Risk Management Associate

**About us**:
Are you ready to work in one of the most interesting cyber security environments and share your experience to support national security?

Are you looking to start a career in the exciting world of cyber security or further develop the skills you already have in this field then we have some fantastic opportunities to learn and develop your professional career.

Cyber security plays an integral role in protecting the UK against external and internal threats, acting as a deterrence to ensure that our Armed Forces have the strong cyber defences they need.

This role supports the head of the Cyber Assessment and Advisory Service (CySAAS) which provides assurance, support and advice to teams across defence. It consists of sub teams which assess specialist ICT, communication, and weapons systems.

The team is within the Cyber Defence and Risk (CyDR) organisation which sits at the forefront of Cyber Security and Information Technology within Defence and is responsible for enabling Defence through the provision of specialist assurance and cyber security services across UK Defence including industry partners, other Government Departments and our international allies. Services provided by CyDR include:

- Advice and guidance on cyber security policy
- National and MOD defensive cyber strategy development
- Managing and driving mitigation of Departmental cyber risk
- Security assurance and accreditation support and advice
- Security incident reporting

CyDR sits within the Defence Digital team who provide digital and technology services to our Armed Forces. Defence Digital operates at scale, with an annual budget in excess of £2Bn and a diverse team of 2,500 colleagues, it aims to make our Armed Forces some of the most technologically advanced in the world.

With a fantastic growing team of military and civilian staff operating across the UK it is a great time to be a cyber security professional in the Ministry of Defence.

If you can see yourself contributing to the world of CySAAS the next chapter of your career may be with us

**The role**:
As a Cyber Security Risk Manager Associate, you will identify, understand and mitigate cyber-related risks. You’ll provide risk or service owners with advice, to help them make well informed risk-based decisions.

Working within established security and risk management governance structures, you will support, review and undertake risk management activities such as, helping with the analysis and derivation of business-supporting security needs and undertaking Cyber Security related risk assessments, basic threat assessments and other risk management activities.

You will be able to provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different assurance activities (such as a pen test) making recommendations for improvement and help risk or service owners to make well-informed decisions.

To track and monitor all MOD in-service systems registered on the Defence Assurance Risk Tool (DART). Obtaining information from the DART team and providing a monthly update on in-service systems status, bringing attention to any known or expected events that may affect the status. Developing and maintaining a tracker for all consultancy work coming into the In-service systems team and providing regular reports on their position and progress. Liaising with key stakeholders. Participating in Deep Dives, Red Teaming etc.

**What you'll be doing**:
Responsibilities will include:

- Oversight of all in-service systems recorded on the CyDR provided security support tool.
- Obtaining relevant in-service systems data from the CyDR provided security support tool and developing and producing regular reports on their status.
- Reporting any known or expected events affecting the status of in-service systems, including assurance review points, and keeping the In-service Team informed.
- Proposing to the in-service team appropriate action to events.
- Liaising with Assessors as appropriate.
- Developing and maintaining record all consultancy tasks in the in-service team.
- Regularly reporting on the progress of consultancy tasks in the in-service team.
- Develop and maintain a log to capture common Cyber Security issues and themes identified through in-service assessments.
- Arranging meetings and organising events as required by the in-service team in response to issues/events e.g. Tiger Teaming, Deep Dives.
- Building constructive relationships with Assessors and other members of the CySAAS organisation.
- Maintain currency in all mandatory training and keep personal MyHR and training records up to date.

**About you**:
If you have the following knowledge, skills and experience or a desire to develop a career in information risk management, we would love to hear from you
- Experience or a desire to learn about risk auditing and reviews, ideally in a Cyber Security or similar environment
- Experience, knowledge o