Principal PCI & Cyber Security Assurance Specialist
Sector: Central Government
Location: London / Bristol / Manchester
Date posted: 23/12/2021
Salary: Up to £90,000 per annum*
The Government Digital Service (GDS) are seeking a permanent Principal Cyber Security Assurance & Privacy Specialist.
This is a unique opportunity to support digital transformation at the heart of government, collaborating with teams from other departments to help them build better public services.
GDS work in small, agile teams of developers, designers, content people and others. We build a minimum viable product, then iterate – always asking how we can make things better for users, who are at the centre of everything we do.
This role will actively support GOV.UK Pay, which provides a payments platform to government departments and agencies in order to take payments from citizens and businesses in a more convenient, faster and cheaper way. As a payments platform processing payment card data, we are required to adhere to the Payment Card Industry Data Security Standards (PCI DSS).
The Principal PCI and Cyber Security Assurance Specialist role has been created to actively manage PCI (Payment Card Industry) compliance and Information Assurance for GOV.UK Pay. You will work with the GDS Head of Information Services in the delivery of these activities.
This is a fantastic opportunity to work in a fast moving environment on some of the most high profile digital services being created, which will transform the way the UK government engages with its citizens.
You will join a small team comprising the Lead Accreditor, Head of Information Services and a team of Security Analysts/Information Assurance Managers and Information Risk Consultants. Your role will primarily focus on providing PCI and IA support to GOV.UK Pay but you will also work with other teams delivering digital services in GDS.
You will be accountable for managing PCI compliance for GOV.UK Pay. This will include but not be limited to:
- Organising regular quarterly scans
- Delivering documentation updates and organising evidence gathering; for
- each major change to the platform the supporting documentation and network
- diagrams will require update the documentation, network diagrams
- Scoping, procuring and organising internal and external penetration testing activities
- Managing the PCI and information security related suppliers
- Ensuring that the onboarding and offboarding of team members is carried out properly
- Managing regular training needs for team members
- Liaising regularly with the GOV.UK Pay Qualified Security Assessor (QSA), to ensure we are correctly interpreting the PCI requirements, as we continue to build out the GOV.UK Pay platform
At GDS we’re looking for people with strong interpersonal skills who enjoy working in a delivery focused, agile environment. We’re looking for people who care about technology and who know how to make projects succeed, as well as stopping them failing!
For this role it is essential that you have:
- Substantial experience in managing PCI compliance for digital services
- Have an extensive range of cyber and information security expertise
- Have an excellent grasp of the technologies used to deliver cloud-based services, digital web-based services and in particular, the security controls needed to protect these services and the data that they process and store
- Have a very strong understanding of the Data Protection Act and GDPR and be experienced in ensuring DPA compliance for digital services
- Have substantial experience of delivering reports to private and public sector customers and stakeholders on services and information risk
- Will be familiar with UK and international, legal and regulatory requirements that could affect organisation security and assurance policies and influence their development as needed.
The ideal candidate will have knowledge of the following and experience of applying this knowledge for multiple different digital service, ideally in a large organisations:
- The GCloud Security Principles or equivalent
- Industry best practices for privacy, security and information risk management
- Information security/application vulnerabilities, their effective treatment/mitigation and the level of risk they introduce to a digital service
- Security architecture and system design for cloud-based digital services
- The techniques for securing data in transit or at rest, physical security, security in systems configurations and technical control selection
- Carrying out risk assessments and the subsequent selection of appropriate countermeasures
View the full job description here.
Successful candidates will be required to meet security vetting requirements before they can be appointed, which will involve a BPSS check whilst the Security Check (SC) is undertaken. Please note, if your SC doesn’t pass, you will unfortunately not be able to continue your employment.
GDS is based in Bristol, London and Manchester, and you will be working with colleagues across all three sites. GDS supports flexible working, including a balance between office and home-based working. Normally this will mean 2 days a week in the office, or more if that works better for you and the role.
The recruitment process will be short and quick – if shortlisted you will be invited to face to face interview (virtual), then offered if you are deemed appointable.
In the Civil Service we use our Success Profile Framework to outline expected behaviours and we will use these as part of our wider assessment during the interview process.
We’ll assess you against these behaviours during the selection process:
- Managing a Quality Service
- Delivering at Pace
- Working Together
- Seeing the Bigger Picture
To apply, simply send your CV to GDS@allenlane.co.uk
Please note, you will also be asked to complete a short diversity form.
Applications will be reviewed by the hiring panel on a weekly basis, with interviews taking place shortly afterwards – it’s therefore strongly advised that you apply as soon as possible.
GDS are an equal opportunity employer and value diversity in our organisation. You can find out more about our commitment to diversity and inclusion and read our equal opportunities statement on our Diversity and Inclusion page (https://gdscareers.gov.uk/diversityinclusion.html).