- Company Name
- Ministry of Housing, Communities and Local Government
- Job Title
- Operational Security Manager
- Job Description
-
Darlington, Leeds, London, Manchester, Wolverhampton
Job Summary
Here at the Ministry of Housing, Communities & Local Government (MHCLG), we work on things that make a real difference to people’s lives.
Whether it's through the homes we live in, the work of our local councils, or the communities we’re all part of, our work is at the top of the political agenda. We have ambitious and far-reaching outcomes to achieve this year and, if you’re thinking of joining us, there’s never been a more exciting time.
We have over 3,500 staff who are based in 20 offices across the UK and this Cyber Security role sits in the heart of the Technology team within our Digital Directorate.
Our aim is to provide high quality Digital services for our staff, typically using evergreen cloud services. Delivering this responsibility comes with a high demand for adoption of new technologies, systems and applications that require security review and scrutiny to ensure the department operates in a safe and secure environment that is overseen by centralised security products such as a SIEM, vulnerability scanners and security validation tools.
Security has never been more important in delivering services for our staff and citizens and the Department is committed to meeting the objectives set out in the Government Cyber Security Strategy. Now is an extremely exciting time to join our Cyber team as we use a modern tech stack, specialist external suppliers and a growing number of internal staff to mature our capabilities and deliver Departmental objectives.
We particularly welcome candidates from an ethnic minority background and other underrepresented groups to apply, as we work to continually improve our ability to represent the places and communities we support through our work.
Find out more about what it's like to work in a digital, data and technology role at MHCLG including our culture, ways of working, career progression and staff benefits. You can also read the MHCLG Digital blog to learn about the work we're doing.
Job Description
As an Operational Security Manager, you'll:
provide cyber security advice and guidance to the Department, acting as the Champion and face of the team across numerous forums to enhance and maintain the positive perception and visibility of the Cyber Security Team
lead on the development and maintenance of Security Policies and associated documentation
lead on supporting all internal and external stakeholders in the alignment to the Policies and associated documentation
provide Cyber Security input to governance forums as required, including Change Advisory Boards and Technical Design Authorities
conduct periodic checks of various technologies and processes across stakeholders in an internal/external audit capacity, subsequently supporting those stakeholders in the development and implementation of remediation plans
lead on the development and maintenance of the Departments cyber security oversight of, and support to, its ALBs
lead on the conduct of GovAssure and wider Department alignment to the NCSC CAF
input to the Cyber Security KPIs and Metrics across all areas of responsibility
work with the Head of Security Awareness to design and implement cyber security awareness campaigns
act as the overarching lead, join up and work with other elements of the team to support them in service adoption and improvement across all areas including Secure by Design, Supplier Security, Vulnerability Management and Security Operations Centre (SOC). This may on occasion include directly supporting across these teams where required
collaborate with, and mentoring of, peers and stakeholders where appropriate
As An Operational Security Manager, You'll
provide cyber security advice and guidance to the Department, acting as the Champion and face of the team across numerous forums to enhance and maintain the positive perception and visibility of the Cyber Security Team
lead on the development and maintenance of Security Policies and associated documentation
lead on supporting all internal and external stakeholders in the alignment to the Policies and associated documentation
provide Cyber Security input to governance forums as required, including Change Advisory Boards and Technical Design Authorities
conduct periodic checks of various technologies and processes across stakeholders in an internal/external audit capacity, subsequently supporting those stakeholders in the development and implementation of remediation plans
lead on the development and maintenance of the Departments cyber security oversight of, and support to, its ALBs
lead on the conduct of GovAssure and wider Department alignment to the NCSC CAF
input to the Cyber Security KPIs and Metrics across all areas of responsibility
work with the Head of Security Awareness to design and implement cyber security awareness campaigns
act as the overarching lead, join up and work with other elements of the team to support them in service adoption and improvement across all areas including Secure by Design, Supplier Security, Vulnerability Management and Security Operations Centre (SOC). This may on occasion include directly supporting across these teams where required
collaborate with, and mentoring of, peers and stakeholders where appropriate
Person specification
We will use the essential criteria below to evaluate you during the recruitment process. Make sure your CV details how you meet the criteria.
As An Operational Security Manager, You’ll Have
significant experience in an Information Security/Assurance related role(s)
knowledge of relevant laws, regulations, and industry/HMG standards including GDPR, NCSC CAF, Cyber Essentials and ISO27001, with a strong understanding of information security principles, concepts, and best practices
experience with risk assessment methodologies and tools
familiarity with security principles and technologies for cloud hosted services such as AWS, Azure and SaaS
strong knowledge of typical threats and attack vectors with appropriate remediation methods
excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to non-technical stakeholders
developed problem solving skills including addressing complex technical security and process challenges that ensure delivery at pace to an appropriate risk appetite
professional certifications, such as CISSP, CISM, CRISC or equivalent experience
experience leading deep dives into adherence against processes, policies and procedures that are mandated for suppliers, services and teams to use in delivery of Digital services
Behaviours
We'll assess you against these behaviours during the selection process:
Making Effective Decisions
Managing a Quality Service
Communicating and Influencing
Alongside your salary of £59,586, Ministry of Housing, Communities and Local Government contributes £17,262 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out wh...
