Cyber Governance, Risk and Compliance Lead
Sector: Central Government
Location: Bristol / Manchester / York / Glasgow
Date posted: 06/07/2022
Salary: £60,500 - £77,900 per annum
The Cabinet Office are seeking a Cyber Governance, Risk and Compliance Lead on a permanent basis.
The Cabinet Office supports the Prime Minister and ensures the effective running of government. It is also the corporate headquarters for government, in partnership with HM Treasury, and takes the lead in certain critical policy areas.
We are the Cabinet Office’s cyber security team, and our mission is to secure the department against cyber threats. We protect our nationwide internal IT infrastructure, and high-profile citizen-facing digital services such as GOV.UK.
As a part of recent transformation, we have implemented a Cyber Governance, Risk and Compliance (GRC) function with a mission to centrally:
- ensure that cyber security risk is effectively identified, assessed and managed across the department
- assess and report on compliance against departmental cyber security policies and standards
- build and continuously improve a culture of cyber security within the department
As the Cyber GRC Lead, you’ll be reporting to the Head of Cyber Security and will be responsible for leading and further developing the GRC function. You’ll play a leading role in understanding and aggregating the cyber risk exposure and security control maturity of high-profile Cabinet Office IT and digital services, and giving senior leaders the information they need to understand and manage risk. You’ll also feed into our wider cyber security strategy and roadmap, and take a leadership role in the cyber security team.
As Cyber GRC Lead, you will:
- lead the Cabinet Office cyber security team’s GRC function, by providing strategic direction and coordinating day-to-day delivery of capabilities
- develop and maintain cyber security policies and standards, working closely with the security architecture team
- understand, communicate, and coordinate the implementation of cyber security compliance requirements for the Cabinet Office
- continue to build-out and develop the function by reviewing and improving outputs, realising the target operating model and leading recruitment
- lead the cyber security team’s reporting, including coordinating the delivery of monthly KPI reporting and delivering reporting to senior stakeholders and committees on cyber risk
- interact with service teams and senior stakeholders across the department to understand cyber security risk and controls
- review and improve the approach and capability for centrally delivering cyber security training and awareness within the department
- lead delivery risk reporting for the cyber security team, to help identify and manage risks to the delivery of cyber security services
- take a leadership role in the cyber security team, the wider Cabinet Office, and the government security and risk management communities
- be responsible for leadership and line management of cyber security GRC analysts
We’re interested in people who:
- have extensive experience working with common security frameworks (e.g., NIST CSF, CAF)
- have experience leading cyber risk and/or maturity assessments
- have experience creating and maintaining cyber security policies and standards
- have a good knowledge of cyber risk management processes and approaches
- can effectively operate at a strategic level
- have experience taking a leadership role in a cyber security function
- understand how to influence senior management and communicate with both technical and non-technical audiences
- have an active interest in coaching and mentoring others
It’s desirable, but not essential, that you:
- have experience leading or contributing to information assurance activities
- have experience planning or leading cyber security training and awareness programmes
- have an understanding of Agile environments, continual delivery techniques and DevOps cultures
In the Civil Service, we use Success Profiles, which means that for each role we advertise, we consider what you will need to demonstrate to be successful. This gives us the best possible chance of finding the right person for the job, drives up performance and improves diversity and inclusivity.
We will be looking at your experience, career history and achievements relevant to this specific job role. For this role, we will be assessing your ability, experience, technical/specialist skills and behaviours; the following behaviours are the most relevant:
- making effective decisions
- delivering at pace
- communicating and influencing
To apply, please provide a tailored CV demonstrating the skills and experience you offer against the criteria for the role. Applicants will be asked to complete a diversity form.
View job description.
The closing date for applications is Sunday 24th July 2022.