About the job

Summary

The Cabinet Office is undergoing a significant Digital Transformation. Over the next three years we aspire to make UK Government digital services safer, meeting or exceeding the benchmark set globally by the best public and private sector standards. For us to meet this ambition we are aiming to further improve the conditions and expertise we have in place and to go much further and faster, and strengthen our information assurance (IA) function.

The role is part of the CDIO Information Assurance & Risk Management Team (IARM) within the Technology Pillar. The Principal Information Assurance Specialist role has been created to actively manage, perform and advise on all aspects of information risk assessment and management work for the full range of CDIO data processing instances, and complex, high-profile IT / digital platforms, tools and services, and covering all government classifications.

As a principal information assurance specialist, you will be expected to have good gravitas, strong communication and relationship management skills and experience, subject matter knowledge and expertise covering the full spectrum of information risk assessment and management, and be able to engage with technical and non-technical, and internal and external senior stakeholders. You will manage the information assurance and risk management of multiple projects / services concurrently and you will be expected to coach, mentor and line manage other members of the team sharing your knowledge and experience.

This role and the work of the CDIO IARM team within which this role operates is critical to the CDIO and Cabinet Office work programme and is fundamental to the overall Cabinet Office risk management regime.

Job description

The post holder will:

- be responsible for and lead on all information assurance activities, as appropriate, for various CDIO IT/digital and data services and products to ensure ongoing security compliance, working closely with the teams designing, delivering and operating those services

- initiate, plan and conduct detailed information risk assessments following approved methods

- provide cyber security, information security, information risk, privacy and data protection advice / guidance

- provide IA support to the data protection impact assessment process as appropriate and support and guide teams to ensure that privacy by design is core to the delivery and operation of services

- carry out the scoping, procuring and managing of IT Health Check (ITHC) testing (penetration testing)

- set up and run security working groups and provide reports to the Head of IARM and senior management

- identify and select solutions / treatments for cyber and information security risks that you have identified and assessed in collaboration with the CDIO delivery teams you work with

- manage the risk treatment plan for services, and work with teams to encourage and enable completion of risk treatment activities and to actively manage risks through service life

- support the ongoing development of the organisation’s approach to data protection, privacy, cyber and information security risk assessment and management

- report progress against milestones, risks and issues to the CDIO Head of IARM

- compile and maintain the necessary collateral to promote and maintain user education & awareness

- provide advice to project teams regarding security controls and review technical designs to provide guidance to projects as to whether the designs meet cyber and information assurance requirements

- ensure incident management plans remain current and provide support for incident handling and reporting

- fully manage your own portfolio of work with the direction of the CDIO Head of IARM, and provide regular high level reports as required

- engage with NCSC and other National Technical Authorities (NTAs), the GSG and other departments and authorities as required

- Refresh your individual skills and expertise, and share knowledge, coach and mentor other members of the team to raise the bar and promote an effective capability.

Responsibilities

The following qualities and experience are essential:

- have an excellent grasp of the technologies used to deliver cloud-based services, digital web-based services and in particular, the security controls needed to protect these services and the data that they process and store

- have a working knowledge and understanding of UK and international legal, regulatory and industry requirements that could affect organisation and technical security, government security policies and management of information risks.

- have a thorough understanding and excellent grasp of HMG security policy, strategy, standards, and risk assessment and management approach

- have a thorough understanding of data protection, privacy and how to deliver privacy by design

- have a thorough understanding of the GDPR / Data Protection Act 2018 and be experienced in ensuring data protection compliance for digital services

- have a thorough understanding and demonstrable and extensive track record in providing information security assurance of web-based services and cloud services

- be familiar with UK and international, legal and regulatory requirements that could affect organisation security and broader information assurance policies and influence their development as needed

- have excellent communication skills, with the ability to communicate effectively with customers and stakeholders inside and outside government across different specialist functions and with senior management

- have a formal information risk / security qualification (MSc in Information Security, CISSP, SIRA, etc.) and / or significant experience as an information risk management professional.

Behaviours

We'll assess you against these behaviours during the selection process:

• Managing a Quality Service
• Communicating and Influencing
• Making Effective Decisions
• Seeing the Big Picture

Benefits

• Learning and development tailored to your role.

• An environment with flexible working options.

• A culture encouraging inclusion and diversity.

• A Civil Service pension.

• A minimum of 25 days of paid annual leave, increasing by one day per year up to a maximum of 30.