Warning
This job advert has expired and applications have closed.
91945 - Security Risk and Assurance Principal
| Posting date: | 01 November 2024 |
|---|---|
| Salary: | £56,532 to £69,338 per year |
| Additional salary information: | The national salary range is £56,532 - £64,048, London salary range is £61,201 - £69,338. Your salary will be dependent on your base location |
| Hours: | Full time |
| Closing date: | 25 November 2024 |
| Location: | UK |
| Remote working: | On-site only |
| Company: | Ministry of Justice |
| Job type: | Permanent |
| Job reference: | 91945 |
Summary
We are looking for someone who is enthusiastic about helping the MoJ to keep its information secure, its information security risks well managed and to build and continuously improve its information security governance, while delivering its priorities. In this role in particular, you will be leading a small team to develop, deliver and embed measures against pillar 7 of the MoJ Cyber Security Strategy, as well as supporting work on other pillars as needed.
You'll support your team to partner effectively with both technical and non-technical colleagues, providing oversight and guidance on our most complex and novel security risks. You will also play a part in reporting to the most senior level of the organisation and in making returns to colleagues at the centre of government.
Security Risk and Assurance Principal (G7)
The MoJ Information Security Team sits at the heart of the Ministry of Justice, enabling good security practices through the provision of security policies, guidance and education, by understanding cyber security risks from all parts of the Ministry of Justice, including the wider Justice sector and providing assurance to the departmental Senior Information Risk Owner, the Permanent Secretary and other senior stakeholders that these risks are being effectively managed in the delivery of MoJ objectives.
The role of the Security Risk and Assurance Principal is to lead a small team of risk and security professionals to deliver security risk and assurance activities across the MoJ. This will include scoping and leading the programme of cyber security assurance across the MoJ, and measuring confidence levels that the security features, practices, procedures, and architecture of an information system bring about and enforce the security policy.
The Security Risk and Assurance Principal will be able to challenge non-compliance with required standards covering the most complex risk. They apply their understanding of information security and the organisational context to provide insight into the security implications of proposed business and technical changes, acting as a trusted advisor in communicating these effectively to technical and non-technical stakeholders.
The Security Risk and Assurance Principal will also mentor and support others in good risk management practices to enable and empower them to manage residual risk well.
Initiate and lead improvements to processes, policies and guidance resulting from risk and assurance activities and trends.
All members of the team are expected to help develop the MoJ Security Function as a centre of excellence for the department and to contribute to building a brilliant and diverse team that is a welcoming place for all.
Typical role expectations and responsibilities
Lead the implementation and delivery of security assurance processes, including GovAssure and supplier assurance activities across the MoJ, to support the overarching assurance programme. Lead on the communication of assessment and assurance outcomes to stakeholders in ways that support effective security, risk management and decision-making, and advise stakeholders on their approach to risk assessment in the context of their business outcomes.
Lead engagements with Justice Digital and Information Assurance colleagues, or supervise third party suppliers, to gather and audit evidence of the performance of technical services and organisational processes against security baselines, controls and requirements. Track the evidence provided using key performance indicators to feed into security dashboards.
Use business knowledge and technical expertise to translate evidence gathered from complex data sets into senior stakeholder reporting and recommendations for strategic risk improvement initiatives.
Identify and report on trends arising from assurance assessments across the MoJ and make sure appropriate remediation plans are in place and being actively managed.
Align risk decisions and advice with relevant regulation, policy and standards to provide proportional, practical advice that is tailored to the local environment, and advise on any residual risk for the most complex scenarios. Escalate risks to more senior stakeholders when needed and take responsibility for closure of follow up actions.
Provide direction on input into the development and enablement of security policy and security culture by collaborating with the Security Policy, Culture, Awareness and Education team through insights on trends identified from security risks and assurance activities. Assure the ongoing appropriateness of policy in accordance with regulation and wider departmental and government policies.
Play a leading role in building the network of security partners across government and national technical authorities, and within industry. Contribute to cross-government conversations on security risk and assurance.
Make substantial contributions to submissions and reports for senior MoJ officials, including presenting at senior boards, and oversee efforts needed to respond to requests and advisories received from government partners where needed.
You'll support your team to partner effectively with both technical and non-technical colleagues, providing oversight and guidance on our most complex and novel security risks. You will also play a part in reporting to the most senior level of the organisation and in making returns to colleagues at the centre of government.
Security Risk and Assurance Principal (G7)
The MoJ Information Security Team sits at the heart of the Ministry of Justice, enabling good security practices through the provision of security policies, guidance and education, by understanding cyber security risks from all parts of the Ministry of Justice, including the wider Justice sector and providing assurance to the departmental Senior Information Risk Owner, the Permanent Secretary and other senior stakeholders that these risks are being effectively managed in the delivery of MoJ objectives.
The role of the Security Risk and Assurance Principal is to lead a small team of risk and security professionals to deliver security risk and assurance activities across the MoJ. This will include scoping and leading the programme of cyber security assurance across the MoJ, and measuring confidence levels that the security features, practices, procedures, and architecture of an information system bring about and enforce the security policy.
The Security Risk and Assurance Principal will be able to challenge non-compliance with required standards covering the most complex risk. They apply their understanding of information security and the organisational context to provide insight into the security implications of proposed business and technical changes, acting as a trusted advisor in communicating these effectively to technical and non-technical stakeholders.
The Security Risk and Assurance Principal will also mentor and support others in good risk management practices to enable and empower them to manage residual risk well.
Initiate and lead improvements to processes, policies and guidance resulting from risk and assurance activities and trends.
All members of the team are expected to help develop the MoJ Security Function as a centre of excellence for the department and to contribute to building a brilliant and diverse team that is a welcoming place for all.
Typical role expectations and responsibilities
Lead the implementation and delivery of security assurance processes, including GovAssure and supplier assurance activities across the MoJ, to support the overarching assurance programme. Lead on the communication of assessment and assurance outcomes to stakeholders in ways that support effective security, risk management and decision-making, and advise stakeholders on their approach to risk assessment in the context of their business outcomes.
Lead engagements with Justice Digital and Information Assurance colleagues, or supervise third party suppliers, to gather and audit evidence of the performance of technical services and organisational processes against security baselines, controls and requirements. Track the evidence provided using key performance indicators to feed into security dashboards.
Use business knowledge and technical expertise to translate evidence gathered from complex data sets into senior stakeholder reporting and recommendations for strategic risk improvement initiatives.
Identify and report on trends arising from assurance assessments across the MoJ and make sure appropriate remediation plans are in place and being actively managed.
Align risk decisions and advice with relevant regulation, policy and standards to provide proportional, practical advice that is tailored to the local environment, and advise on any residual risk for the most complex scenarios. Escalate risks to more senior stakeholders when needed and take responsibility for closure of follow up actions.
Provide direction on input into the development and enablement of security policy and security culture by collaborating with the Security Policy, Culture, Awareness and Education team through insights on trends identified from security risks and assurance activities. Assure the ongoing appropriateness of policy in accordance with regulation and wider departmental and government policies.
Play a leading role in building the network of security partners across government and national technical authorities, and within industry. Contribute to cross-government conversations on security risk and assurance.
Make substantial contributions to submissions and reports for senior MoJ officials, including presenting at senior boards, and oversee efforts needed to respond to requests and advisories received from government partners where needed.