About the job

Summary

The Organisation

The Government Legal Department (GLD) is the largest provider of legal services across government, working with all the main Whitehall Departments. From roads to rivers, and health to human rights, our work touches on most aspects of public life.

The department has 14 client-facing advisory teams who provide legal advice on the development, design and implementation of government policies and decisions, draft secondary legislation and work with Parliamentary Counsel on primary legislation. Our cross-cutting expert service groups for Litigation, Employment and Commercial Law provide specialist legal services to a wide range of government departments and public bodies.

We are a non-ministerial government department with more than 2,500 employees, around 1,800 of whom are solicitors or barristers. The department is based primarily in London but has teams in other locations including Bristol, Manchester, and Leeds.

Our vision is to be an outstanding legal organisation, committed to the highest standards of service and professionalism, as well as GLD being a brilliant place to work, where you can thrive and fulfil your potential.

The Division

Finance Operations and Digital Directorate provide a range of services in support of GLD. The teams within our Directorate are wide-ranging and include all aspects of Finance (planning, procurement and financial management), ICT and Operations (Security, business resilience, health & safety, records management & facilities management, future accommodation and data protection). Whilst the work we do is varied we share a common aim, to provide the support necessary to enable GLD to be the best in the business. In the Finance Operations and Digital Directorate we get things done and will always aim to provide a professional and efficient service.

Job description

The Head of Cyber Security Asssurance identifies, understands and mitigates cyber-related risks. They provide risk or service owners with advice to help them make well informed risk-based decisions.

The post holder will be expected to:

• Independently undertake risk management activities within a given area of practice or expertise, within established security and risk management governance structures

• Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation

• Provide tailored advice to a range of stakeholders on how to remedy Provide advice to address identified Cyber Security related risks by applying of a variety of security capabilities, which may include using published guidance, standards or experts as appropriate. The advice given will be proportionate and contextualised to the use case

• Lend assurance to internal audits, to verify the maturity of existing ISO27001 controls

• Provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different assurance activities (such as a penetration test) and make recommendations for improvement

• Help risk or service owners to make decisions that are well informed by good and clear security advice, including contributing to reports or working within established reporting chains in a project or programme team

• Lead on the management of information risk, ensuring Information Asset Owners are aware of their responsibilities in relation to information risk and have the tools to manage risks associated with their assets.

• Manage cryptographic resources on behalf of the Department.

Responsibilities

Essential Criteria

Behaviour: Seeing the Big Picture

• Ensure plans and activities in your area of work reflect wider strategic priorities and communicate effectively with senior leaders to influence future strategies.

• Adopt a government wide perspective to ensure alignment of activity and policy.

• Bring together views, perspectives and diverse needs of stakeholders to gain a broader understanding of the issues surrounding policies and activities.

Behaviour: Leadership

• Welcome and respond to views and challenges from others, despite any conflicting pressures to ignore or give in to them.

• Seek out shared interests beyond own area of responsibility, understanding the extent of the impact actions have on the organisation.

• Inspire and motivate teams to be fully engaged in their work and dedicated to their role.

Behaviour: Working Together

• Actively build and maintain a network of colleagues and contacts to achieve progress on shared objectives.

• Challenge assumptions while being willing to compromise if beneficial to progress.

• Remain available and approachable to all colleagues and be receptive to new ideas.

Behaviour: Managing a Quality Service

• Demonstrate positive customer service by understanding the complexity and diversity of customer needs and expectations.

• Proactively manage risks and identify solutions.

• Create regular opportunities for colleagues, stakeholders, delivery partners and customers to help improve the quality of service.

Behaviour: Delivering at Pace

• Give honest, motivating and enthusiastic messages about priorities, objectives and expectations to get the best out of people.

• Ensure delivery of timely quality outcomes, through providing the right resources to do the job, reviewing and adjusting performance expectations and rewarding success.

• Ensure everyone clearly understands and owns their roles, responsibilities and business priorities.

Technical:

• Show practitioner level skills in relation to information risk assessment and risk management; applied security capability

• Show working level skills in relation to protective security and threat understanding

Desirable Criteria

Qualifications:

• Membership of a recognised institution or body

• Relevant industry qualifications e.g. Cyber Security Professional, Certified Information Systems Security Professional, ISO27001 Lead Auditor

• Relevant Government qualifications or accreditations

Experience

• A proven track record in the government cyber security profession