Defence Digital Cyber Security Risk Assessor

**Details**:
**Reference number**:

- 401267

**Salary**:

- £36,530
- A Recruitment and Retention Allowance (RRA) of up to £9k per annum may be payable with this post, paid in increments, upon reaching the required level of competence.
- A Civil Service Pension with an employer contribution of 28.97%

GBP

**Job grade**:

- Higher Executive Officer

**Contract type**:

- Permanent

**Business area**:

- MOD - Strategic Command

**Type of role**:

- Risk Management
Security
Other

**Working pattern**:

- Flexible working, Full-time, Job share, Part-time

**Number of jobs available**:

- 1

**Contents**:

- Location
- About the job
- Benefits
- Things you need to know

**Location**:

- This position can be based at either RAF Wyton, Huntingdon or MOD Corsham, Wiltshire.

**About the job**:
**Job summary**:
Are you ready to work in one of the most interesting cyber security environments and share your experience to support national security?

Defence Digital ensures our Armed Forces remain among the most technologically advanced in the world. We do this by putting innovative and effective technology into the hands of over 200,000 users, from the boardroom to the front line.

We lead on cutting-edge data science, automation, and cyber security at scale. Our mission goes beyond the battlefield by leading humanitarian efforts and driving digital innovation that impacts lives across the globe.

Defence Digital forms part of Strategic Command which manages the MOD’s joint capabilities for the Army, RAF, and Royal Navy.
- **Watch** to find out more about what we do.

Passionate about using your skills to make a critical difference? Your next career move could be here.

This position is advertised at 37 hours per week.

**Job description**:
The Cyber Security Assessment and Advisory Services (CySAAS) team, within our Cyber Defence and Resilience (CyDR) organisation, delivers independent services that assist the MOD in designing, delivering, procuring and supporting platforms, products and systems, that are secure and resilient to cyber-attack.

As a Cyber Security Assessor, within the CySAAS team, you’ll provide independent and consistent assessment and advisory services across the department. This is an exciting time to be part of the continually evolving centre of excellence for Secure by Design (SbD) implementation. You may also lead and line-manage a small team providing these services.

Your knowledge and experience will provide the expertise to ensure an accurate understanding of through-life cyber security risks and assist the business in making informed decisions. You’ll work with projects that involve complex technical and security challenges, which may include highly sensitive networks, cryptography and next-generation platforms.

Along the way, you’ll strengthen links with other cyber security bodies and business functions, including business delivery partners, who provide project-based assurance activities.

**Responsibilities**
- Support the promotion of cyber security standards and best practice across Defence, guiding and influencing project and policy decision making, as appropriate and seeking novel resolutions to challenging security issues.
- Contribute to Defence Board reporting, assessment and assurance, consultancy and advice to teams across the Defence enterprise, through the high-profile implementation of SbD.
- Review cyber security risk assessment processes against policy and approved frameworks (e.g., NIST), shaping the SbD approach through lessons learned activity; help embed this approach into business and project plans.
- Review and confirm that risk assessments and risk treatment plans are consistent with business requirements and that residual security risks have been captured and accepted by the appropriate risk owner and are within their level of responsibility, experience or delegated risk tolerance, and escalate accordingly.

**Person specification**:
We would expect to see some previous experience in cyber security governance and management, risk management and/or operational security management.

You’ll need:

- The ability to build strong working relationships
- Great communication skills, able to converse at a wide variety of levels
- Able to interact with both technical and non-technical teams

If not held already, opportunity will be provided to gain the following qualifications when in post:

- Certificate in Information Security Management Principles (CISMP)
- Certificate in Information Security Management (CISM)
- Certified Information Systems Security Professional (CISSP)
- Certified in Risk and Information Systems Control (CRISC)

If you aren’t already a member, we’ll help you with the process and if/when you are, we’ll assist you in supporting & maintaining them:

- Chartered Institute of Information Security (CIISEC)
- British Computer Society (BCS)

This job role may be suitable for hybrid working, which is an informal, non-contractual and voluntary arrangement, blen