Ready to break out of environments where cyber is an afterthought? Join DBT and help mature a security capability in a department that values expertise, moves quickly, and gives you the autonomy to drive meaningful change. This is a place where your skills won't be sidelined, they'll set the direction. As part of DBT's Cyber Security team, you will lead delivery of Cyber Governance, Risk and Compliance within the Governance, Risk and Compliance (GRC) function. Reporting to the Head of Cyber Governance, Risk and Compliance you will work with colleagues across Digital, Data and Technology (DDaT), and the wider Government Security Profession across government. The GRC team plays a critical role in establishing governance, managing cyber risk, and maintaining system security assurance. They also deliver GovAssure, security training and user education, maintain security policy, set compliance standards, and manage the delivery of cyber audits. Consequently, this role requires strong leadership and acumen across cyber security and corporate disciplines to actively shape governance practices and provide expert advice to inform senior decision-makers. You will lead and support the uplift of organisational cyber posture within a broad remit, providing strong opportunity for personal development through empowerment to deliver within a growing government department. Indeed, in DBT we prioritise the wellbeing and careers of our Cyber professionals, with access to industry recognised training and civil service development pathways.
* Risk Management: Undertake and lead complex cyber risk assessments, including, where applicable, tailored threat analysis, supply chain risk assessment, and compliance with legislation, regulation and policy.
* Supplier Assurance and standards: Integrate assurance approaches to provide confidence that organisational security needs are met, aligning with UK Government standards such as the Government Security Policy Framework, ISO 27001, and NCSC Cyber Governance Code of Practice.
* Digital Programmes: Provide cyber expertise and lead cyber delivery of key digital programmes of work across the organisation, ensuring all works are conducted cognizant of risk and in compliance with governmental standards and best practice.
* Security Audits: Lead cyber audit activities, compliance reviews and penetration tests, including GovAssure and Secure by Design, collaborating with diverse stakeholders to implement mitigations through the programme lifecycle.
* User Education: lead the strategic delivery of cyber security education and awareness across the organisation, developing auditable datasets that identify key areas for improvement and evidence knowledge uplift iteratively.
* Policy and Strategy: Champion and develop strategies, security policies, standards and procedures across the cyber governance, risk and compliance portfolio ensuring they remain responsive to evolving threats and business requirements.
* Third Party engagement: Support arm's length bodies and partner organisations to uplift their cyber security posture, standardising and sharing knowledge to align with departmental approaches, governmental standards and best practice wherever possible.
* Provide Expert Advice: Offer specialist cyber security and data protection guidance to risk owners and stakeholders, enabling informed, risk-based decisions.
* Stakeholder Engagement: Build strong relationships with internal and external stakeholders, including senior leaders, to enhance organisational cyber security capability.
* Promote Best Practice: Act as an advocate for cyber security best practice within DBT and across government, engaging with peers in the public sector and industry.
Disability Confident
About Disability Confident A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to .
#J-18808-Ljbffr