The Cyber Security Risk Manager - Lead roles forms part of the Security Risk Advisory team within the Security and Information Management Division at the Office for National Statistics (ONS). The role reports to the Cyber Security Risk Manager - Principal. The primary focus of these roles is to provide the Organisation with security advice and best practice to develop ‘Secure by Design’ protections for organisational assets and embed the ONS Security Framework - principles; policies; processes; threat model; security risk management into the ONS.
Responsibilities
* Supporting the development of business-focused security solutions for digital products and business operations that cover data collection, storage and processing of Official - Sensitive information (deployed both internally and via external suppliers);
* Identifying security threat and risk to the Organisation's digital products, data assets and business operations as part of the delivery life cycle;
* Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation;
* Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures;
* Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation;
* Liaising with the Organisation’s business, technology and security colleagues to ensure various business needs are understood and applied, including providing general security architecture, guidance and advice to the stakeholders;
* Ensure that security policies and security controls remain appropriate and proportionate to the assessed risks, and are responsive and adaptable to the changing threat environment, business requirements and ONS policies;
* Provide expert security advice that highlights Cyber Security related risks, so risk or service owners can make well-informed and auditable decisions.
* Extensive expertise in cloud, application, infrastructure and networking security controls, with strong proficiency across cyber, physical, procedural and technical (ICT) security domains, particularly in relation to secure data management.
* Proven experience delivering high quality security advice and technical security solutions within a UK Government Department, supporting complex operational and digital environments.
* Strong working knowledge of UK Government security frameworks and standards, including the Government Security Policy Framework (SPF), ISO 27001, and the Data Protection Act (DPA).
Plus a skills allowance of up to £7,500 (non-pensionable and non-contractual) may be payable. Starting salary and level of skills allowance will depend on a technical skills assessment at interview.
Number of posts: 3
Locations: Newport and Titchfield (Fareham)
#J-18808-Ljbffr