Ministry of Defence Head Office - Cyber Security Advisor - #1703507

MOD Main Building, Westminster

Job Summary

As part of the Head Office Cyber Security team you will be instrumental in delivery of the Head Office's response to the MOD's Cyber Security Strategy & Resilience programme. You'll be actively involved in the work to understand Head Office's cyber security, ensuring the effectiveness of proposed mitigations against an evolving cyber threat.

You'll provide essential advice and guidance to Head Office System Owners on Secure by Design (SbD) principles thus ensuring that they remain compliant with MOD cyber security policy. You will also play a key part in all Cyber Compliance Framework audits and activities to ensure lessons are learned and improvements made.

In the course of your duties representing the Head Office cyber team, you will liaise with a variety of the MOD cyber security teams and experts, including Defence Digital and Cyber Defence & Risk to ensure Head Office remains coherent with wider Departmental work and objectives. You may also represent Head Office at various meetings including the Cyber Resilience & Oversight Board (CROB).

You will also provide invaluable cyber security advice and support to the Cyber Security Lead, Principal Security Advisor (or Deputy) or other personnel in the event of a cyber security incident or crises that is or has the potential to disrupt operational activity in Main Building.

This position is advertised at 37 hours per week.

Job Description

Duties & Responsibilities

The Cyber Security Adviser Will Work Closely With The Cyber Security Lead And The Principal Security Adviser (PSYA), But Will Be Specifically Responsible For:

• Supporting Head Office IT systems and System Owners to ensure the safe and effective operation of their systems. Further support Head Office System Owners in preparation for and during annual Cyber Compliance Framework (CCF) audits, based upon NIST & NCSC audit frameworks.
• Support Head Office Governance structures to effectively manage all cyber security risks and maintain up to date cyber risk registers.
• Acting as a cyber security consultant and Security Assurance Coordinator (SAC) with respect to any new IT projects, ensuring that Secure by Design (SbD) principles are embedded in system design and configuration from the outset, including in any legal/contract documentation where applicable.
• Provide assurance support to Head Office System Owners, Defence Digital & Cyber Defence & Risk by supporting risk assessments and cyber vulnerability assessments.
• Liaise with MOD Cyber Security incident response teams to respond to and effectively manage cyber incidents impacting on Head Office systems.
• Arrange meetings with Head Office System Owners and maintain notes minutes/notes of such.
• Deliver occasional physical and online training sessions to Head Office System Owners on key cyber security topics.
• Maintain joint ownership of the cyber security teams mailboxes and SharePoint sites.
• Responding to any tasks from the Cyber Security lead or PSYA as a consequence of priorities from the Cyber Resilience & Oversight Board (CROB).
  
  

The Cyber Security Adviser Will Work Closely With The Cyber Security Lead And The Principal Security Adviser (PSYA), But Will Be Specifically Responsible For:

• Supporting Head Office IT systems and System Owners to ensure the safe and effective operation of their systems. Further support Head Office System Owners in preparation for and during annual Cyber Compliance Framework (CCF) audits, based upon NIST & NCSC audit frameworks.
• Support Head Office Governance structures to effectively manage all cyber security risks and maintain up to date cyber risk registers.
• Acting as a cyber security consultant and Security Assurance Coordinator (SAC) with respect to any new IT projects, ensuring that Secure by Design (SbD) principles are embedded in system design and configuration from the outset, including in any legal/contract documentation where applicable.
• Provide assurance support to Head Office System Owners, Defence Digital & Cyber Defence & Risk by supporting risk assessments and cyber vulnerability assessments.
• Liaise with MOD Cyber Security incident response teams to respond to and effectively manage cyber incidents impacting on Head Office systems.
• Arrange meetings with Head Office System Owners and maintain notes minutes/notes of such.
• Deliver occasional physical and online training sessions to Head Office System Owners on key cyber security topics.
• Maintain joint ownership of the cyber security teams mailboxes and SharePoint sites.
• Responding to any tasks from the Cyber Security lead or PSYA as a consequence of priorities from the Cyber Resilience & Oversight Board (CROB).
  
  

Person specification

Nationality

This is a reserved post and as such is open to UK nationals only. Passports will be required and checked if progressed to interview.

Security Vetting

This post requires the applicant to hold or attain Developed Vetting.

Essential Criteria

• One (or more) officially recognised Level 3 qualification in Cyber Security OR hold one or more of the following; Certified Information Systems Security Professional (CISSP), Certified Information Security Management Principles (CISMP), ISO 27001 Practitioner or Certified Cyber Professional (CCP).
• Practical understanding of NIST CSF 2.0, NCSC CAF, ISO 27001 with an understanding of the associated strengths and limitations.
• An understanding of basic system architecture and configuration and the techniques which can be employed to compromise them.
• Proven experience in cyber security risk management, including the ability to articulate complex technical risks/vulnerabilities to a diverse range of seniors and stakeholders.
  
  

Desirable

• Experience of using a range of analytical tooling such as STREAM with respect to cyber vulnerabilities/risks and incident management.
• Experience of Cyber Incident Response management.
  
  

Working Pattern

The MOD supports hybrid working. The expectation is that you should be able to attend the office a minimum of 3 days a week, however in the event of an incident or other crises this may increase to 5 days.

Qualifications

Officially recognised UK Level 3 Cyber Security Qualification or equivalent professional membership (CISM, CISSP, ISO 27001)

Memberships

Certified Information Systems Security Professional (CISSP), Certified Information Security Management Principles (CISMP), ISO 27001 Practitioner or Certified Cyber Professional (CCP).

Behaviours

We'll assess you against these behaviours during the selection process:

• Delivering at Pace
• Managing a Quality Service
• Communicating and Influencing
  
  

We only ask for evidence of these behaviours on your application form:

• Delivering at Pace
  
  

Technical skills

We'll assess you against these technical skills during the selection process:

• Information risk management & risk assessment - practitioner level
• Protective Security - working level
• Threat understanding - working level
  
  

Alongside your salary of £36,530, Ministry of Defence contributes £10,582 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• Learning and development tailored to your role
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension with an employer contribution of 28.97%
• Free on site gym
• Cycle to work scheme with cycle racks on site
• On site creche
• London weighting allowance, currently £3,250 per annum.
• Recruitment & Retention Allowance of up to £9,000 per annum
  
  

Where business needs allow, some roles may be suitable for a combination of office and home-based working. This is a non-contractual arrangement where all office-based employees will be expected to spend a minimum of 60% of their working time in office, subject to capacity and any required workplace adjustments. Requirements to attend other locations for official business, or work in another MOD office, will also count towards this level of attendance. Applicants can request further information regarding how this may work in their team from the Vacancy Holder (see advert for contact details). Defence Business Services cannot respond to any questions about working arrangements.

The post does not offer relocation expenses.

External recruits who join the MOD who are new to the Civil Service will be subject to a six-month probation period.

Please Note: Expenses incurred for travel to interviews will not be reimbursed.

Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.

Any move to MOD from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/.

The Ministry of Defence is committed to providing a safe and healthy working environment for its staff which includes educating them on the benefits of not smoking, protecting them from the harmful effects of second-hand smoke and supporting those who want to give up smoking. Under the Smoke-Free Working Environment policy, Smoking and the use of all tobacco products (including combustible and chewing tobacco products) will not be permitted anywhere in the Defence working environment however some exemptions are in place, please refer to local guidance. The policy is Whole Force and includes all Defence personnel, contractors, visitors and other non-MOD personnel. All applicants seeking, considering, or accepting employment with the Ministry of Defence should be aware of this policy and that it is already in place at a number of Defence Establishments.

MOD Recruitment Satisfaction Survey – We may contact you regarding your experience to help us improve our customer satisfaction. The survey is voluntary and anonymous. You may however be given the opportunity to provide additional information to help us improve our service which includes the collection of some personal data as defined by the United Kingdom General Data Protection Regulation (UK GDPR). The MOD Privacy Policy Notice sets out how we will use your personal data and your rights.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

• Online Civil Service Verbal Test
• Initial Sift
  
  

Consisting of i) a 1,250 word personal statement and ii) Success profile behaviour of Delivering at Pace.

• Personal Statement. Interested Candidates are invited to submit a 1,250 word "Personal Statement" which MUST evidence how they meet the essential criteria.
  
  

Note. Candidates qualifications and certificates will be checked at Interview stage.

• Example of the success profile "Behaviour" Delivering at Pace
  
  

Please note that candidates who do not possess the required Cyber Security qualification/s or hold the required professional cyber security memberships will not progress to interview.

When choosing your Behaviour examples, please make sure you use real life scenarios that relate to your own experiences. Whilst technology may help to enhance your written submission, presenting the ideas of others or those generated by technology, could result in your application being rejected.

• Interview Stage
  
  

At Interview Candidates Will Be Tested On The Following:

Technical Skills

• Information risk management and risk assessment - practitioner level
• Protective security - working level
• Threat understanding - working level
  
  

Behaviours

• Managing a Quality Service
• Communicating & Influencing
  
  

The Civil Service embraces diversity and promotes equality of opportunity. There is a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. If you need to advise us that you need additional help or reasonable adjustments for the recruitment process, please contact: [email protected] .

As a result of the changes to the UK immigration rules which came in to effect on 1 January 2021, the Ministry of Defence will only offer sponsorship for a skilled worker visa under the points based system, where a role has been deemed to be business critical. This role does not meet that category and we will not sponsor a visa. It is therefore NOT open to applications from those who will require sponsorship under the points based system.

Should you apply for this role and be found to require sponsorship, your application will be rejected and any provisional offer of employment withdrawn.

Feedback will only be provided if you attend an interview or assessment.

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

Security

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

Open to UK nationals only.

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job Contact :

• Name : steven cleverley
• Email : [email protected]
  
  

Recruitment team

• Email : [email protected]
  
  

Further information

Please ensure you read the attached candidate information document prior to completing your application. If you are dissatisfied with the service you have received from DBS, or believe that DBS has failed to follow the recruitment process in line with the Civil Service Commission principles of selection for appointment on merit on the basis of Fair and Open competition, you can raise a formal complaint by writing to DBS at the following address: Defence Business Services, Scanning Hub, Room 6124, Tomlinson House, Norcross Lane, Blackpool, FY5 3WP. If after raising your complaint with DBS you remain dissatisfied you can complain directly to the Civil Service Commission at the following address: Civil Service commission, Room G/8, 1 Horse Guards Road, London, SW1A 2HQ Or by email: [email protected].