G6 CDIO Principal Information Assurance (IA) Specialist
Sector: Central Government
Location: Bristol or Manchester
Date posted: 21/10/2021
Salary: £60,500 - £90,000 per annum*
Are you ready to join a Government department undergoing an exciting and significant Digital Transformation? Cabinet Office are seeking the appointment of a permanent Principal Information Assurance (IA) Specialist ect to help support the ambition to make UK Government digital services the best in the world.
This role is based in the Information Assurance & Risk Management Team (IARM) within the Technology Pillar of the Chief Digital and Information Office directorate. The Principal Information Assurance Specialist role has been created to actively manage, perform and advise on all aspects of information risk assessment and management work for the full range of CDIO data processing instances, and complex, high-profile IT / digital platforms, tools and services, and covering all government classifications.
As a Principal Information Assurance Specialist, you will be expected to have good gravitas, strong communication and relationship management skills and experience, subject matter knowledge and expertise covering the full spectrum of information risk assessment and management, and be able to engage with technical and non-technical, and internal and external senior stakeholders. You will manage the information assurance and risk management of multiple projects / services concurrently and you will be expected to coach, mentor and line manage other members of the team sharing your knowledge and experience.
As the Principal Information Assurance Specialist, you’ll:
- Be responsible for and lead on all information assurance activities, as appropriate, for various CDIO IT/digital and data services and products to ensure ongoing security compliance, working closely with the teams designing, delivering and operating those services
- Initiate, plan and conduct detailed information risk assessments following approved methods
- Provide cyber security, information security, information risk, privacy and data protection advice / guidance
- Provide IA support to the data protection impact assessment process as appropriate and support and guide teams to ensure that privacy by design is core to the delivery and operation of services
- Carry out the scoping, procuring and managing of IT Health Check (ITHC) testing (penetration testing)
- Set up and run security working groups and provide reports to the Head of IARM and senior management
- Identify and select solutions / treatments for cyber and information security risks that you have identified and assessed in collaboration with the CDIO delivery teams you work with
- Manage the risk treatment plan for services, and work with teams to encourage and enable completion of risk treatment activities and to actively manage risks through service life
- Support the ongoing development of the organisation’s approach to data protection, privacy, cyber and information security risk assessment and management
- Report progress against milestones, risks and issues to the CDIO Head of IARM
- Compile and maintain the necessary collateral to promote and maintain user education & awareness
- Provide advice to project teams regarding security controls and review technical designs to provide guidance to projects as to whether the designs meet cyber and information assurance requirements
- Ensure incident management plans remain current and provide support for incident handling and reporting
- Fully manage your own portfolio of work with the direction of the CDIO Head of IARM, and provide regular high level reports as required
- Engage with NCSC and other National Technical Authorities (NTAs), the GSG and other departments and authorities as required
- Refresh your individual skills and expertise, and share knowledge, coach and mentor other members of the team to raise the bar and promote an effective capability.
It is essential that applicants have demonstrable experience of:
- Have an excellent grasp of the technologies used to deliver cloud-based services, digital web-based services and in particular, the security controls needed to protect these services and the data that they process and store
- Have a working knowledge and understanding of UK and international legal, regulatory and industry requirements that could affect organisation and technical security, government security policies and management of information risks.
- Have a thorough understanding and excellent grasp of HMG security policy, strategy, standards, and risk assessment and management approach
- Have a thorough understanding of data protection, privacy and how to deliver privacy by design
- Have a thorough understanding of the GDPR / Data Protection Act 2018 and be experienced in ensuring data protection compliance for digital services
- Have a thorough understanding and demonstrable and extensive track record in providing information security assurance of web-based services and cloud services
- Be familiar with UK and international, legal and regulatory requirements that could affect organisation security and broader information assurance policies and influence their development as needed
- Have excellent communication skills, with the ability to communicate effectively with customers and stakeholders inside and outside government across different specialist functions and with senior management
- Have a formal information risk / security qualification (MSc in Information Security, CISSP, SIRA, etc.) and / or significant experience as an information risk management professional.
Please see the job description for further information on the vacancy.
You will be assessed based on the following Behaviours:
- Managing a Quality Service
- Communicating and Influencing
- Making Effective Decisions
- Seeing the Big Picture
Applicants will be required to provide an up to date CV and supporting statement (up to 1,250 words) detailing how you meet the requirements and behaviours listed above. You will also provide a completed diversity form.
To apply, please email firstname.lastname@example.org.
Please note that this role requires SC clearance, which would normally require 5 years’ UK residency in the past 5 years. This may mean that your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible.
Cabinet Office are an equal opportunity employer and value diversity in our organisation. You can find out more about our commitment to diversity and inclusion and read our equal opportunities statement on our Diversity and Inclusion page.
*any offer made above the base grade will be made up with a non-pensionable specialist pay allowance based on capability.