Senior Cyber Security Risk Manager
| Posting date: | 04 July 2024 |
|---|---|
| Salary: | £52,412 to £73,116 per year |
| Hours: | Full time |
| Closing date: | 21 July 2024 |
| Location: | LS2 7UA |
| Company: | Government Recruitment Service |
| Job type: | Permanent |
| Job reference: | 359682/3 |
Summary
If yes, we want you to join us at DWP Digital.
These are critical roles coordinating and delivering the Digital Security Risk management programme of work, with risk driving security, enabling a clear, practical, and realistic view of Cyber Security Risk.
information. The role forms a vital First Line capability within the HMG three-line defence model.
As a Senior Cyber Security Risk Manager, you will work within the Digital Group to help deliver 1st line risk.
identification, assessment, remediation, and treatment of risks. You will identify controls, make recommendations to address security vulnerabilities and control weaknesses in products, projects, and programmes, working with product owners and Subject Matter Experts to enable them to make well informed risk-based decisions whilst leading and influencing management of tactical and strategic risks.
We welcome candidates who are certified in Risk and Information Systems Controls (CRISC), or equivalent risk management qualifications, and/or have proven knowledge of risk management frameworks - identification, assessment, risk response and mitigation, control monitoring and reporting.
Please note this role requires you to pass Security Check clearance. For further information, please see 'Selection process details'.
The Senior Cyber Security Risk Manager role will be focused on the delivery of 1st line security controls assessment and the risk identification, assessment and management of any gaps or control failings. Ensuring these are framed in a way which reflects all compensatory controls in place and are easily understood by non-technical senior business leaders so they can make informed management decisions. Key responsibilities include:
- providing effective security Risk expertise, advice and support is delivered to business managers, Senior Risk Owners, and the Executive Team within DWP.
- using evidence and knowledge to support accurate, expert decisions and advice. Carefully consider alternative options, implications, and risks of decisions. Enabling the prioritisation and delivery of solutions with appropriate security controls to mitigate Cyber Security Risks through a structured risk management process.
- ensuring proportionate, risk-informed decisions about current and future security investments can be taken to protect the Department’s assets and improve the Department’s security risk posture.
- managing and support Digital’s Cybersecurity risk management lifecycle by working to help deliver 1st line risk identification, assessment, remediation, and treatment of risks.
- identifying controls and make recommendations to address security vulnerabilities and control weaknesses in products, projects, and programmes, working with product owners and Subject Matter Experts to enable them to make well informed risk-based decisions whilst leading and influencing the management of tactical and strategic risks.
- identifying, capturing, or contextualising risks and mitigating controls, enabling risk owners and managers to take responsibility for the management and maintenance of their security.
- ensuring the timely recording and updating of risks throughout the lifecycle.
- working closely with Security & Data Protection and other internal and external the potential to impact or improve resilience of Digital IT Infrastructure are identified, and/or reported appropriately.
- researching and evaluate business processes in alignment to known/emerging Security risks and controls to ensure expert advice is provided.
- taking responsibility for delivering timely and quality results with focus and drive.