Cyber Security Risk Manager (Principal)

You will support the Chief Security Officer and Security Advisor in the delivery of the security strategy by being a Subject Matter Expert, apply your expertise to identify, analyse, evaluate, and mitigate risks for a variety of systems and services. Working closely with the business and key stakeholders to provide trusted advice and support across all aspects of Security - data, information, assurance, cyber, and 3rd party suppliers, safeguarding the Department's assets and managing security risks. This is a varied and complex role that directly focuses on the delivery of Personnel, Cyber, Information and Supply Chain security, whilst working with other teams on the delivery of Physical, Technical and Operational security. Lead and work collaboratively with stakeholders to provide subject matter expertise on a range of security & risk requirements and oversee the Identification, delivery and escalation of security risks for the business, influencing appropriate decisions in keeping within the GPA risk appetite. You will deliver and implement a wide range of security risk and assurance activities, aligning our delivery to Government Standards, Frameworks and Industry best practice, continuously adapting our approach to improve our security maturity. You will be responsible for communicating security standards, articulate threats, negotiate security enhancements, and conduct assurance activities across various environments, including on-premise and cloud solutions. Conduct regular security assessments to identify vulnerabilities and recommend appropriate controls aligning to both government and industry best practice, identifying opportunities for continuous improvement in our delivery. Delivering holistic security across the whole lifecycle of systems and services, embedding security into our supply chain and reviewing compliance to standards by advising on appropriate mitigations and controls. You will lead on creating a positive, engaging and inclusive security culture through security education and awareness programmes, building a network of security partners across Government, and the broader security industry to share best practice, adopt common approaches and foster joint working on areas of mutual interest.

• Incident Management: Being the initial escalation point for managing incidents, on remediation actions, and developing security plans for future improvements via lessons learnt exercises.
• Security Policies: Implementing comprehensive security policies and procedures in alignment with UK government standards and best practices.
• Security Awareness and Training: Support the delivery of security awareness programs to educate staff on security best practices and promote security first culture throughout the organisation.
• Compliance and Assurance: Ensure compliance with relevant security regulations and standards, conducting regular security audits, supporting Secure by Design and completing DSHC, CAF etc.
• Supply Chain Security: Working with others across the business to carry out security assurance activities, providing expert security advice for tenders or contracts, and working collaboratively to mitigate risks throughout the lifecycle of the service.
• Reporting: Supporting the Security Advisor in preparing regular reports on security metrics, incidents, and our compliance status for key governance forums and government authorities.
• Risk Management: Maintaining the security risk register by continually assessing security risks and vulnerabilities of projects and services, regularly communicating with service/asset owners to mitigate risks.
• Security Operations: Overseeing day-to-day security operations, including incident response, threat detection, and security monitoring, to promptly identify and address security incidents.