Head of Cyber Detect and Response

**Details**:
**Reference number**:

- 364806**Salary**:

- £69,200 - £76,120-
- A Civil Service Pension with an employer contribution of 28.97%**Job grade**:

- Grade 6**Contract type**:

- Permanent**Business area**:

- HO - Digital Data and Technology - Cyber Security**Type of role**:

- Information Technology**Working pattern**:

- Flexible working, Full-time**Number of jobs available**:

- 1Contents

Location

About the job

**Benefits**:
Things you need to know

Location
- ManchesterAbout the job

**Job summary**:
The Head of Cyber Detect & Response oversees the 24/7 Protective Monitoring and Incident Management teams that are responsible for monitoring, detecting, and responding to cyber threats.

You will be managing advanced detection systems and taking a lead role in coordinating the response to cyber incidents, ensuring the security and resilience of the Home Office’s digital systems which span Borders, Immigration and Citizenship, Policing, and Fire.

This is a key position for those who are ready to protect and respond to issues affecting the nation’s digital infrastructure against ever-evolving cyber threats.

**Job description**:
As **Head of Cyber Detect & Response** your responsibilities will include:

- Overseeing the triage of cyber incidents, ensuring proportionate mitigation and containment measures have been implemented in accordance with processes and procedures. Aggregating and evaluating post-incident feedback to inform board-level reporting on security incidents.
- Setting the department’s Cyber Incident Management strategy including its people, process, and technology elements.
- Providing advice to senior stakeholders on ways to improve incident management processes, strengthen security controls, identifying, evaluating, and mitigating risks. Setting direction and recommending investment in strategic tooling and capability to address strategic enterprise-wide risk.
- Shaping the department’s incident management policies and processes to ensure that they meet requirements, in line with appropriate standards.
- Working closely with the Head of Cyber Threat Operations to ensure findings as a result of proactive threat activity is managed swiftly and effectively.
- Leading teams efforts during the management of complex cyber incidents, working with multiple internal and external teams such as the National Cyber Security Centre (NCSC), National Crime Agency (NCA) and Government Cyber Coordination Centre (GC3) where necessary.

**Note**: The Head of Cyber Detect & Response may be required to carry out other duties within the scope of the grade and within the limits of their skill, competence, and training.

Due to the nature of the role, this post is available on a full-time basis only.

**Person specification**:
**Essential skills**

You’ll have a demonstrable passion for leading teams who work around the clock to detect and respond to cyber incidents in complex environments, with the following skills or proven experience in:

- Leading and developing critical operational teams
- Knowledge of targeted cyber-attacks, particularly on how to respond and mitigate their impacts
- Experience in performing monitoring, conducting analysis, and guiding recovery efforts.
- Communicating effectively about cyber threats and incidents at senior levels, including up to ministerial level in the absence of the Head of Cyber Security Operations.

**Technical skills**

Strategy and Architecture
- Governance, Risk and Compliance
- Risk Management (BURM) - Level 4
- Strategy and Planning
- Strategic Planning (ITSP) - Level 4
- Security and Privacy
- Information Security (SCTY) - Level 4
- Advice and Guidance
- Specialist Advice (TECH) - Level 4

Change and Transformation
- Change Planning
- Business Process Improvement (BPRE) - Level 5

Relationships and Engagement
- Stakeholder Management
- Stakeholder Relationship Management (RLMT) - Level 5

**SFIA capability framework**

Skills for the information age (SFIA) is the technical framework that sets the standard capability and development of all DDaT skills in the Home Office. This is a link to the capability framework: All skills A-Z — English (sfia-online.org). We use set SFIA technical skills to form our interview questions and we will assess you against these technical skills during the selection process.

**Qualifications**

Essential

Desirable
- A degree in Cyber Security or appropriate level of proven, demonstrable, and current experience in a similar role/environment
- Achieved appropriate level of qualifications such as CISSP, CISM or qualifications from an industry recognised provider e.g. SANS, ISC2, ISACA, CEH, etc.

**Behaviours**:
We'll assess you against these behaviours during the selection process:

- Delivering at Pace
- Changing and Improving
- Making Effective Decisions

**Technical skills**:
We'll assess you against these technical skills during the selection process:

- Risk Management (BURM) - Level 4
- Strategic plann