Cyber Critical Systems Lead

**About us**:
Are you ready to work in one of the most interesting cyber security environments and share your experience to support national security?

Cyber security plays an integral role in protecting the UK against external and internal threats, acting as a deterrence to ensure that our Armed Forces have the strong cyber defences they need.

The Cyber Defence and Risk (CyDR) team is at the forefront of Cyber Security and Information Technology within Defence and is responsible for enabling Defence through the provision of specialist assurance and cyber security services across UK Defence, including industry partners, other Government Departments and our international allies.

CyDR sits within the Defence Digital team who provide digital and technology services to our Armed Forces. Defence Digital operates at scale, with an annual budget in excess of £2Bn and a diverse team of 2,500 colleagues, it aims to make our Armed Forces some of the most technologically advanced in the world.

With a fantastic growing team of military and civilian staff operating across the UK, it is a great time to be a cyber security professional in the Ministry of Defence.

If you can see yourself contributing to the world of CyDR the next chapter of your career may be with us

**About the role**:
The Cyber Critical Systems Lead position sits within the Cyber Risk Management team, a small, highly specialised team within the Governance, Risk and Compliance (GRC) directorate in Defence Digital. We develop and maintain a wider understanding of cyber risks and capabilities, across Defence’s complex and challenging environments and identify possible gaps and issues to inform key defence programmes on how to mitigate these and understand how the resulting activity will help to reduce risks.

In this role, you will play an important part in the collation of Defence’s Critical Systems data, furthering the understanding of systems and their vulnerabilities. As a result, you will develop a wider understanding of these systems across a complex environment of inter-related IT projects, programmes and initiatives, identifying possible gaps and issues.

This position will support the pan-Defence Digital Enterprise, in maturing its understanding of its critical systems, including interdependencies, helping to, for example, identify areas requiring further investment, monitoring and/or patching.

We will offer excellent learning and development opportunities tailored to your role and beyond. Whilst in post, you’ll be able to gain industry recognised qualifications, (such as CISMP and more) and we’ll support you throughout the process.

You’ll also be able to take advantage of our excellent benefits package, including flexible working, generous leave allowance, great discount services and a market-leading Civil Service pension.

The Cyber Risk Management team has exciting plans for growth, so now is a great time to join us and be part of our journey

**What you'll be doing**:
Responsibilities are likely to include but not restricted to:

- Establish and maintain working relationships with key stakeholders, both internal and external. This will include holding introductory workshops with those wanting to exploit the data, to drive change and improvements.
- Continuously identify ways and means to enrich the data and raise awareness, requesting support from across the organisation to improve visibility and understanding.
- Lead on the Communities of Practice, including providing updates to the group on the maturity of the data, as well as organising interactive sessions with attendees to discuss and agree forward plans.
- Establish and maintain a Critical System roadmap, with input from the Communities of Practice, planning the development of the data.
- Work alongside Directorate Security and Resilience (DSR) and support the criticalities process, aligning critical systems to the Critical National Infrastructure (CNI).
- Explore policy to ensure the best use of the data at different classifications.
- Create, implement and maintain a Terms of Reference for the data, capturing usage parameters.
- Establish and maintain guidance documentation to support organisations reporting on critical systems.
- Provide reporting to the Cyber Resilience Oversight Board on critical system maturity, to enable seniors to make informed decisions.
- Lead on the continued implementation of the Enterprise Risk Management Tool, capturing and ensuring the critical systems data is kept up to date. This includes access and control management, ensuring those that need to access are equipped to do so.

**About you**:
If you have the following knowledge, skills and experience, we would love to hear from you

We would expect to see some previous experience in cyber security risk management, Information Assurance and/or data analysis and ideally you’ll have the following skills:

- Eagerness to learn and continue your professional development.
- Excellent organ