Menu

Security Incident Response Lead

Job details
Posting date: 27 June 2024
Salary: £52,412 to £63,517 per year
Additional salary information: National £52,412 - £63,517
Hours: Full time
Closing date: 17 July 2024
Location: Leeds
Company: Government Recruitment Service
Job type: Permanent
Job reference: 357113/2

Apply for this job

Summary

The Security Incident Response Team (SIRT) performs a critical role within the DWP response to a wide variety of security incidents. In addition to coordinating the response to security incidents, the team have responsibility for ensuring that the DWP have an identified, coordinated, practiced and effective response prepared in the event of a variety of security incidents that may be reported.

As a member of SIRT, working within the Cyber Resilience Centre (CRC), you will be part of a team whose purpose is to ensure that the DWP can respond effectively to security incidents impacting people, assets and information and be proactive in the protection and recovery from security incidents. Security incident response is a complex and rapidly evolving area. You will require strong Leadership, investigation, analysis, and decision-making capabilities plus well-developed inter-personal and communication skills.

As one of the largest government departments, almost every individual in the UK is a direct customer of Department of Work and Pensions (DWP) at some point in their lives. DWP’s mission is to improve people’s quality of life, both now and in the future. We do that by focussing on delivering excellent services that make a difference to millions of people. We trust and empower our people to deliver these services to customers every day, including the most vulnerable in society.

Diverse perspectives and experiences are critical to our success, and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.

We are looking to identify one candidate to fulfil the role of: Security Incident Response Lead within the SIRT Senior Leadership Team. This is a key role, and we are looking for someone who will take responsibility for the delivery our key strategic priorities.

We seek to be an exemplar of the modern Civil Service, and to build on our achievements for the benefit of those we serve. When we are at our best, we care, we deliver, we adapt, we work together and we value everyone, and we seek to ensure that these values guide the way we serve our country, our communities, and our fellow citizens.

Security incident management is a complex and rapidly evolving area; and you will be expected to keep abreast of how the security environment and threat vectors impact the business. The skills required in this team are a complex blend of investigating, information analysis, decision making and technical capabilities, married with well-developed inter-personal and communication skills.

  • You will provide expert incident response, determining the threat and level of impact to citizens; DWP business, including its customers and colleagues; DWP assets (including information and premises); and coordinating the appropriate response. As well as getting under the surface of security incident causes, to identify and influence future prevention.
  • You will be responsible for escalation lead on ‘Incident Live Service’; and be strategic lead for one of the ‘ Protect’ functions within SIRT (‘ protect’ functions are: People, Security Incidents, Practise & Practices, Crisis Event Management, Learning, Patterns & Insight).
  • Working with multiple internal and external stakeholders you will act as a Silver incident commander, coordinating DWP security incident responses to medium and high severity events.
  • Provide expert advice to the Head of Security Incident Response Team (SIRT), Head of Cyber Resilience Centre (CRC), DWP Chief Security Officer and Gold Incident Commanders. Produce communications statements, escalate incident recovery issues, and coordinate response forums to ensure effective and timely incident recovery.
  • Representing SIRT SLT at security events and governance meetings you will ensure all security issues and incidents are impacted, assigned and resolution action is taken forward.
  • Demonstrate command and control for the response to security incidents and high priority threat/impact events to ensure security incidents and breaches are managed effectively across DWP.
  • Lead and coordinate activities within ‘ Protect’ strands, to directly support, improve or develop SIRT’s ‘live service’.
  • Manage, develop, and maintain security incident response policies, procedures and playbooks for DWP.
  • Influence the continued development of DWP’s incident response capabilities, including ensuring that incident response technology capabilities are sufficient for DWP security requirements.
  • Provide expert security related advice and guidance on the threat environment and security incidents.
  • Manage security incidents in accordance with applicable DWP and His Majesty’s Government (HMG) policies and standards.
  • Supervise, review and instigate security incident response plans and procedures for DWP.
  • Lead, manage and/or chair cross functional and cross government incident response groups, ensuring appropriate responses to security incidents or threats are taken in an appropriate and timely manner.
  • Oversee DWP’s response to security alerts and notices from external agencies, including the National Cyber Security Centre (NCSC).
  • Take responsibility for the production and continuous review of security incident response plans, procedures, and processes for SIRT.
  • Ensure DWP's incident response plan and the associated response align with His Majesty’s Government (HMG) standards.
  • Guarantee timely and accurate Security Incident Response briefings and communications are issued to the Head of Security Incident Response Team (SIRT), Head of Cyber Resilience Centre (CRC), DWP Chief Security Officer, and Department’s incident Gold Commanders, relevant stakeholders, delivery partners and other government departments, where appropriate, such as the Cabinet Office and the National Cyber Security Centre (NCSC).
  • When necessary, provide expert stakeholder management to ensure remediation activities are focused on responding to security incidents in an effective and timely manner.
  • When required, manage the coordination and DWP’s collective response to significant vulnerabilities identified via Threat Intelligence (where emergency action is required).
  • Ensure the timely identification and briefing of appropriate Gold Incident Commander(s) within DWP. Mentoring them on appropriate decision making and providing them access to specialist advice.
  • Demonstrate visible leadership whilst participating in regular drilling / exercising and learning events to build capability and embed incident response procedures.
  • Ensure that SIRT staff are recording Management Information (MI) in relation to reported security events/incidents accurately – including Key Performance Indicators (KPIs) to feed DWP Executive Team and Security & Data Protection (S&DP) Senior Leadership Team (SLT) requirements.
  • Provide expert ‘incident management’ stakeholder input into the development of new capabilities within CRC and across DWP.
  • Take responsibility for recruitment activities on SIRT ensuring appropriate resourcing levels are maintained.
  • Take responsibility for driving forward deliverables on the SIRT Work Plan – in-line with the principles outlined within the National Institute Standards and Technology (NIST) Cybersecurity framework, to improve DWP’s identify, protect, detect, response and recovery capabilities and posture.
  • Deputise for and represent the Grade 6 Head of ‘Live Service’ or Head of ‘Protect ’ functions when required.
  • Line Management responsibility for SEO Senior Security Incident Response Analyst resources on SIRT.

Apply for this job

« Return to the search results