Defence Business Services (DBS) - DDaT ITMS Cyber Security Assessor
| Posting date: | 20 August 2025 |
|---|---|
| Salary: | £59,690 per year, pro rata |
| Additional salary information: | A pension contribution of 28.97% based on the listed salary |
| Hours: | Full time |
| Closing date: | 19 September 2025 |
| Location: | FY5 3WP,BS34 8QW,G2 8EX |
| Remote working: | Hybrid - work remotely up to 2 days per week |
| Company: | Ministry of Defence |
| Job type: | Permanent |
| Job reference: | 423346 |
Summary
DBS DIT provides digital capability that supports corporate services across the Ministry of Defence, including Finance, Commercial, Payroll and Human Resources for Military Personnel, Civilian Personnel and Veterans. Cyber Security Assessors are responsible for independent assessment of Delivery Teams’ adherence to Secure by Design and relevant risk and security policies and standards. They coordinate between Delivery Teams dealing with similar security challenges to optimise solutions and minimise duplication of effort. They are responsible for consistent, coherent advice and support to relevant capabilities. They identify, understand and mitigate cyber-related risks. They provide risk or service owners with advice to help them make well informed risk-based decisions.
As Cyber security Assessor within the DBS Cyber Team you will manage all day to day IT Security and System Information Assurance, and, applying Secure by Design, ensure that security is embedded in all stages of the application development life cycle, and that there is continuous monitoring through use. You will also advise on and test the efficacy of measures to build security into continuous integration and deployment with specific responsibilities for the day to day IT security for multiple Military and Civilian HR systems and Finance systems. The role will require you to demonstrate a talent for solving complex problems and for effective communication at all levels. You will be able to advise on complex risk balance decisions, propose innovative solutions and to explain MOD’s security policy, governance and technology controls to non-IT/security experts. Senior Responsible Owners and Project Leads will rely on your expertise to ensure they have an accurate understanding of through-life cyber security risks, so they can make informed decisions. Projects may involve complex technical and security challenges and you will need a good understanding of technical controls and policy.
The Key Responsibilities are:
Lead the embedment of Secure by Design (SbD) principles into application development by providing advice and internal consultancy on highly complex criteria and contexts for multiple systems.
Manage system accreditation transition to SbD
Lead multi-team assessment of application resilience throughout the DBS IT estate, reviewing regular application security reports, holding accountability and responsibility for secure design implementation; supporting delivery of main gate assurance of all projects and changes; ensuring compliance with Information Assurance Policy and Security Principles
Lead and assure processes, and provide specialist advice though leadership on tooling and dynamic and static analysis in the product development life cycle.
Lead Delivery Team Security Leads (previously Security Assurance Co-ordinator (SACs)) alongside senior decision makers to embed secure development life cycle and security awareness.
As a Principal Cyber Security Risk Manager, you will:
Conduct cyber security risk assessments
Implement continuous risk management; Lead and undertake risk management activities against the hardest or more novel scenarios, while applying the fundamental principles of risk management to a range of complex scenarios and lead regulatory or legislative compliance activities.
Guide and direct specialist activities or others, actively promoting development in the applicable skills, providing leadership and sharing best practice widely across government, the public sector, and industry.
Lead the analysis and derivation of complex security needs.
Lead Cyber Security related risk assessments and other expert risk management activities, including providing guidance on establishing the organisation’s Cyber Security related governance arrangements.
Provide guidance to ensure on-going confidence that fundamental organisational security needs have been met, including integrating a range of assurance approaches and techniques to give continued confidence to the risk, service or system owner.
Shape leadership decision-making through
Effective reporting and communication regarding the effectiveness of security processes across an organisation
Providing recommendations to highly complex problems
Acting as an SME for complex cyber risk management concerns, issues and problems
Please note, candidates will be redirected to the Civil Service Jobs website where you will need to submit your application form. Please note the closing date above is incorrect and cannot be amended so please check the closing date on Civil Service Jobs and allow enough time to submit your application form.
As Cyber security Assessor within the DBS Cyber Team you will manage all day to day IT Security and System Information Assurance, and, applying Secure by Design, ensure that security is embedded in all stages of the application development life cycle, and that there is continuous monitoring through use. You will also advise on and test the efficacy of measures to build security into continuous integration and deployment with specific responsibilities for the day to day IT security for multiple Military and Civilian HR systems and Finance systems. The role will require you to demonstrate a talent for solving complex problems and for effective communication at all levels. You will be able to advise on complex risk balance decisions, propose innovative solutions and to explain MOD’s security policy, governance and technology controls to non-IT/security experts. Senior Responsible Owners and Project Leads will rely on your expertise to ensure they have an accurate understanding of through-life cyber security risks, so they can make informed decisions. Projects may involve complex technical and security challenges and you will need a good understanding of technical controls and policy.
The Key Responsibilities are:
Lead the embedment of Secure by Design (SbD) principles into application development by providing advice and internal consultancy on highly complex criteria and contexts for multiple systems.
Manage system accreditation transition to SbD
Lead multi-team assessment of application resilience throughout the DBS IT estate, reviewing regular application security reports, holding accountability and responsibility for secure design implementation; supporting delivery of main gate assurance of all projects and changes; ensuring compliance with Information Assurance Policy and Security Principles
Lead and assure processes, and provide specialist advice though leadership on tooling and dynamic and static analysis in the product development life cycle.
Lead Delivery Team Security Leads (previously Security Assurance Co-ordinator (SACs)) alongside senior decision makers to embed secure development life cycle and security awareness.
As a Principal Cyber Security Risk Manager, you will:
Conduct cyber security risk assessments
Implement continuous risk management; Lead and undertake risk management activities against the hardest or more novel scenarios, while applying the fundamental principles of risk management to a range of complex scenarios and lead regulatory or legislative compliance activities.
Guide and direct specialist activities or others, actively promoting development in the applicable skills, providing leadership and sharing best practice widely across government, the public sector, and industry.
Lead the analysis and derivation of complex security needs.
Lead Cyber Security related risk assessments and other expert risk management activities, including providing guidance on establishing the organisation’s Cyber Security related governance arrangements.
Provide guidance to ensure on-going confidence that fundamental organisational security needs have been met, including integrating a range of assurance approaches and techniques to give continued confidence to the risk, service or system owner.
Shape leadership decision-making through
Effective reporting and communication regarding the effectiveness of security processes across an organisation
Providing recommendations to highly complex problems
Acting as an SME for complex cyber risk management concerns, issues and problems
Please note, candidates will be redirected to the Civil Service Jobs website where you will need to submit your application form. Please note the closing date above is incorrect and cannot be amended so please check the closing date on Civil Service Jobs and allow enough time to submit your application form.