%
Parental and Adoption Leave
* Discounts on a range of services within and external to the civil service – Defence Discount Service, Civil Service societies for Sports and Leisure, Healthcare, Insurance, Motoring, Company discounts with Virgin, Vodafone, and Microsoft Office.
* In year rewards and ‘thank you’ schemes such as vouchers and gift cards
* A culture encouraging inclusion and diversity
* Please see Benefits Leaflet for more detail

Equality and Diversity

Our people are at the heart of everything we do at Defence Digital. It’s vital that our workforce reflects the diversity of both our audience and the wider society in the UK, so we’re proud to be an equal opportunities employer and we actively seek candidates from diverse backgrounds and communities. We also recognise the importance of a good work life balance, so we do everything we can to accommodate flexible working, including part-time and job shares for all our roles. Please just let us know in your application or at any stage throughout the process if this is something you want to explore.

Defence Digital operates an organisation model in which every individual belongs to a Government Profession. The successful applicant will be posted into one of the defined Government Professions on Standard Terms of Reference for the grade. Defence Digital reserves the right to move individuals between roles, within their allocated profession, to meet the needs of the business and in support of agile resourcing.

Job Types: Full-time, Permanent

Pay: From £67,820.00 per year

Benefits:
* Company pension
* Flexitime
Schedule:
* Monday to Friday

Work Location: In person