Cyber Security Enterprise Risk Manager

Bristol, Cardiff, Salford, Newcastle, Telford, Edinburgh.

Job summary

At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.

We want to maximise the potential of everyone who chooses to work for us, and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role

See what it’s like to work at HMRC: find out more about us or ask our colleagues a question. Questions relating to an individual application must be emailed as detailed later in this advert.

Job description

This is an exciting opportunity to be at the heart of security risk management in HMRC and to be part of the Government Security Function, working to keep the UK safe.

You have the opportunity to work across all levels up to board level. Offering you a rare glimpse into how HMRC cyber risk can affect National Infrastructure, we work alongside GCHQ, NCSC and others to minimise and mitigate cyber threats that could be detrimental to the way the UK Government collect taxes. We are held accountable not only by taxpayers, but also our board and parliament.

Working with us means making a real impact on millions of people’s lives. It also means gaining new skills, growing your knowledge and taking your expertise further across a range of fascinating and vitally important work. Where possible we will fund your external training to further upskill you and help you gain a wider knowledge of cyber security.

This is an exciting time to join the HMRC Cyber Security Risk team. Our mission is to reduce HMRC’s security risk exposure whilst enabling HMRC to meet its business objectives effectively and to maintain public confidence in our services. We do this by providing expert security risk-based assurance, oversight and challenge.

Responsibilities

Main responsibilities:

  • Leading on all aspects of reporting against the Tier 2 Cyber Risk and other forms of reporting as per business needs.
  • To develop and maintain close working relationships with stakeholders to obtain high quality security risk data.
  • Develop and maintain systems and processes for gathering and storing security risk data.
  • Analysis of cyber threat landscape.
  • Working closely with Head of Cyber Risk to measure effectiveness of risk measures and controls.
  • Engaging with the wider CDIO to gather a view on current risks and how they are being managed and remediated.
  • Creating effective networks inside HMRC security to ensure a joined-up approach to risk management.
  • Strong organisational skills are a critical element of this role, as is the ability to prioritise and manage a workload, analyse complex information, present recommendations, and make effective decisions.

Person specification

Essential Criteria:

  • Strong organisational skills, ability to prioritise and manage workloads, analyse complex information.
  • A confident communicator, both written and verbal, and confident managing communications at all levels.
  • Strong stakeholder management skills.
  • You must be able to show evidence that you are organised and can run several areas of work concurrently.

 Desirable:

  • Previous cyber security enterprise risk management experience.
  • CISMP or equivalent qualification, or be willing to work towards achieving.
  • Risk management experience in a large and complex enterprise environment.
  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • Civil Service pension with an average employer contribution of 27%
  • 25 days annual leave, increasing 1 day per year up to 30 days

Find more about HMRC benefits in ‘Your little extras and big benefits handbook’ for further information or visit Thinking of joining the Civil Service.

Cyber GSeC Business Manager Co-ordinator

Bristol, South West England, BS2 0ES : Cardiff, Wales, CF10 1EP : London, London (region), E20 1HZ : Edinburgh, Scotland, EH8 8FT : Leeds, Yorkshire and the Humber, LS1 4AP : Salford, North West England, M3 5BS : Newcastle upon Tyne, North East England, NE98 1ZZ : Nottingham, East Midlands (England), NG2 1AW : Telford, West Midlands (England), TF3 4NT

Job summary

Do you have a track-record of being a self-starter with excellent organisational skills? Can you support the Government Security Centre for Cyber (Cyber GSeC) to help other Government Departments improve their cyber security posture?

If so, we would like to hear from you.

This is an administratively focused role for which we are seeking someone who is proactive in managing daily priorities and driven to deliver, often against tight deadlines and conflicting priorities in a busy team. 

As the Business Manager Co-ordinator within Cyber GSeC, you will play a key role in supporting the work within two areas of the organisation.   

Within our Operations function, you will work to support our Business Partners as they engage with lead departments, also supporting our team of cyber security consultants delivering our services across government. In this varied role, you will often be the first point of contact for stakeholders across HM Government as they engage with Cyber GSeC through our mailbox and will be used to offering excellent service at every opportunity.  

You will also support business management functions of the Cyber GSeC to help ensure the successful day to day running of the organisation. The successful candidate will take responsibility for maintaining accurate records of the assets we own and our compliance with mandated learning requirements. You will also play a key role in researching and organising whole staff events, and the associated travel and accommodation requirements, and will help ensure our digital platforms offer easy to find, relevant and up to date information for the team.  

From time to time, you may also be required to contribute to other outcomes of HMRC’s Cyber Security Technical Services function.  

See what it’s like to work at HMRC: find out more about us or ask our colleagues a question. Questions relating to an individual application must be emailed as detailed later in this advert.

Job description

The Team 

Five Government Security Centres (GSeCs) are embedded in host departments, to provide security consultancy services across HM Government (HMG) in the key areas of: Cyber; Personnel and Physical; Education and Awareness; Industry Security Assurance and International. The Government Security Centre for Cyber, more commonly referred to as the Cyber GSeC, is hosted by HMRC and provides consultancy and advice services across government to improve the cyber security posture of HM Government (HMG). We work directly to support of the stated outcomes of the Government Cyber Security Strategy (GCSS) delivering our services directly across circa 400 Government Departments and Arms-Length Bodies (ALBs).  

The Role  

The Business Manager Co-ordinator role reports to the Enabling Capabilities Operations Support Manager. As well as supporting the business management function, the role provides support to the Operations Co-ordination Manager and our Business Partners, ensuring the successful day to day running of both aspects of our outputs. You will be the first point of contact at our dedicated Cyber GSeC Mailbox, supporting our Business Partnering function with their role to engage efficiently with stakeholders across government. You will organise meetings and be responsible for secretariat duties, noting & maintaining records of key actions and decisions. You will also be responsible for the accurate recording of mandated learning compliance, championing completion across the organisation.

Now is a great time to join the team; supporting the organisation as we continue to build a team of outstanding people in the Cyber Security field. Over the next three years, the Cyber GSeC will be growing significantly as we develop our capabilities to deliver critical technical security services across government in support of GCSS.

Our linked Candidate Pack (see below) provides further insight to the Government Security Centre for Cyber, the team, the role and the application process and support available for candidates. 

Person specification

Key Responsibilities may include: 

  • Act as the first point of contact to the Cyber GSeC team through active management of the team mailbox, ensuring that all emails are responded to in a professional and timely manner within agreed service level timescales. 
  • Proactively support the Business Support Manager, Operations Coordination Manager and Business Partnering Function, to ensure that all operational activity is operating to maximum efficiency. 
  • Collate and validate a variety of data sets to provide key management information and performance reports using O365 tools including Excel, Planner and Power BI, ensuring the Cyber GSeC safely stores these records for review and reporting. 
  • Own relevant secretariate duties for the Cyber GSeC’s internal meetings. You will note key actions and/or decisions for the team to take forward. 
  • Maintain the Cyber GSeC Asset Register, ensuring an up to date and accurate record of Cyber GSeC owned assets is held. 
  • Maintain accurate records of the completion of Mandated Learning by Cyber GSeC staff, aiming for 95% completion rate across the team. 
  • Support the ongoing development and maintenance of the Cyber GSeC SharePoint and Microsoft Teams sites. 
  • Coordinate the booking of travel, hotels, and biannual all-staff conferences for the Cyber GSeC team, undertaking relevant research and cost analysis to present cost-effective event options. 
  • Use a range of data sources to assure contractor activity, updating calendars and contractor forecasts. 
  • Initiate purchase requests for the Cyber GSeC team using HMRC’s procurement tool.
  • Assist with the delivery of the Cyber GSeC recruitment plan including liaison with key HR and Business Management colleagues. 

It is essential that candidates have the following:  

  • Experience of working in a customer-facing delivery team, with excellent stakeholder engagement at a range of organisational levels.
  • Experience in the use of Microsoft Office 365 applications including Excel, Planner, Teams, and SharePoint.
  • Experience of providing efficient and effective secretariat duties in support of a team.
  • Great attention to detail and organisational skills.
  • Proven ability to communicate effectively at all levels to both technical and non-technical audiences.
  • Experience of using Clarity & JIRA (or similar workflow and Project & Programme Management tools) to manage, progress, and report on workstream activity.

It is desirable that candidates have the following:  

  • Experience of working within the public sector, ideally in central government and with senior partners.
  • An understanding of Cyber Security.
  • Knowledge of the Government Security Profession and Government Security Function.
  • Experience of working in a project support role.
  • Experience of building SharePoint sites.
  • Experience of Power BI.

Behaviours

We’ll assess you against these behaviours during the selection process:

  • Managing a Quality Service
  • Working Together
  • Making Effective Decisions

We only ask for evidence of these behaviours on your application form:

  • Managing a Quality Service
  • Working Together
  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • Civil Service pension with an average employer contribution of 27%
  • 25 days annual leave, increasing 1 day per year up to 30 days

Find more about HMRC benefits in ‘Your little extras and big benefits handbook’ for further information or visit Thinking of joining the Civil Service.

Risk Director

Durham, North East England, DH1 1SL : Lytham St Anne’s, North West England, FY8 4TS : Glasgow, Scotland, G2 8JX : City of Westminster, London (region), SW1P 3BT

Job summary

National Savings & Investments (NS&I) is one of the largest savings organisations in the UK with 25 million customers and more than £207 billion invested.  When people save money with us, they are lending money to the government. This means that we are backed by HM Treasury – which keeps every single penny of our savers’ savings safe. That’s something no one else can offer at a scale that is unique.  Our values are at the heart of everything we do: we are secure; we are inspiring; we are straightforward; we are reassuringly human. Our ambition is to inspire a stronger savings culture and we believe everyone should have the opportunity to save confidently.

We are looking for a new Risk Director who will live the values of the organisation. You will join a business that has made significant progress on a long-term transformation. This programme of change will take us into the next chapter, ensuring that we will have a strong, resilient infrastructure and a flexible and scalable operation that can continue to serve savers and the Government for generations.

Job description

Reporting into the CEO, our new Risk Director will be responsible for devising, implementing and assuring a comprehensive range of risk management, compliance and assurance strategies across the full range of financial crime, legal, regulatory and risk issues for NS&I. You will be integral to ensuring NS&I complies with specific NS&I regulations, relevant legal obligations and FCA codes of conduct, and with other voluntary codes equivalent to financial services industry standards, and to making sure NS&I has an appropriate and effective data management assurance strategy. Providing leadership to the whole organisation in ensuring healthy and proactive risk identification and management is embedding in our culture will be key.

This role will require regular travel to London, if not based at this site. As this role may require regular travel to other sites, please be aware if you travel to a second location on average 4 days a month, you may be liable for P11D taxation.  If you have any queries concerning this please contact the NS&I HR Team.

Person specification

This is a demanding leadership role for a candidate with absolute integrity and a strong customer focus, who is able to place risk management, compliance and assurance in a commercial, financial services-orientated context. It requires an individual with an independent mind-set capable of operating comfortably a board level and throughout our entire business. To be successful, you will need to bring substantial senior experience in a regulated business ideally in financial services and in risk management or compliance. You must bring deep understanding of financial services regulation, including the management of financial crime, and of compliance and risk management across both operational and strategic contexts. To underpin your ability to have impact, you must bring excellent communication skills and leadership qualities.

 The profile and importance of this role is clear; we need a highly effective Director to work with the Board and executive team to ensure our ongoing transformation, current and future service delivery is underpinned by robust and effective controls, alert to risk and alive to its avoidance, reduction and mitigation.

You will also have the opportunity be part of an organisation that is supporting the nation to save and fund the vital services we all use every day. You will be part of a greater purpose, using your skills to give something back.

Alongside your salary of £120,000, National Savings and Investments contributes £32,400 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

NS&I is one of the largest savings organisations in the UK with 25 million customers and more than £207 billion invested. We are both a government department and an Executive Agency of the Chancellor of the Exchequer. Our origins can be traced back over 150 years to 1861.

A small company with a big reach we offer a range of benefits to include flexible working, great opportunities for development and a generous pension scheme. We care for colleagues, respect one another, invest in our people and manage talent effectively.

Some benefits of working at NS&I include:

  • Learning and development tailored to your role
  • An environment with flexible hybrid working options
  • 9 day fortnight scheme
  • A culture encouraging inclusion and diversity
  • A Civil Service pension with an average employer contribution of 27%
  • Generous annual leave – starting at 25 days, increasing to 30 days
  • Performance related variable pay bonus
  • Enhanced Maternity, paternity, adoption and shared parental leave.

JIO Intelligence Analyst- Deterrence (HEO/MoD C2)

City of Westminster, London (region), SW1A 2AS

Job summary

The JIO is responsible for producing all-source assessments that support the Prime Minister, National Security Council and other senior policy makers to deliver the Government’s national security and foreign policy priorities.

We are looking for a high calibre candidate to join the JIO’s growing Deterrence team. This is an exciting opportunity to work at the centre of the fast moving national security machinery, helping to shape the UK’s response to priority issues for HMG.

You will make a significant contribution to the production of all-source strategic assessments that serve as the analytical foundation for a range of nuclear deterrence policy decisions.

The successful candidate will have strong communication skills and be able to convey complex information concisely in written or verbal form, including to senior stakeholders. You will be highly organised and able to work across several different work strands at any given time. You will have excellent interpersonal skills and be a team player. You might develop close working relationships with colleagues across the organisation and across Whitehall, with teams in MoD (DNO, DI CP-Nuc, DI CA-MST, DI CA-Maritime), AWE, DSTL, other government departments and international organisations.

This position is advertised at 37 hours per week.

Job description

Support the analysis of information from a range of sources to produce timely, robust and policy-relevant assessments on deterrence-related matters. You might have responsibility for a sub-theme, taking the lead in authoring short-form products read by senior officials including the Prime Minister. You will contribute to longer assessments.

Routinely use structured analytical techniques in your own work, or contribute to group analysis activities.

Develop subject matter expertise in deterrence issues and an appreciation of policy requirements and how assessments inform policy decisions.

Establish working relationships with JIO colleagues, Whitehall departments and international allies. You might consult academics, think tanks and private sector analysis.

On occasion contribute to the wider team’s work (weapons and counter proliferation) or to wider JIO work, to support colleagues, to respond to crises, or to expand your own expertise and experience.

Person specification

This post is only open to British Citizens. Some dual nationals may be ineligible. The successful candidate must obtain Developed Vetting (DV) clearance if not already held. As they will have access to very sensitive information, there are limitations on travelling to a small number of countries and we will undertake additional security checks as part of the recruitment process.  Applications from candidates with close connections to certain countries may take considerably longer to process, or in some cases result in a withdrawal of an offer of employment. Further details will be provided at the conditional offer stage. 

The successful candidate should hold or be prepared to undertake the New Analyst Programme (NAP), or Fundamentals of Defence Intelligence, Defence Intelligence IT Course and Defence Intelligence Analysis Module courses and pass the subsequent City and Guilds exam in intelligence assessment.

Essential Criteria

  • A proven ability to work under pressure and the ability to prioritise across a number of competing tasks.
  • Demonstrable interest in, or existing experience of, deterrence issues which could include geostrategic foreign policy.
  • Good written and verbal communication skills.
  • Good interpersonal skills and a team player.

Desirable criteria:

In the event of a strong field of candidates at interview, the following desirable criteria will be considered to distinguish the order or merit:

  • Understanding of deterrence issues.
  • Experience of evidence-based analysis, assessment or national security policy.

A strong existing network of contacts across government or international.

Behaviours

We’ll assess you against these behaviours during the selection process:

  • Working Together
  • Leadership
  • Seeing the Big Picture
  • Delivering at Pace

Technical skills

We’ll assess you against these technical skills during the selection process:

  • Written and Visual Communication of Intelligence Assessment (Foundation)
  • Co-Operation, Co-Ordination and Challenge (Foundation)
  • Informing Decision Making (Foundation)
Alongside your salary of £34,850, Ministry of Defence contributes £9,409 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • Civil Service pension with an average employer contribution of 27%

The post does not offer relocation expenses (move of home, excess fares or temporary transfer). Non Standard move applicants will be eligible for the full package, subject to eligibility.

Posts based in London will attract the relevant London weighting.

The Ministry of Defence is committed to providing a safe and healthy working environment for its staff which includes educating them on the benefits of not smoking, protecting them from the harmful effects of second-hand smoke and supporting those who want to give up smoking. Under the Smoke-Free Working Environment policy, Smoking and the use of all tobacco products (including combustible and chewing tobacco products) will not be permitted anywhere in the Defence working environment by 31st December 2022. The policy is Whole Force and includes all Defence personnel, contractors, visitors and other non-MOD personnel. All applicants seeking, considering, or accepting employment with the Ministry of Defence should be aware of this policy and that it is already in place at a number of Defence Establishments.

Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.

Expenses incurred for travel to interviews will not be reimbursed.

Any move to MOD from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/.

DNO Information Technology Security Officer and Capability Auditor

City of Westminster, London (region), SW1A 2HB

Job summary

Do you want to be at the heart of real Defence issues and play a key role in the United Kingdom’s (UK) national security?

Established in April 2016, the Defence Nuclear Organisation (DNO) delivers nuclear capability to deter threats and protect our nation. The DNO oversees all defence nuclear business (excluding operations) and is responsible for providing nuclear deterrence; sponsoring the Defence Nuclear Enterprise (all the organisations, programmes and people that sustain the UK’s nuclear deterrent); and advising on UK nuclear policy, planning and international co-operation on nuclear matters.

The UK’s independent nuclear deterrent has existed for over 60 years to deter the most extreme threats to our national security and way of life, and that of our NATO Allies. To ensure that we have a credible and capable nuclear deterrent for as long as the security situation requires, we are building four new nuclear armed submarines – known as the Dreadnought Class – and replacing our nuclear warheads. These renewal programmes will utilise world-leading technology and are a showcase in science and engineering, highlighting the prowess of British industry.

Here at DNO we strongly believe that diversity and inclusion is not only the right thing to do but is also essential for a thriving and successful organisation. We know that diverse teams bring a wide range of perspectives, experiences and ideas, which lead to better decision-making, creativity and innovation. We have a culture where differences are celebrated and our people feel supported, included and empowered. Join us and be part of an organisation that truly values diversity and inclusion and makes a positive impact on the world.

The Strategic Systems Performance Analysis and Assessment Group (SSPAG) supports the Nuclear Deterrent through a programme of analysis, assessments and audits of key capabilities and military operations. Our assessments are central to senior decision making within the Ministry of Defence. You will be joining a small team of internal auditors who are responsible for the delivery of timely, high-quality audits and assessments. We provide evaluations of compliance and effectiveness of key Nuclear Deterrent capabilities, often at the direct request of senior decision makers such as the Secretary of State, the Permanent Secretary and the Chief of Defence Staff.

This position is advertised at 36/37 hours per week Tacos Dependant.

Job description

The role is dual purpose as both an Internal Auditor for Nuclear Deterrent capabilities and also SSPAG’s Information Technology Security Officer (ITSO).

As the SSPAG ITSO you will advise on and deliver the group’s Cyber and Information Security activities.

Responsibilities include:

  • Provide Information Technology / Digital / Cyber Security advice to the Head of SSPAG, specifically in relation to SSPAG-owned IT systems.
  • Act as the SSPAG liaison with Ministry of Defence Information / Cyber Security authorities.
  • Operate in co-ordination with the SSPAG Branch Security Officer to assure Information Security.
  • Operate in co-ordination with the SSPAG Security Assurance Coordinator (SAC) to deliver IT Security compliance activities.
  • Produce and enforce Information Security policies for SSPAG’s IT system, ensuring the protection of classified and Special Access Programme information held on SSPAG IT Systems.
  • Conduct assurance activity with respect to SSPAG-owned IT systems.

 

As a SSPAG Auditor you will support assurance and consultation services provided to Defence operators, capability owners and senior decision makers within the Nuclear Deterrent Programme, supporting audit activity across a range of capabilities and operations.

Responsibilities include:

  • Contribute to the audit team’s evaluations of compliance, effectiveness and performance of Nuclear Deterrent capabilities and operations. 
  • Monitor, develop and maintain the appropriate and necessary techniques, tools, data and methodologies to enable your responsibilities to be carried out effectively
  • Contribute to Audit briefings, presentations and reports.

 Flexible and condensed working patterns can be considered for this post, but due to security constraints the role is not suitable for hybrid working. Candidates are encouraged to discuss options with the recruiting line manager before submitting an application. 

Person specification

We are looking for someone with an analytical mindset, who enjoys understanding complex problems and can provide credible insight into an audit topic or advice on Information / Cyber Security. Whether you have a background in cyber security assurance or in governance and risk management, you would be supported to expand and develop your skills within SSPAG.

You will have:

  • Good verbal and written communication skills, with the ability to convey information in a concise and compelling fashion to stakeholders using different tools and methods.
  • Good analytical skills and the ability to produce qualitative and quantitative evaluations.
  • Good team work and collaboration skills, with the ability to plan and deliver against timeframes and schedules set by other areas of Defence.


Desirable Qualifications:

Level 6 (degree) qualification, or equivalent experience, in STEM (Science, Technology, Engineering, Maths) or other technical discipline.

Candidates would benefit from having one or more of the following qualifications, skills and experience.

  • Institute of Internal Auditors (IIA) certificates or awards; or
  • ISO27001 Lead Auditor; or
  • Information Security certificates or awards – NCSC Certified Professional (CCP), ISACA Certified Information Security Manager (CISM) or ISC2 Certified Information Systems Security Professional (CISSP)

Desirable Skills:

  • Conducting audits, studies, research, assessments, investigations or inspections. ·
  • Developing or delivering UK Government Information / Cyber Security policies and best practice.

Behaviours

We’ll assess you against these behaviours during the selection process:

  • Making Effective Decisions
  • Communicating and Influencing
  • Leadership
  • Changing and Improving
  • Working Together

We only ask for evidence of these behaviours on your application form:

  • Making Effective Decisions
  • Communicating and Influencing
  • Leadership
  • Changing and Improving
Alongside your salary of £34,850, Ministry of Defence contributes £9,409 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

We truly believe that the MOD is a great place to work, and we offer a unique employee experience. We want to ensure that every single employee feels appreciated and fairly rewarded and offer the following additional benefits:

  • Learning and development tailored to your role and broader skill development, enabling you to build a long-term career in your chosen area. Where appropriate there will be offers of training under our apprenticeship schemes.
  • An environment with flexible working options
  •  A culture encouraging inclusion and diversity
  • A Civil Service pension with an average employer contribution of 27%
  • 25 days annual leave rising to 30 days upon completion of 5 years’ service
  • On-site Gym
  • Cycle Loan (Advance on Salary)
  • Thank You Scheme
  • Defence Sports & Recreational Association (DSRA)
  • Defence Discount Service
  • On-site Nursery

Please note: Expenses incurred for travel to interviews will not be reimbursed.

Please note SSPAG is situated 2 flights underground. With no access to a lift or windows.

Non-Standard move applicants will be eligible for the full package, subject to eligibility.

The post does not offer relocation expenses (move of home, excess fares or temporary transfer). Non Standard move applicants will be eligible for the full package, subject to eligibility.

Please Note: Expenses incurred for travel to interviews will not be reimbursed.

Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.

Any move to MOD from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/.

The Ministry of Defence is committed to providing a safe and healthy working environment for its staff which includes educating them on the benefits of not smoking, protecting them from the harmful effects of second-hand smoke and supporting those who want to give up smoking. Under the Smoke-Free Working Environment policy, Smoking and the use of all tobacco products (including combustible and chewing tobacco products) will not be permitted anywhere in the Defence working environment however some exemptions are in place, please refer to local guidance. The policy is Whole Force and includes all Defence personnel, contractors, visitors and other non-MOD personnel. All applicants seeking, considering, or accepting employment with the Ministry of Defence should be aware of this policy and that it is already in place at a number of Defence Establishments.

MOD Recruitment Satisfaction Survey – we may contact you regarding your experience to help us improve our customer satisfaction. The survey is voluntary and anonymous. You may however be given the opportunity to provide additional information to help us improve our service which includes the collection of some personal data as defined by the United Kingdom General Data Protection Regulation (UK GDPR). The MOD Privacy Notice sets out how we will use your personal data and your rights.

Project Security Specialist

Job #: R-00115325
Location: Mobile, UK
Category: Security
Schedule (FT/PT): Full Time
Travel Required: Yes, 50% of the time
Shift: Day
Potential for Telework: Yes, 50%
Clearance Required: UK – DV

Description

Project Security Specialist

Location: UK Mobile Worker

Are you ready for your next career challenge?

The Role:

Leidos is seeking an enthusiastic project security specialist to lead the implementation and assurance of security within our diverse portfolio of contracts.

This role requires a specialist with skills in all areas of protective security and demonstrable experience of applying security frameworks such as the security policy framework and ISO 27001.

What you will be doing:

Reporting to the Leidos UK Head of Security, the Project Security Officer will work both independently and within small teams across various projects, frameworks and in support of business development activities to:

  • Lead the interpretation and implementation of contractual security obligations providing expertise as Security Advisor on security policy requirements, security aspects letters, industry security best practice and project security risks
  • Lead physical security related activities across the Leidos UK estate, co-ordinating the efforts of facility security officers and other security points of contact
  • Develop standard and bespoke security policies, procedures and work instructions in collaboration with relevant stakeholders
  • Obtain and maintain ISO 27001 certification, or achieve compliance to the standard, as part of the centralised Information Security Management System where contractually required
  • Chair security working groups, maintaining appropriate records of actions and decisions
  • Co-ordinate security within business development activities and develop responses to pre-qualification questionnaire and invitations to tender
  • Deliver tailored security education and training initiatives appropriate to audience and requirements
  • Manage security incidents and conduct security investigations ensuring timely response to meet internal and external reporting obligations
  • Ensure security requirements are appropriately flowed down throughout the supply chain and suppliers are correctly on-boarded and managed
  • Support the delivery of business continuity planning within assigned projects
  • Respond to Customer requests for Security assurance
  • Participate in internal and external security compliance audits, conducting internal audits per the annual audit plan
  • Develop and maintain relevant relationships with key security personnel within Customer, partner and supplier organisations

What does Leidos need from you?

  • Experience working within the Defence Industry and/or military background
  • You will have led security investigations
  • You will have had responsibilities for physical security audits and installations
  • It would be desirable if you were a certified ISO 27001 Lead Implementer / Lead Auditor or had experience in this
  • Able to travel through the UK 25% of the time
  • Due to the nature of the work undertaken by Leidos UK the incumbent must be a British national with 5 years residency in the UK

Clearance Requirements:

Clearance to Start: SC

Clearance for Role: DV

Discover, inspire, and grow with Leidos UK. Apply today!

What we do for you:
At Leidos we are PASSIONATE about customer success, UNITED as a team and INSPIRED to make a difference. We offer meaningful and engaging careers, a collaborative culture, and support for your career goals, all while nurturing a healthy work-life balance.
We provide an employment package that attracts, develops and retains only the best in talent. Our reward scheme includes:
•    Contributory Pension Scheme
•    Private Medical Insurance
•    33 days Annual Leave (including public and privilege holidays)
•    Access to Flexible benefits (including life assurance, health schemes, gym memberships, annual buy and sell holidays and a cycle to work scheme)

•    Dynamic Working 

Commitment to Diversity:

We welcome applications from every part of the community and are committed to a truly diverse and inclusive culture.  We foster a sense of belonging, welcoming all perspectives and contributions, and providing equal access to opportunities and resources for everyone.  If you have a disability or need any reasonable adjustments during the application and selection stages please let us know, and we will respond in a way that best fits your needs.

Who We Are:

Leidos UK & EUROPE – we work to make the world safer, healthier, and more ef

Leidos is a growing company delivering innovative technology and solutions focused on safeguarding critical capabilities and transformation in frontline services, our work in the United Kingdom includes addressing some of the most complex problems in defence, healthcare, government, safety and security, and transportation.

What Makes Us Different:

Purpose: you can use your passion and abilities at Leidos to keep the people you care about safe. We are at the forefront of machine learning, AI, cyber security and solutions. Using your skills in the technology frontline by helping to build a safer world.  You can inspire change.

Collaboration: having flexibility to do your job is one of our core benefits, enabling you to become part of our extraordinary team.  We have been empowering our people to work flexibly for years.  Whether you work from home, the office or on customer sites, we will give you the digital tools and the flexibility to work smarter and align your needs and ours.

People: Leidos empowers people from every background to be themselves and gives you the tools to learn new skills by enabling growth whilst developing. We believe that extraordinary people need opportunities to grow, to be inspired and to inspire others. At Leidos, we invest in technical academies, career rotations and a career development plans that enhance your future.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

Cyber Security Auditor (Senior Cyber Security Risk Manager)

Croydon, Manchester

Job summary

The Senior Cyber Security Auditor identifies, understands, and mitigates cyber-related risks. They identify and evaluate security risks to information, systems and processes owned by the organisation, and proactively provide appropriate advice, drawing on a wide variety of sources, to stakeholders across the organisation and at a variety of levels. They provide risk or service owners with advice to help them make well informed risk-based decisions. 

Job description

Responsibilities

Your main day to day responsibilities will be:

  • Planning and implementation of organisation-wide auditing processes and procedures for the management of risk to the success or integrity of the business, arising from the use of information technology hardware or data
  • Monitor the efficiency and effectiveness of the risk management processes across the organisation and make recommendations for continuous improvement.
  • Conduct reviews, audits, and assessments and feedback findings to the relevant parties
  • Communicate outcomes to stakeholders to support effective security, risk management and decision-making, and advise stakeholders on recommendations in the context of their business outcomes
  • Work within established security and risk management governance structures, usually under supervision to support, review and undertake straightforward audit activities such as: helping with the analysis and derivation of business-supporting security needs; undertaking cyber security related audits; control assessments and other audit activities
  • Interpret and contribute to the development of audit-related policy and assure the ongoing appropriateness of policy in accordance with regulation and wider departmental and government policies
  • Understand the applicability of appropriate legislation and regulations
  • Provide advice to address identified cyber security related risks by applying of a variety of security testing, which may include using published guidance, standards, or experts as appropriate: the scenarios will be straightforward, and the advice given will be proportionate and contextualised to the use case. Provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different auditing activities and make recommendations for improvement
  • Help risk or service owners to make decisions that are well informed by good and clear security advice, including contributing to documentation, reports or working within established reporting chains in a security team to a high level of quality

You may be required to perform other duties within the scope of the grade and within the limits of your skill, competence and training (see attached Role Description – Other Day to Day Activities).

Person specification

Skills and Experience

You’ll have a demonstrable passion for Cyber Security, with the following skills or some experience in:

Strategy and architecture:

  • Security and Privacy
  • Information Assurance (INAS) – Level 4
  • Governance, Risk and Compliance
  • Risk Management (BURM) – Level 4
  • Audit (AUDT) – Level 4
  • Quality Assurance (QUAS) – Level 5
  • Advice and Guidance
  • Specialist Advice (TECH) – Level 4

Relationships and Engagement

  • Stakeholder Management
  • Stakeholder Relationship Management (RLMT) – Level 4

The skills listed above are reflective of the Home Office DDaT Profession Skills and Competency Model (based on the industry standard SFIA framework).

Essential Criteria

Please see below for the relevant skills required for your role:

  • Auditing security policy documentation, working in line with best practice principles for information security and risk management
  • Developing technical knowledge in order to understand the security impacts of any changes, and applying yourself to manage these
  • Absorbing potentially large amounts of conflicting information and using it to produce recommendations and solutions, leveraging analysis to enhance business performance
  • Demonstrating strong stakeholder skills in order to communicate and influence colleagues around the impact of security issues

Desirable Criteria

Ideally you will also have the following skills or some experience in:

  • Managing risk management and audit tools
  • Audit experience within a large government department
  • CISSP
  • NIST CSF 800-53
  • ISEB Certificate in Information Security Management Principles (CiSMP)
  • ISEB Practitioner Certificate in Information Risk Management is desirable

Behaviours

We’ll assess you against these behaviours during the selection process:

  • Making Effective Decisions
  • Communicating and Influencing
  • Delivering at Pace

Technical skills

We’ll assess you against these technical skills during the selection process:

  • Risk Management (BURM)
  • Audit (AUDT)
  • Specialist Advice (TECH)
  • An in-year performance bonus scheme.
  • A Civil Service pension with employer contribution rates of between 26.6% and 30.3%, depending upon salary.
  • 25 days annual leave on appointment, plus 8 days public holidays and 1 day for the King’s Birthday, rising further with service.
  • Flexible working options to enable you to achieve the work life balance that right for you including part-time, flexi time and job sharing.
  • Training and development opportunities tailored to your role.
  • A culture encouraging inclusion and diversity.
  • Season ticket loans and rental deposit loans.
  • Cycle to work and payroll giving.
  • Employee discounts – including a huge number of retailers, Microsoft Home Use programme and gym membership.
  • A variety of staff recognition schemes including thank you vouchers.
  • Health and wellbeing initiatives including monthly mindfulness sessions.
  • Staff support networks.
  • Maternity, adoption or shared parental leave of up to 26 weeks full pay followed by 13 weeks of statutory pay and a further 13 weeks unpaid.
  • Maternity and adoption support leave (paternity leave) of 2 weeks full pay.
  • Up to five days paid leave for volunteering.
  • Study leave and support for studying for a qualification or other accredited development relevant to your role.

Regional Security Manager

Portsmouth – Lynx House, 1 Northern Road, Portsmouth

Job summary

This is an exciting opportunity to work within the operational security team, where you will keep our people, buildings, and assets safe and secure. You will work with other Estates colleagues within your building to achieve outcomes. You’ll use your knowledge to give advice and make decisions.

See what it’s like to work at HMRC: find out more about us or ask our colleagues a question. Questions relating to an individual application must be emailed as detailed later in this advert.

Job description

You will be responsible for assuring the efficient and effective management of all aspects of operational and physical security at one of the Regional Centre’s and associated sites within the locale. You will be responsible for monitoring and reporting Key Performance Indicators associated with HRMC’s external security service providers.

You will ensure that day-to-day responsibilities for building related operational security obligations are met in accordance with the National Security Policies, including those policies that are owned by other directorates and government departments.

Operate in line with HMRC’s strategy and industry best practice to promote and enhance site security and preparedness to keep HMRC’s people, assets, and buildings safe and secure.

Person specification

  • Support the Commercial Business Partner in Security Service implementation and maintenance developing strong working relationships to achieve maximum value from the security contract.
  • Produce and maintain building security management documentation such as regional Risk Registers and local risk assessments and security reviews., formulating the Building Security Policy in line with minimum Government Standards.
  • Identify, record, and analyse all building related security risks; formulate mitigating actions and share nationally, on with the standard HMRC security templates.
  • Undertake monthly security assurance reviews to ensure standards are adequate and meet existing threats and risks to the business.
  • Collaborate with the external security providers to ensure the effective and efficient delivery of physical security posture via the agreed site-specific assignment instructions: to include man-guarding, patrolling, reporting, incident management, after action reviews and escalations to the appropriate stakeholders.
  • Support and undertake Level One Security Assurance in the form of monthly KPIs and associated checks in line with the yet to be written policy (statutory legislation).
  • Take the lead in dealing with physical security incidents in line with National Security Framework guidelines.
  • Collaborate on security operations and activities with HMRC colleagues in Counter Terrorism, HMRC Security, Incident Control Officers and outside agencies such as the local Police and Fire Services.
  • Communicate security status, updates, actual or potential problems, to appropriate stakeholders.
  • Support and assist in emergency management and contingency planning regarding physical security issues as the operational security subject matter expert (SME), liaising with other members of the Regional Centre Building Management team such as the ICO.
  • Provide SME advice and management overview of security provisions in additional sites within your areas of responsibility.
  • Raise and investigate all Access Control related SIRs identify and implement contingencies.

 Essential Criteria:

  • A working knowledge of operational security.
  • Evidence of working with Suppliers & demonstrating strong negotiation skills.
  • Excellent relationship builder, experience working across all levels in an organisation.
  • Demonstration of strong customer relationship management dealing with a diverse range of challenging stakeholders at a senior level.
  • A proven track record of operating at a tactical level delivering Security Services across complex sites.
  • Proven track record of analysing and resolving problems, developing opportunities, and implementing innovate solutions/approaches.
  • Able to demonstrate personal self-development and development of team.

Behaviours

We’ll assess you against these behaviours during the selection process:

  • Managing a Quality Service
  • Making Effective Decisions
  • Working Together
  • Changing and Improving
  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • Civil Service pension with an average employer contribution of 27%

Find more about HMRC benefits in ‘Your little extras and big benefits handbook’ for further information or visit Thinking of joining the Civil Service.

PoCC and UKFIU Senior Manager

*London, Birmingham, Gillingham (Kent), Sunderland or Southampton (For successful candidates based outside of London or Birmingham regular and potentially overnight travel to those two locations is required.) – * ‘For London based roles your contractual place of work will be Endeavour Square.  However, as that site will not be operational until early 2025 in the interim period you will be required to carry out your contractual duties from Spring Gardens, or such other reasonable location, on a temporary basis.  For the avoidance of doubt as your contractual place of work is Endeavour House, the move from any temporary place of work will not give rise to any entitlement to payments for travel time or costs under the Relocation and Excess Travel Policy.

Job summary

The PoCC and UKFIU have a wide remit and  we are looking for a individual to join us as a senior manager of our PoCC team. That post will also have oversight of the PoCC/ UKFIU People Services team.

Your varied duties mean that every day will bring a new challenge. The often time-critical nature of your activities will mean you must be able to multi-task and prioritise.

Whatever your role you will be making a difference.

Job description

The Proceeds of Crime Centre (PoCC) delivers a statutory function of the Director General, NCA in accrediting and training financial (investigation and intelligence) officers across UK Policing and other Government Departments, ensuring consistent standards in the execution of the powers they derive from the Proceeds of Crime Act.

This role at the heart of the UK Anti-Money Laundering regime offers a varied and challenging opportunities to progress and develop your career in your chosen professional area.

The Proceeds of Crime Centre (POCC) sits within the NECC and has statutory functions under the Proceeds of Crime Act (POCA) 2002 to train, accredit and monitor Financial Investigators (FI) and Financial Intelligence Officers (FIO) across UK Law Enforcement – in fact any organisation empowered under the Proceeds of Crime Act.  As such it oversees in excess of 3000 FI’s at present. Through this PoCC Supports the Governments Asset Recovery Action Plan by developing and delivering PoCA training and accreditation across law enforcement.

The UKFIU sits at the heart of the regime, providing the gateway to reporters and a repository of data to inform law enforcement. Working within one of the teams offers a fascinating insight into high-end operational activity and working across a number of risk areas.

***To be considered, you will need to successfully complete SC Enhanced clearance before commencing the role.***

Person specification

Duties will be varied and will include the following key responsibilities:

  • Lead the PoCC Team in their accreditation regime of Financial Investigators and Intelligence Officers across England and Wales, exploring and introducing innovative ways of delivering that requirement;
  • Working with the DD, G1s and other G2s, to contribute to the strategic and operational development of the department and the delivery of the PoCC statutory functions, deputising for the Head of Department as required;
  • Leading strategic engagement with a range of internal and external stakeholders, to develop and maximise strategic opportunities relevant to the PoCC;
  • Working closely with NECC BMT, lead the People Services aspects of PoCC and UKFIU work, in particular on Recruitment, People Engagement and associated matters;
  • Working cooperatively with staff and colleagues, to promote creativity, high performance and adherence to corporate values, managing issues relating to the performance and conduct of officers, as required;
  • Be passionate about diversity and developing people inclusively, strengthening their ability to deliver and enabling them to grow in their roles and careers. You will actively coach and engage people, building their resilience through supporting them in their roles and enabling their wellbeing.

Behaviours

We’ll assess you against these behaviours during the selection process:

  • Leadership
  • Changing and Improving
  • Communicating and Influencing

Technical skills

We’ll assess you against these technical skills during the selection process:

  • A strong understanding of the illicit finance landscape and the relevant legislation (UK and international) affecting law enforcement activity and Proceeds of Crime Centre Work.
  • Experience in effective risk management and decision making with accountability for decisions made.
  • Experience of managing budgets and working closely with corporate enabling functions including Finance.

We only ask for evidence of these technical skills on your application form:

  • A strong understanding of the illicit finance landscape and the relevant legislation (UK and international) affecting law enforcement activity and Proceeds of Crime Centre Work.
  • Experience in effective risk management and decision making with accountability for decisions made.
Alongside your salary of £57,640, National Crime Agency contributes £15,562 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Whatever your role, we take your career and development seriously, and want to enable you to build a really successful career with the Agency and wider Civil Service.

If you are an active police pension member immediately prior to joining the NCA, you can continue your membership throughout your employment with us as if you were a serving police officer. If you do remain an active member and subsequently return to a police force, you should be able to continue your membership there too.

All officers in the NCA are members of the UK Civil Service. You will be eligible for:

  • Civil Service pension scheme
  • 26 days annual leave rising to 31 on completion of 5 years continuous service
  • Training and development opportunities
  • Cycle2work scheme

We take the welfare of NCA officers very seriously. All staff have access to Occupational Health services and there are a number of staff representative groups. We also have a range of sporting and other activities on offer.

We can provide flexible working arrangements if the role in question is suitable. These include flexi-time, job sharing and compressed hours (working contracted hours over a shorter period).

Cyber Security Risk Manager

Croydon, Manchester

Job summary

The Cyber Security Risk Manager identifies, understands and mitigates cyber-related risks. They identify and evaluate security risks to information, systems and processes owned by the organisation, and proactively provide appropriate advice, drawing on a wide variety of sources, to stakeholders across the organisation and at a variety of levels. They provide risk or service owners with advice to help them make well informed risk-based decisions.

Job description

Responsibilities

Your main day to day responsibilities will be:

  • assisting in the planning and implementation of organisation-wide processes and procedures for the management of risk to the success or integrity of the business, especially those arising from the use of information technology, hardware or data. working with the team to monitor the efficiency and effectiveness of the risk management processes across the organisation and help make recommendations for continuous improvement
  • collaborate to conduct reviews and risk assessments when necessary and help feedback findings to the relevant parties. contribute to communicating risk assessment outcomes to stakeholders in ways that support effective security, risk management and decision-making, and advise stakeholders on their approach to risk assessment in the context of their business outcomes
  • work within established security and risk management governance structures, under supervision to support, review and undertake straightforward risk management activities such as: helping with the analysis and derivation of business-supporting security needs; undertaking cyber security related risk assessments; basic threat assessments and other risk management activities
  • interpret and contribute to the development of risk management-related policy and assure the ongoing appropriateness of policy in accordance with regulation and wider departmental and government policies. have some understanding of the applicability of appropriate regulations
  • help to provide advice to address identified cyber security related risks by applying of a variety of security capabilities. provide straightforward advice to validate the effectiveness of risk mitigation measures, including some understanding of how to use different assurance activities and make recommendations for improvement
  • help to advise risk or service owners to make decisions that are well informed by good and clear security advice, including making some contribution to reports or working within established reporting chains in a security team

Note: An employee may be required to carry out other duties within the scope of the grade and within the limits of their skill, competence and training.

Other day to day activities

You will also be expected to carry out the following day to day activities:

  • help to identify process optimisation opportunities and work on the implementation of proposed solutions
  • driving the collection of statistical information relating to systems security incidents and identified vulnerabilities to produce reports for senior stakeholders
  • working with members of the team to ensure that everyone is up to speed with home office and security principles and developing in line with home office values
  • working closely with other home office cyber security (HOCS) personnel to ensure that specialist knowledge is kept current
  • assist with providing ad hoc support to it teams by answering general enquiries about information security requirements
  • participating, contributing to, and supporting collaboration initiatives and career development within the community, building in-house capability via the professional community of practice
  • supporting reviews of security policy documentation, including procedures, processes and security notices, to ensure that requirements from governance, such as the system security document are reflected
  • helping to plan and deliver internal security audits, assisting with analysing audit data in order to help make recommendations on how we can ensure information conforms to processes, procedures and regulations
  • communicating effectively with relevant teams and stakeholders regarding the importance of security considerations and respond accordingly to changes in policy and procedure
  • supporting the review of internal controls following any security breach, helping to provide advice on how to remediate any vulnerabilities discovered
  • working with the team on remedial solutions and helping to ensure resolution activities are carried out through liaising with the appropriate stakeholders
  • working with technical teams to audit the continuous monitoring of designated systems and networks and the recording of security events and incidents to highlight system and network errors and support investigations
  • ensure all identified risks are managed in accordance with home office risk management policies

Person specification

Skills and Experience

You’ll have a demonstrable passion for Cyber Security, with the following skills or some experience in:

Strategy and architecture:

  • Security and Privacy
  • Information Assurance (INAS) – Level 3
  • Governance, Risk and Compliance
  • Risk Management (BURM) – Level 3
  • Audit (AUDT) – Level 3
  • Quality Assurance (QUAS) – Level 4
  • Advice and Guidance
  • Methods and Tools (METL) – Level 3

Relationships and Engagement

  • Stakeholder Management
  • Stakeholder Relationship Management (RLMT) – Level 4

The skills listed above are reflective of the Home Office DDaT Profession Skills and Competency Model (based on the industry standard SFIA framework).

Essential Criteria

Please see below for the relevant skills required for your role:

  • Perform risk assessments including developing technical knowledge in order to identify and assess security impacts on the organisation and suggest and agree suitable mitigation
  • Absorbing potentially large amounts of conflicting risk information and using it to produce recommendations and solutions, leveraging analysis to enhance business performance and reporting
  • Demonstrating stakeholder skills in order to communicate and influence colleagues around the impact of security issues

Minimum Skill expectations include:

  • Information risk assessment and risk management – working level
  • Applied security capability – working level
  • Threat understanding – awareness level

Desirable Criteria

Ideally you will also have the following skills or some experience in:

  • Risk management and audit tools

Behaviours

We’ll assess you against these behaviours during the selection process:

  • Making Effective Decisions
  • Changing and Improving
  • Communicating and Influencing

Technical skills

We’ll assess you against these technical skills during the selection process:

  • Risk Management (BURM)
  • Specialist Advice (TECH)
Alongside your salary of £32,000, Home Office contributes £8,640 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
  • An in-year performance bonus scheme
  • A Civil Service pension with employer contribution rates of between 26.6% and 30.3%, depending upon salary
  • 25 days annual leave on appointment, plus 8 days public holidays and 1 day for the King’s Birthday, rising further with service
  • Flexible working options to enable you to achieve the work life balance that right for you including part-time, flexi time and job sharing
  • Training and development opportunities tailored to your role
  • A culture encouraging inclusion and diversity
  • Season ticket loans and rental deposit loans
  • Cycle to work and payroll giving
  • Employee discounts – including a huge number of retailers, Microsoft Home Use programme and gym membership
  • A variety of staff recognition schemes including thank you vouchers
  • Health and wellbeing initiatives including monthly mindfulness sessions
  • Staff support networks
  • Maternity, adoption or shared parental leave of up to 26 weeks full pay followed by 13 weeks of statutory pay and a further 13 weeks unpaid
  • Maternity and adoption support leave (paternity leave) of 2 weeks full pay
  • Up to five days paid leave for volunteering
  • Study leave and support for studying for a qualification or other accredited development relevant to your role

Enquire now

The first step in our joining process is to submit your CV. This will be read to determine the appropriate joining route and you will then be sent an email with a link to the relevant application form.

  • Please upload your CV here