Location
About the job
Job summary
DWP faces a substantial threat to its services, data, people, and assets and invests huge resources into combatting this threat. This work is led by the talented and dedicated individuals of the DWP Security function but stretches into every aspect of the Department’s work.
The Security Incident Response Team (SIRT) performs a critical role within the DWP response to a wide variety of security incidents. In addition to coordinating the response to security incidents, the team have responsibility for ensuring that the DWP have an identified, coordinated, practiced and effective response prepared in the event of a variety of security incidents that may be reported.
As a member of SIRT, working within the Cyber Resilience Centre (CRC), you will be part of a team whose purpose is to ensure that the DWP can respond effectively to security incidents impacting people, assets and information and be proactive in the protection and recovery from security incidents. Security incident response is a complex and rapidly evolving area. You will require strong Leadership, investigation, analysis, and decision-making capabilities plus well-developed inter-personal and communication skills.
As one of the largest government departments, almost every individual in the UK is a direct customer of Department of Work and Pensions (DWP) at some point in their lives. DWP’s mission is to improve people’s quality of life, both now and in the future. We do that by focussing on delivering excellent services that make a difference to millions of people. We trust and empower our people to deliver these services to customers every day, including the most vulnerable in society.
Diverse perspectives and experiences are critical to our success, and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.
We are looking to identify one candidate to fulfil the role of: Security Incident Response Lead within the SIRT Senior Leadership Team. This is a key role, and we are looking for someone who will take responsibility for the delivery our key strategic priorities.
We seek to be an exemplar of the modern Civil Service, and to build on our achievements for the benefit of those we serve. When we are at our best, we care, we deliver, we adapt, we work together and we value everyone, and we seek to ensure that these values guide the way we serve our country, our communities, and our fellow citizens.
Job description
Security incident management is a complex and rapidly evolving area; and you will be expected to keep abreast of how the security environment and threat vectors impact the business. The skills required in this team are a complex blend of investigating, information analysis, decision making and technical capabilities, married with well-developed inter-personal and communication skills.
- You will provide expert incident response, determining the threat and level of impact to citizens; DWP business, including its customers and staff; DWP assets (including information and premises); and coordinating the appropriate response. As well as getting under the surface of security incident causes, to identify and influence future prevention.
- You will be responsible for escalation lead on ‘Incident Live Service’; and be strategic lead for one of the ‘Prevention’ functions within SIRT (‘prevention’ functions are: Live service, Practice & Practices, Crisis event management, learning & Patterns plus People & Wellbeing).
- Working with multiple internal and external stakeholders you will act as a Silver incident commander, coordinating DWP security incident responses to medium and high severity events.
- Provide expert advice to the Head of Security Incident Response Team (SIRT), Head of Cyber Resilience Centre (CRC), DWP Chief Security Officer and Gold Incident Commanders. Produce communications statements, escalate incident recovery issues, and coordinate response forums to ensure effective and timely incident recovery.
- Representing SIRT SLT at security events and governance meetings you will ensure all security issues and incidents are impacted, assigned and resolution action is taken forward.
- Demonstrate command and control for the response to security incidents and high priority threat/impact events to ensure security incidents and breaches are managed effectively across DWP.
- Lead and coordinate activities within ‘Prevention’ strands, to directly support, improve or develop SIRT’s ‘live service’.
- Manage, develop, and maintain security incident response policies, procedures and playbooks for DWP.
- Influence the continued development of DWP’s incident response capabilities, including ensuring that incident response technology capabilities are sufficient for DWP security requirements.
- Provide expert security related advice and guidance on the threat environment and security incidents.
- Manage security incidents in accordance with applicable DWP and His Majesty’s Government (HMG) policies and standards.
- Supervise, review and instigate security incident response plans and procedures for DWP.
- Lead, manage and/or chair cross functional and cross government incident response groups, ensuring appropriate responses to security incidents or threats are taken in an appropriate and timely manner.
- Oversee DWP’s response to security alerts and notices from external agencies, including the National Cyber Security Centre (NCSC).
- Take responsibility for the production and continuous review of security incident response plans, procedures, and processes for SIRT.
- Ensure DWP’s incident response plan and the associated response align with His Majesty’s Government (HMG) standards.
- Guarantee timely and accurate Security Incident Response briefings and communications are issued to the Head of Security Incident Response Team (SIRT), Head of Cyber Resilience Centre (CRC), DWP Chief Security Officer, and Department’s incident Gold Commanders, relevant stakeholders, delivery partners and other government departments, where appropriate, such as the Cabinet Office and the National Cyber Security Centre (NCSC).
- When necessary, provide expert stakeholder management to ensure remediation activities are focused on responding to security incidents in an effective and timely manner.
- When required, manage the coordination and DWP’s collective response to significant vulnerabilities identified via Threat Intelligence (where emergency action is required).
- Ensure the timely identification and briefing of appropriate Gold Incident Commander(s) within DWP. Mentoring them on appropriate decision making and providing them access to specialist advice.
- Demonstrate visible leadership whilst participating in regular drilling / exercising and learning events to build capability and embed incident response procedures.
- Ensure that SIRT staff are recording Management Information (MI) in relation to reported security events/incidents accurately – including Key Performance Indicators (KPIs) to feed DWP Executive Team and Security & Data Protection (S&DP) Senior Leadership Team (SLT) requirements.
- Provide expert ‘incident management’ stakeholder input into the development of new capabilities within CRC and across DWP.
- Take responsibility for recruitment activities on SIRT ensuring appropriate staffing levels are maintained.
- Take responsibility for driving forward deliverables on the SIRT Work Plan – in-line with the principles outlined within the National Institute Standards and Technology (NIST) Cybersecurity framework, to improve DWP’s identify, protect, detect, response and recovery capabilities and posture.
- Deputise for and represent the Grade 6 Head of ‘Live Service’ or Head of ‘Prevent’ functions when required.
- Line Management responsibility for SEO Senior Security Incident Response Analyst resources on SIRT.
Person specification
- Supervising the prompt and effective response to security incidents reported to SIRT, by effective triage and prioritisation of incidents utilising the Security Incident Response Plan (SIRP).
- Lead, develop and embed lessons learnt and lessons identified as a consequence of security incidents investigated particularly those initially triaged as high risk.
- Demonstrate by example an investigative mindset with the ability to problem solve, motivate, influence and be adaptable to a given situation.
- Provide support 24 hours a day, 7 days a week and as a result, you will be expected to work as part of an on call rota, which will also attract occasional out of hours working. You will provide 24/7 ‘initial contact’ out of hours cover for security incident management across DWP on behalf of SIRT; and Silver Commander responsibilities for significant events impacting DWP.
- You will prioritise people, actively promote the health, safety, and wellbeing of SIRT colleagues and others.
You may be required to travel to different DWP sites and government agencies with occasional overnight stays.
Successful candidates should have or show a commitment to working towards, the BCS Certificates In Information Management Principles (CISMP), Certified Information Security Manager (CISM) and NIST cybersecurity framework. https://www.nist.gov/cyberframework/framework
Essential criteria for the role
- Proven leadership experience within an incident management environment. (Lead Criteria)
- Proven experience of making risk-based defenceable decisions at pace.
- Proven experience of managing stakeholders in a complex environment with multiple service providers.
- Proven experience communicating complex related messages and providing updates and recommendations in a clear and comprehensive manner.
Desirable Criteria
- Demonstrable experience in interpreting threat intelligence and engaging relevant stakeholders to plan and run complex incident exercises / practice drills – taking lessons learned and applying this to incident management playbooks and standards.
- Good working knowledge of security concepts (Physical, Personal, IT and Cyber Security), including security controls, security risk management and security incident management.
- Proven experience of handling security incidents of direct concern to senior leaders up to director levels, regulatory bodies and/or ministers; and deep knowledge and/or understanding of requirements to co-ordinate responses to security incidents across multiple organisations.
If you would like to learn more about the role contact the vacancy holder.
Behaviours
We’ll assess you against these behaviours during the selection process:
- Leadership
- Making Effective Decisions
- Delivering at Pace
- Communicating and Influencing
- Working Together
Benefits
- Learning and development tailored to your role.
- An environment with flexible working options.
- A culture encouraging inclusion and diversity.
- On call allowance.
- A Civil Service pension with an average employer contribution of 27%
- Hybrid working This job role may be suitable for hybrid working, which is where an employee works part of the week in their DWP office and part of the week from home. This is a voluntary, non-contractual arrangement and your office will be your contractual place of work. The number of days that anyone will be able to work at home will be determined primarily by business need but personal circumstances and other relevant circumstances will also be taken into account. If you are successful, any opportunities for hybrid working, including whether a hybrid working arrangement is suitable for you, will be discussed with you prior to you taking up your post.