Archives: Jobs

Cardiff, Wales, CF14 3UZ

We are looking for an enthusiastic, experienced, and qualified Security Architect to become our Head of Identity and Access Management, with strong leadership skills, excellent technical knowledge, and a drive to deliver a high-quality service.

You will be responsible for leading the establishments overarching Identity and Access Management (IDAM) framework, governed by the principles of providing the right access to the right people at the right time and technical Zero Trust methodologies and architectures. As part of this role you will create a harmonious digital ecosystem that secures and verifies the identity of users and guests. Utilising those verified identities, you will integrate our people and processes’ to allow controlled authorisation of access to applications, devices and data ensuring that this authorisation is periodically reviewed.

We looking for an excellent communicator who is comfortable building and motivating collaborative teams from scratch whilst being able engage, influence and collaborate with both internal users and external suppliers to deliver successful outcomes for the organisation and our partners. You will be an expert in IDAM frameworks and the principles that govern them with the ability to brief clearly and concisely, technical materials in an understandable and relatable way to all audiences from the executive to new day one professionals.

This is an exciting opportunity where you will be shaping how we provide our users and guests with the safest and most secure way of interacting with Companies House applications, devices, and data. By doing this you will be at the forefront of digital transformation in Government.

Companies House leads the way in providing an open and transparent company register.  Our register is searched billions of times a year and estimated that it will be worth over £10 billion to the UK economy, after our Transformation, supporting millions of business decisions every day. Companies House strategy 2020 to 2025. 

Come and help us as we embark on a redesign of our digital services and culture.

We are currently using a hybrid approach to the way we work. The majority of our digital teams are based in our Cardiff head office. 

At Companies House, hybrid working is about achieving an effective balance between working in the office and working from other appropriate locations. Our approach to hybrid working provides opportunities for you to be adaptable in the way you work so that you can achieve a healthy balance between your work and home life. We currently expect those on hybrid contracts to attend the Cardiff office a minimum of one day a week but the exact degree of choice you have will depend on your role and your day-to-day work activities and should be agreed through discussions with your line manager.

As part of your role, you will be expected to:

• You will lead the implementation of an IDAM framework across the digital estate. You will work with the appropriate teams and individuals from all areas up to executive level across the organisation and with wider Government leaders.
• You will be the Principle Subject Matter Expert (SME) within CH for Identity and Access Management.
• You will provide the leadership and will have the communication skills to ensure IDAM and its priority and relevance is understood and adopted across the organisation and integrated into our people, systems, and data.
• You will report to CH’s designated senior security leaders and executive directors as required.
• You will work closely with the Digital and Technology Directorate, CDO and Security team to deliver a first class IDAM services.
• You will use your expertise to optimise and automate processes wherever possible utilising modern methods and technologies.
• You will coordinate internal and external resources as and when needed to investigate problems, implement solutions, and take preventative measures to ensure service continuity.
• You will work with the Commercial team to ensure that IDAM requirements are embedded in their software procurement processes as necessary and act as the escalation point for any required risk management.
• You will support Digital and Technology Directorate to achieve its public availability target (currently 99.9%) through the prevention of disruption arising from IDAM incidents.

This is an exciting opportunity, protecting our services and by extension, our users. By helping us to shape our services, you’ll have the opportunity to be at the forefront of digital transformation in government.

We are looking for someone with the following: –

• You will have the ability to brief clearly and concisely, technical materials in an understandable and relatable way to all audiences from the executive to new day one professionals.
• You will have demonstrable leadership and management skills, capable of driving change across the business through the effective management of programmes and projects.
• Working with third parties in and out of government you will be able to translate audit findings into tangible changes in strategy and/or policy, and in turn generate the required technical changes in our digital estates.
• You are an expert in IDAM frameworks and the principles that govern them.
• You are experienced in administering the components that make up Microsoft Entra, Intune, M365 Administration, and other mainstream cloud software packages.
• You can deal with ever changing priorities by assessing the risk and impact associated with each request and provide clear leadership as the Principal SME.
• You are commercially aware and have experience of contract management.
• You are motivated to continually develop your own skills as a Security Architect and as the Principal IDAM SME.
• You can engage, influence, and collaborate with both internal users and external suppliers to deliver successful outcomes for the organisation and our partners.
• You are an excellent communicator both verbally and written who can present technical matter in a compelling way that all can understand.
• You are an experienced Leader who is comfortable building and motivating collaborative teams from scratch.
• You can demonstrate the ability to confidently deliver presentations to small and large groups of people inclusive top-level executives.

Technical Skills

• Higher Education or Profession Certification related to Digital, Technology, Data, Security or similar relevant to the role.
• Excellent understanding of Identity and Access Management using Microsoft Entra, Azure Active Directory, Single Sign On, Multi Factor Authentication, Conditional Access policies and AWS stack.
• Excellent understanding of modern hacking Tactics, Techniques and Procedures.
• Excellent understanding of the market offerings for IDAM technologies and how to implement them.
• Excellent understanding of Data Governance including labelling, retention, and records management.

Behaviours

Leadership 

As the Head of IDAM for Companies House you will Stand by, promote or defend own and team’s actions and decisions where needed. You will welcome and respond to views and challenges from others, despite any conflicting pressures to ignore or give in to them. Leading the IDAM elements of the security strategy and implementing the IDAM framework you will seek out shared interests beyond own area of responsibility and understand the extent of the impact actions have on the organisation. You will inspire and motivate teams across Companies House to be fully engaged in their work and dedicated to their role. As a leader in Companies House you will promote diversity, inclusion and equality of opportunity, respecting difference and external experience.

Working Together  

As the principle IDAM Subject matter expert in Companies House you will actively build and maintain a network of colleagues and contacts to achieve progress on shared objectives. Utilising your general Security Architecture expertise, you challenge assumptions while being willing to compromise if beneficial to progress. As a leader within the Security, digital and data communities you will build strong interpersonal relationships and show genuine care for colleagues ensuring consideration and support for the wellbeing of yourself and individuals throughout the team. Understand the varying needs of the teams across Companies House to ensure they are supported and their experiences are utilised. You will create an inclusive working environment where all opinions and challenges are taken into account and bullying, harassment and discrimination are unacceptable. Remain available and approachable to all colleagues and be receptive to new ideas.

Changing and Improving  

As the Principal IDAM Subject Matter Expert and Head of IDAM, you will encourage, recognise and share innovative ideas from a diverse range of colleagues and stakeholders. Give people space to take initiative and praise them for their creativity. Create an environment where people feel safe to challenge and know their voice will be heard. Make changes which add value and clearly articulate how changes will benefit the business. Understand and identify the role of IDAM in public service delivery and policy implementation. Consider the full impact of implementing IDAM changes on culture, structure, morale and the impacts on the diverse range of end users, including accessibility needs. Identify early signs that things are going wrong and respond promptly. Provide constructive challenge to senior management on change proposals and ensure IDAM is integrated into the entire office’s ways of working.

Delivering at Pace  

As the Principal IDAM Subject Matter Expert and Head of IDAM you will ensure a robust and practical approach to IDAM roles and responsibilities. Business prioritisation will benefit from your expert opinion as Principal IDAM Subject Matter Expert. You will give honest, motivating and enthusiastic messages about IDAM and wider priorities, objectives and expectations to get the best out of people. You will ensure Companies House’s people, systems and data comply with legal, regulatory and security requirements across the digital estate. You will set out clear processes and standards for managing IDAM performance at all levels across the business inclusive of monitoring and presenting maturity levels. Ensure delivery of timely quality IDAM outcomes, through providing the right expertise and resources to deliver our services and required IDAM outcomes, reviewing and adjusting performance expectations and rewarding success. You will maintain own levels of performance in challenging circumstances and encourage others to do the same.

About Us
Companies House is an award-winning employer, building brilliant services on cutting edge technology. You’ll join our digital team at a time of transformation and you will be a part of shaping the future of our department. We use Agile methodologies and promote a culture of continuous improvement.





Inclusive and diverse teams are important to us. Wherever we can, we provide opportunities to work part-time, job-share or look for smarter ways of working. We’ll support you to meet other commitments and help you find a better work-life balance. We’re keen to create an environment that works for everyone.

Our aim is to be the best registry in the world achieved through brilliant people working on brilliant systems delivering brilliant services. We are currently delivering an organisation wide transformation programme focussing on a complete redesign of our digital services, target operating model and culture. This change will need different skills, capabilities and mindset where adaptable, bold and curious behaviours are the norm and empowerment is encouraged and utilised.

Companies House values its people, their contributions and has created a real sense of community where people seek to create strong connections. Our commitment to learning and development is exceptional, and we believe passionately in the employee experience with is prevalent through the engagement, wellbeing and development strategies which have resulted in Gold Investors in People and MIND index awards.

We are an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Everyone in Companies House brings something different, and so will you. We are committed to ensuring that we are representative of the citizens that we serve. To fulfill our commitment to recruiting and attracting diverse talent we welcome applications from underrepresented groups.

We encourage professional development, celebrate success and live our values to effect real change.

We’ll assess you against these behaviours during the selection process:

• Leadership
• Working Together
• Changing and Improving
• Delivering at Pace

Alongside your salary of £51,000, Companies House contributes £13,770 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

– Flexible working with no core hours. Work anytime between (6am and 8pm). – Build up to 2.5 days off per month in addition to your annual leave allowance!
– 30 Days Annual Leave, 8 Bank Holidays and 1 Privilege Day.
– Maternity, Adoption and Shared Parental Leave paid at full rate of pay for the 26 weeks of Ordinary Maternity leave, followed by an extra 13 weeks Statutory Maternity Pay and a further 13 weeks leave is also available which is unpaid. We offer 2 weeks statutory paternity leave
– Enrolment into the Civil Service Pension Scheme with a contribution rate averaging 27%.
– 3 Days Volunteering Leave.
– Support for training and certifications with up to 5 days study leave.

We also offer:
– 1 Half Day per week Innovation Time to learn new skills or come up ways to simplify the teams the way of working.

Remote Benefits:
– We will supply a desk, chair, monitor and all the kit you need to work from home in comfort.

Leeds, Yorkshire and the Humber, LS1 4AP : Telford, West Midlands (England), TF3 4NT

HMRC Cyber Operations are a high performing, award winning team.  We have an important mission to defend part of the UK’s critical national infrastructure from a broad range of determined cyber threats.

We defend HMRC’s people and assets through protective monitoring, incident response and a cyber advice and awareness capability.  We are an innovative, collaborative team. We work hard and support each to deliver results.   The work is challenging but deeply interesting and rewarding.

HM Revenue and Customs (HMRC) are the UK’s tax, payments, and customs authority. We’re here to collect the money that pays for the UK’s public services and give financial support to people. This means we handle a huge amount of the government’s digital transactions.

Protecting HMRC from an ever-growing and adaptive cyber threat is at the heart of the award-winning team you’ll be joining. It’s no small task as we have a large, diverse, and complex IT estate. We take pride in enabling our colleagues across HMRC to deliver securely.

At HMRC we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.

We want to maximise the potential of everyone who chooses to work for us and we offer a range of flexible working patterns and support to make a fulfilling career at HMRC accessible to you.

Diverse perspectives and experiences are critical to our success and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role

See what it’s like to work at HMRC: find out more about us or ask our colleagues a question. Questions relating to an individual application must be emailed as detailed later in this advert.

The Team 

The Cyber Threat Intelligence Lead is a pivotal role within the Cyber Operations capability; responsible for leading a small team of Threat Intelligence analysts and threat hunters to detect, analyse and assess cyber threats.   This is a critical role working to deliver a clear view of our cyber threat landscape, helping to protect HMRC, our customers and brand.

• Deliver cyber threat analysis at the tactical, operational, and strategic level.
• Team delivers threat intelligence to internal customers in HMRC, managing all aspects of service delivery including intelligence requirements management, technical collection and investigation, and analysis best practice.
• Develop and maintain threat understanding through subject matter expertise, productive partnerships and networks across wider government departments and introduce new tooling, technologies, and processes to mature the team’s capability.
• Previous experience within cyber threat intelligence or related fields is essential along with having a passion for the subject, creativity, curiosity, and an ability to think outside the box. 

The responsibilities for this role include:

• To be successful in this role you will have excellent people skills, and the ability to lead, motivate and develop high performing cyber security teams. You will also be comfortable managing change in a technical environment as we implement new cybersecurity capability and mature existing processes.
• Lead and deliver in-depth identification and analysis of relevant cyber threats from HMRC’s CTI feeds, building subject matter expertise in cyber threat monitoring and mapping relevant events to industry standard frameworks and tools.
• Maintain and build within the team a high level of cyber threat situational awareness using and configuring industry standard tools. Act as a recognized expert across HMRC Security for cyber threat monitoring.
• Critically evaluate and triage information and intelligence feeds to address customer intelligence requirements. Maintain and develop the team’s analytical skills and data analysis knowledge required to deliver this.
• Enable and deliver high quality, impactful intelligence assessments, threat models and technical briefings that fall within your area of responsibility and expertise. Assist in the evaluation and implementation of security tools providing a CTI perspective.
• Build and maintain positive working relationships with CTI customers and ensure your CTI output and collection plan is aligned to their requirements and timelines. Track ongoing threat requirements and ensure information is aligned to government intelligence standards to support team activities.
• Identify intelligence gaps and actively address these through conducting research and threat feed collection.
• Represent CTI in relevant community processes, activities, and exchanges, contributing a CTI perspective in discussions and decisions.
• Support the development of HMRC’s threat capability and a team of threat hunters, threat intelligence and data scientist professionals

Essential Criteria: 

You will have significant experience or knowledge as follows:

• Proven experience in developing, delivering, and improving Threat operations.
• Managing effective relationships with senior partners and ability to lead, motivate and develop technical security teams setting clear direction, managing performance, and motivating staff to deliver objectives against an agreed strategy.
• Professional experience of how technical security is applied in real life, large scale complex environments.
• Ability to demonstrate a deep knowledge of security, risks, and threats along with a solid grasp of key technical considerations in relation to confidentiality, availability, integrity, non-repudiation, and privacy.
• Self-motivated with a passion for cybersecurity and the enthusiasm to develop expertise in the subject area through formal training, autonomous study, and self-directed learning.
• Ability to manage existing cybersecurity services and implement new capability including policy/process development, planning, performance metrics and reporting products.
• Ability to communicate effectively at all levels and to present technical cyber security concepts to senior non-technical stakeholders in concise business focused language, supplementing own knowledge with research where needed.

Desirable Criteria

Working knowledge of at least some or all of the following are desirable: 

• Ethical Hacking.
• Threat Intelligence Platforms.
• Vulnerability Management.
• Malware analysis.
• Network security.
• Cyber incident response.
• Configuring and using SIEM and security infrastructure (e.g., IPS, AV, Firewalls);
• Programming/scripting languages.
• Operating systems e.g., Linux, Windows.
• Threat Modelling, MITRE.

Desirable Professional Qualifications include:

• Cyber Security, Computer Science, or IT Bachelors level degree.
• Membership of Inst. ISP or similar.
• CISSP, CISM, GCTI, CEH, CREST, GIAC, or equivalent security qualifications.

We’ll assess you against these technical skills during the selection process:

• Technical Aptitude

Alongside your salary of £52,598, HM Revenue and Customs contributes £14,201 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• Learning and development tailored to your role
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension with an average employer contribution of 27%

Whittington, Lichfield WS14 9PY

Do you want to work for the Defence Infrastructure Organisation (DIO) and care for the Defence Estate? DIO enables Defence to live, work, train and deploy, all with sustainability in mind. From net carbon zero accommodations to runways for the F35 fighter jets; our outputs are unique in the UK and across the globe!

Learn much more about DIO in our Candidate Information Guide attached.

About DIO

View our YouTube video to see more about our work 

The Challenge

DIO have an exciting opportunity to suit someone with demonstratable experience in Cyber Security, Information Assurance and IT who possesses strong Cyber Security, Information Assurance, technical, analytical, communications, planning, analytical experience and skills. This post plays an essential role to support the Head of Cyber Security and Information Assurance to ensure best practice is maintained across DIO and its Industry Partners. Proven leadership skills and the ability to communicate effectively and motivate people to achieve stretching goals in an evolving organisation is essential and collaboration skills to interact with a range of stakeholders including senior leaders across DIO and the wider Department and its Industry Partners. Services include Information Cyber Security and Assurance advice and guidance; DIO accreditation services; DIO WARP; DIO ITSO; Cyber Security, ITSO and WARP specialities communication, education & training for DIO personnel and associated stakeholders.

About CIO

DIO’s Chief Information Office (CIO) focuses on and is accountable for delivering technology solutions through the Customer, Portfolio Management Office (PMO) and Development, Security and Operations (DEV, SEC, OPS) functions. Each of these functions collaborates to build and lead on the delivery of organisational objectives in alignment with DIO’s technology strategy. CIO enables DIO and its staff to deliver outputs and obligations effectively by providing the right technology and operational support for DIO users, its functions, industry partners and other Top Level Budgets (TLBs). Working together with our customers, through the implementation of technology, CIO can shape and transform the way DIO manages estates. Developing capabilities that provide improved, modernised and collaborative technology, which enhances the way in which DIO operates providing overall business efficiencies. CIO supports the business by embedding and executing sound agile and technology and delivery methodologies and technologies.

The role is a diverse and challenging one that includes:

• Provides constructive and impartial subject matter expert advice and guidance on all Information Cyber Security and Assurance queries to DIO stakeholders including Industry Partners.
• Acts as an impartial assessor of the risks that an information system may be exposed to in the course of meeting a business requirement and formally accredits that system on behalf of the DIO TLB or act as Security Assurance Coordinator (SAC) for CyDR accredited systems.
• Provides input into the development of the Information Cyber Security and Assurance Programme and conducts assurance checks and audits in line with the agreed programme.
• Maintains DIO Cyber Resilience documentation and conducts exercises against DIO Business Area’s Cyber Resilience Response Plans as part of an overarching Cyber Resilience programme.
• Provides ISO27001 & NIST advice and guidance and audit function.
• Manages the WARP function including supporting complex investigations and JSyCC engagement for DIO TLB.
• Accountable for the Information Technology Security Officer (ITSO) duties for DIO TLB including regional ITSOs across the DIO estate.
• Acts as Subject Matter Expert for IT Security, breach and ITSO queries for DIO TLB and its Industry Partners.
• Manages the Information Cyber Security & Assurance communication, education and awareness programmes to target areas of non-compliance and embed security as a BAU activity within DIO.
• Accountability for all ITSO audits and muster programmes for DIO.
• Assists with the DIO Cyber Communication Plan ensuring key messages are developed and issued using the most appropriate media.
• Coordinates production of ITSO, WARP and Accreditation reports, statistics and updates for DIO stakeholders and MOD Centre.
• Communicates with senior stakeholders to present Information Cyber Security & Assurance findings that will support the continuous improvement of InfoCySec &IA in DIO.
• Tasks the DIO ITSO / WARP incumbent on a daily basis.

Desirable Experience & Skills

Qualification:

Degree in the Information Cyber Security & Assurance discipline.

Membership:

Professional Membership in Information Security and Cyber (eg: Institute of Information Security Professionals (IISP), NCSC Certified Professional (CCP), ISACA CISM or ISC2 CIISP.

Experience:

MOD, Industry or OGD Accreditor and / or Security Assurance Coordinator (SAC) experience.

ISO 27001, NIST or ISO 9001 auditor experience.

Defence Information Technology Security Officer (DITSO) experience.

We’ll assess you against these behaviours during the selection process:

• Leadership
• Making Effective Decisions
• Communicating and Influencing
• Changing and Improving
• Seeing the Big Picture

We only ask for evidence of these behaviours on your application form:

• Leadership
• Making Effective Decisions
• Changing and Improving
• Seeing the Big Picture

We’ll assess you against these technical skills during the selection process:

• Information Risk Assessment & Risk Management NCSC Information Risk Assurance Skill 5.2 – Practitioner Level
• Applied Security Capability NCSC Information Risk Assurance Skill 5.5 – Practitioner Level

• Highly competitive Pension Scheme with an average employer contribution of 27%.
• Alternative working practices such as working from home.
• Opportunity to join one of our several D&I Networks. We value diversity and are committed to being an equal opportunities employer.
• 25 days annual leave rising (1 day per year) to 30 days upon completion of 5 years’ service.
• Enhanced Parental Leave.
• Most sites have free car parking, Sports & Social Clubs, Gym, on site shops and subsidised canteens.

To learn more about our full range of benefits, view our Candidate Information Guide attached.

Working Patterns

The post advertised is for 37 hours net, however the Ministry of Defence offers a range of flexibilities to enable a better work-life balance for employees. Flexible working patterns will be considered.

Allowances

This post does not offer any assistance with relocation allowances.

Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.

Defence Munitions Gosport, Gosport, Hampshire PO13 0AH

We are Defence Equipment and Support (DE&S). We manage a vast range of projects to supply and maintain vital equipment and services for the Royal Navy, British Army and Royal Air Force. Together, we deliver essential defence programmes – and strive for what’s next. Because it helps keep our military at the top of their game and our nation safe, now and in the future.

Across our 12,500-strong organisation, we support all our people to be at their very best, fostering a family-friendly approach to flexible and hybrid working. After all, support is in our name.

As a Security Operations Specialist, you will ensure the correct security posture across offices, sites and facilities, and maintain operational preparedness for security incidents.

You will act as the Crypto custodian for the DM Gosport site and take responsibility for all classified documents.

You will be involved in assisting with Business Continuity and risk management and be asked to provide informed opinions on security risk, as well as assisting with maintenance of site resilience.

You will benefit from the opportunity to develop you career in Security, as well as a generous benefits package outlined below.

Please note this role requires the successful candidate to be on site full time.

Responsibilities

• Manage security risks by overseeing Physical Security operations and the deployment of security measures to effectively protect assets, (information, people, buildings and equipment) throughout the office/site/facility.
• Plan, test, and respond to security/emergency incidents.
• Conduct assurance of all risks pertaining to office/site/facility security, providing evidence-based risk mitigations to decision-makers.
• Ensure compliance with relevant regulation and legislation, providing office/site/facility level guidance on the implementation of these through site security instructions or orders.
• Assure the implementation of effective security governance, guidance, education and training for all staff across the office/site/facility.
• Maintain effective strategic relationships with service providers, MOD Police and MOD Guard Service, and with Defence Munitions & DE&S Security chain of command.
• Investigation of security related incidents

To be successful with your application, you’ll need to show that you meet the following essential criteria:

• Previous background in a security related position, policing, the military or in operations management in industry OR holder of Security Risk Management (ISO 31001 or equivalent)
• Candidates must either hold the Unit Security Officers Course qualification or be willing to achieve this within 6 months of appointment

In addition to the responsibilities above, the following technical competences and behaviours will be assessed at interview:

• Protective Security (Awareness)
• Security Compliance and Assurance (Supervised Practitioner)
• Making Effective Decisions
• Working Together

• 25 days’ annual leave +1 day a year up to 30 days, 8 bank holidays and a day off for the King’s birthday
• Flexible and hybrid working wherever possible, to support your work-life balance (though some attendance to the stated site is required)
• Market-leading employer pension contribution of around 27%
• Annual performance-based bonus and recognition awards
• Access to specialist training and funded professional qualifications
• Support for progression
• Huge range of discounts
• Volunteering days
• Enhanced parental leave schemes

We believe in creating an inclusive environment where our people can grow, thrive, and be their authentic selves. We value diversity of thought and the ways in which it enriches our culture and our work. So whether you’re looking for a new opportunity, a next step, or a helping hand as you return from a career break, here you’ll find a supportive, family-friendly organisation to be a part of. And if you need any assistance with your application, just let us know.

This position is based at 102 PETTY FRANCE LONDON, SW1H 9AJ, LEGAL AID AGENCY CAMBRIDGE, CB2 8DR, LIVERPOOL THE CAPITAL LAA LIVERPOOL, L3 9PP, SOUTH TYNESIDE BERKELY WAY LAA JARROW, NE31 1SF, 5 WELLINGTON PLACE LEEDS, LS1 4AP, LAA Brighton, BN2 9QA, LAA Store Street, Piccadilly Gate, FLR 7, M1 2WD , LAA Temple Quay House, 2 The Square, BS1 6DG, LAA William Morgan House FLR11, CF10 1EP, LAA 1 Unity Square, FLR 3, NG2 1AW, LAA Level 3, 23 Stephenson Street, Birmingham, B2 4BH

Please refer to Job Description

We encourage applications from people from all backgrounds and aim to have a workforce that represents the wider society that we serve. We pride ourselves on being an employer of choice. We champion diversity, inclusion and wellbeing and aim to create a workplace where everyone feels valued and a sense of belonging. To find out more about how we do this visit: https://www.gov.uk/government/organisations/ministry-of-justice/about/equality-and-diversity.

Job Title:    Information Security & Assurance Officer

Contract Type:    Permanent

Grade:    HEO

Salary range (depending on location):    National – £31,265 to £34,446 London – £35,405 to £39,000

Please note that unless you are currently employed by the Civil Service and are earning more than the minimum above, if successful you will be offered the minimum for the grade depending on your location.

Location:    Any LAA Office

Directorate:    Corporate Services

Team:    Corporate Assurance, Risk and Secretariat

Working Pattern:    The post is supported by the MOJ flexible working policy and includes colleagues who work flexibly, remotely (as part of hybrid working), part time or as part of a job share etc.

If you are applying for a part time role, please note that in order to meet business demands we need cover for a minimum of 22 hours per week, and we would not be able to accommodate a Term Time working pattern.

Reporting to:    Information Assurance Manager

Closing date for applications    30th June 2023

The Legal Aid Agency

We are an executive agency of the Ministry of Justice (MoJ). We provide civil and criminal legal aid and advice in England and Wales to help people deal with their legal problems.

Our people are at the heart of achieving excellence. Employing around 1,200 colleagues across England and Wales, we feel proud to have some of the best People Survey results in the Civil Service.

Our LAA commitment to Diversity and Inclusion

The LAA is committed to diversity and inclusion and we positively promote flexible working, including job shares.

We will consider all applications on merit regardless of age, disability, gender identity, sexual orientation, socio-economic background, religion, ethnicity, preferred working pattern and except for exceptional circumstances your working location.

As a Disability Confident organisation, we will offer a guaranteed interview to candidates with a disability who meet the essential criteria for this role. Under the Equality Act 2010 a disability is defined as a physical or mental impairment which has a substantial and long-term adverse effect on your ability to carry out normal day-to-day activities which has lasted, or is expected to last, at least 12 months.

If you are responding to a role within the Legal Aid Agency and would like to be considered under the guaranteed interview, please indicate this in your application and let us know of any reasonable adjustments you may require during the sift or later selection processes.

Corporate Services

The Corporate Services directorate works across the LAA to help shape and enable the priorities of the Chief Executive and Executive Leadership Team, providing support on areas such as strategy, data analysis, risk, assurance, communications, people and capability to all other parts of the LAA.

Corporate Assurance, Risk & Secretariat (CARS)

Information & Data Security ensures the LAA appropriately protects and manages a significant volume of often very sensitive data relating to legal aid clients, our staff, legal aid Providers and other third parties. Our work ensures the LAA meets its obligations under Data Protection legislation and UK Government security standards.

The CARS team combines the 5 functions of Health & Safety, Information & Data Security, Business Continuity, Risk and Secretariat to collectively strengthen and support the LAA’s governance, our assurance strategies, risk management processes and provide support to the LAA’s senior governance forums including the Board and Executive Leadership Team.

Job Summary

You will play a leading role in ensuring the LAA continues to manage its information assets in a secure and compliant manner, delivering improvements and ensuring ongoing compliance with legal and UK Government requirements relating to security and data protection. You will work with MoJ colleagues providing guidance and support to teams across the LAA and on cross-government projects to ensure that information assets are protected and used appropriately and ensure that LAA senior leaders have the necessary assurance. You will work on developing and maintaining a strong security culture within the LAA, working with staff at all grades and across the organisation to ensure a security conscious agency, as well as playing a key role in responding to security incidents.

Key Responsibilities:

•    Provision of expert advice and support to stakeholders across the LAA on the application of Data Protection Legislation in their business area. 
•    Responding to often complex queries accurately in a timely manner.
•    Provision of advice and support on data protection governance including Data Protection Impact Assessments, the LAA Information Asset Register and Data Sharing Agreements. 
•    Investigation of security incidents, maintaining LAA incident records and producing reports and trend analysis relating to LAA incidents. 
•    Working with business areas and stakeholders at all levels to drive process improvements with a view to improving compliance and/or preventing incidents. 
•    Responding to Data Subject Right’s requests, Data Protection Complaints and other similar queries and correspondence from external parties. 
•    Contribute to LAA’s physical security assurance programme by conducting site audits and inspections and identifying improvements to physical security and site safety. 
•    Support the work of LAA vetting contacts to ensure relevant staff are vetted to appropriate standards. 
•    Building and maintaining excellent relationships with key stakeholders across the LAA, wider MoJ and other government departments. 
•    Attend cross-MoJ security working groups and other relevant networks. 
•    Co-ordinate and maintain the LAA Information Assurance Champions network, chairing regular meetings, disseminating resources and guidance with a focus on driving down risk across the LAA. 
•    Support the LAA’s wider security awareness culture by reviewing new guidance from technical authorities, regulatory bodies and government bodies. 
•    Review, publish and update LAA guidance and intranet resources to inform staff of their security responsibilities
•    Develop and deliver training for a range of stakeholders and help facilitate and deliver bespoke training on a range of data protection and security topics. 
•    Other work as required to contribute to the LAA’s security culture and reduce security and data protection risks. 
•    Travel to LAA sites across England and Wales as required. 
•    You will need to successfully pass a Counter Terrorism Check (CTC clearance) which will be undertaken by the business upon a successful interview.

Essential Knowledge, Experience and skills    

•    Experience of working in either a data protection, physical security or information security role
•    Experience of incident management

Desirable Knowledge, Experience and skills  

•    Recognised relevant qualification in Information or Physical Security or in Data Protection

Person Specification    

•    You’ll have experience of quickly grasping technical information and translating that into plain English for Senior Stakeholders.
•    You’ll have experience of applying Data Protection Legislation to organisational processes
•    You’ll have a desire to make positive change – Information Assurance isn’t about saying no, it’s about enabling developments in a way that responsibly manages associated risks
•    You’ll work well with people, and be able to maintain positive relationships whilst ensuring legislative obligations are met
•    You’ll enjoy working in both a pro-active, and re-active way, to be able to reprioritise effectively during incident management.

Assessment approach

Application Process 

To apply complete an application based of the following behaviours and experience:

•    Making Effective Decisions
•    Working Together
•    Delivering at Pace
•    Your experience of working in a data protection, physical security or information security role.

When submitting an example of a behaviour remember to include the situation, what you did and why, and what was the outcome / result.

Please note that if we have a large number of applications will we do an initial sift on the Delivering at Pace behaviour.

Interview / assessment Process

If you are successful through the application stage, you will be invited to an interview / assessment centre in person or via Microsoft Teams where you will be assessed against the following:

•    Strengths relevant to the role
•    Some or all of the following Behaviours: 
o    Making Effective Decisions
o    Delivering at Pace
o    Working Together
•    An exercise relating to a security incident

Making Effective Decisions – Understand own level of responsibility and empower others to make decisions where appropriate. Analyse and use a range of relevant, credible information from internal and external sources to support decisions. Invite challenge and where appropriate involve others in decision making. Display confidence when making difficult decisions, even if they prove to be unpopular. Consult with others to ensure the potential impacts on end users have been considered. Present strong recommendations in a timely manner outlining the consideration of other options, costs, benefits and risks.

Delivering at Pace – Show a positive approach to keeping the whole team’s efforts focused on the top priorities. Promote a culture of following the appropriate procedures to ensure results are achieved on time whilst still enabling innovation. Ensure the most appropriate resources are available for colleagues to use to do their job effectively. Regularly monitor your own and team’s work against milestones ensuring individual needs are considered when setting tasks. Act promptly to reassess workloads and priorities when there are conflicting demands to maintain performance. Allow individuals the space and authority to meet objectives, providing additional support where necessary, whilst keeping overall responsibility.

Working Together – Encourage joined up team work within own team and across other groups. Establish professional relationships with a range of stakeholders. Collaborate with these to share information, resources and support. Invest time to develop a common focus and genuine positive team spirit where colleagues feel valued and respect one another. Put in place support for the wellbeing of individuals within the team, including consideration of your own needs. Make it clear to all team members that bullying, harassment and discrimination are unacceptable. Actively seek and consider input of people from diverse backgrounds and perspectives.

Shortlisting is planned for week commencing 3rd July 2023.

Interviews are planned for week commencing 17th July 2023.

If you would like more information on this opportunity, please contact – Adrian McArthur-Johnston – adrian.mcarthur-johnston@justice.gov.uk

Complaints procedure

If you have any complaints about this recruitment activity, please share your concerns by emailing LAACentralRecruitmentFunction@justice.gov.uk initially. We aim to respond to any complaint within 10 working days.

If you are dissatisfied with our response, we will forward your complaint to the Civil Service Commission, an independent body, for review.

Please refer to Job Description

We’ll assess you against these behaviours during the selection process:

• Delivering at Pace
• Making Effective Decisions
• Working Together

• Access to learning and development
• A working environment that supports a range of flexible working options to enhance your work life balance
• A working culture which encourages inclusion and diversity
• A Civil Service pension with an average employer contribution of 27%
• Annual Leave
• Public Holidays
• Season Ticket Advance

MOD Main Building, London

An exciting opportunity has become available to join the Defence Intelligence (DI) Counter Proliferation (CP) Biological Weapons (BW) team as an all-source intelligence analyst.

DI is a world-class organisation that supports policy and decision-making at the heart of the Ministry of Defence and the national security community. DI is the MoD’s central provider of strategic level intelligence. In DI, our people solve problems, create understanding and give perspective to the diverse and complex Defence threats and challenges in a rapidly changing world. Together our civilians and military personnel inform decision making in Defence, manage complex finance programmes and develop new technology.

In DI we believe your unique experiences, view and understanding of the world could provide a vital perspective and contribution to our work. We recognise that great minds do not think alike and are striving to increase our diversity representation at all levels.  As an equal opportunities employer we hire, train and promote people based on merit and inspire to create an inclusive workplace free of discrimination. We also offer flexible working arrangements such as flexitime, job share and compressed hours.

This position is advertised at 37 hours per week and is based in MOD Main Building.

The role will involve working in a busy team assessing adversary biological weapons capabilities to support and inform decision-making within Defence and across wider government. The DI CP-BW team assesses information related to biological weapons from a range of sources, including open, technical, and classified. The team works closely with the DI CP Chemical Weapons (CW) team, as well as the wider CP Centre (and others across DI), to provide important advice to the Arms Control and Counter Proliferation communities right across Government to support the implementation of international arms control treaties. The assessments we produce have real impact and provide policy and decision makers with insight, foresight, and decision advantage to a broad range of government departments and agencies. These include: the MOD, FCDO, and the Cabinet Office Assessment Staff. Our work also informs MOD chemical, biological, radiological and nuclear (CBRN) policy, Joint Capability and Defence Medical Services to develop protective equipment and medical countermeasures for the UK’s Armed Forces.

Responsibilities

This is a highly varied role, the post holder will:

• Lead on producing all source assessment of biological and chemical warfare capabilities of hostile actors, in accordance with the PHIA analytic standards and DI guidance.
• Develop subject matter expertise, acting as an expert across the DI CP community, using all resources available to you and keeping abreast of all source information on specific geographic and technical areas.
• Fuse information across the biological and chemical teams, developing collaborative work spaces, both within DI and across the wider counter proliferation community.
• Build and maintain positive working relationships with customers and stakeholders, ensuring intelligence output is aligned to their requirements, decision-making processes and timelines.
• Communicate assessments, including briefing to customers such as ministers, senior civil servants, and military capability, policy and decision-makers, routinely and in a timely manner.
• Participate fully in national and international intelligence community collaboration processes and activities.
• Work closely with international partners with potential opportunities to attend overseas meetings.

Who are we looking for?

The successful candidates must have a STEM degree (or equivalent experience) providing technical and/or analytical skills and the ability to demonstrate:

• Experience in collating, structuring, and evaluating large diverse data sets.
• Excellent communication skills, both verbal and written, enabling the post holder to succinctly convey complex information to a wide audience.
• Strong organisational skills.
• Strong IT skills, including Word, PowerPoint, and Excel.
• Aptitude to prioritise, work under pressure and to meet strict deadlines.
• Ability to work collaboratively with others.

The following are desirable but not essential and can be developed within role:

• Knowledge and/or experience of biological and/or chemical warfare issues (and/or related capabilities, policies, and treaties).
• Experience or awareness of the UK intelligence community and the role it plays in national security.

A STEM degree (or equivalent experience) providing technical and/or analytical skills.

We’ll assess you against these behaviours during the selection process:

• Leadership
• Communicating and Influencing
• Seeing the Big Picture
• Working Together

We only ask for evidence of these behaviours on your application form:

• Leadership
• Communicating and Influencing

We’ll assess you against these technical skills during the selection process:

• PHIA Informing Decision- Making (Highly Proficient)

Alongside your salary of £42,540, Ministry of Defence contributes £11,485 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

There are a wide variety of employee benefits for civil service staff in DI, including (this list is not exhaustive):

• Salary Payroll Giving
• Financial Education Resources
• Bicycle Purchase Advance & Cycle to Work Scheme
• Holiday, Season Ticket, Tenancy Deposit & Work Space Salary Advance Loans
• Free Parking (not available at Main Building)
• Generous Pension Scheme with employer contribution between 26.6% & 30.3%
• Death in Service Benefit
• Up to 30 days’ Annual Leave, and one Privilege Day
• Special Leave (including Study Leave and Volunteering Leave)
• Adoption, Maternity, Paternity and Shared Parental Leave
• Childcare Vouchers
• On-Site Nursery & Childcare at some MOD sites
• Flexible Working Hours
• Discounted Healthcare Packages
• Eyesight Tests and Spectacles
• Free On-Site Gyms at many sites
• Employee Assistance Programme
• In-Year Reward and Thank You Schemes
• Talent Schemes
• Defence Discounts
• Microsoft & Vodafone Employee Discount Schemes
• Boundless and Civil Service Sports Council Memberships available
• On-site shops, restaurants & cafes at most sites

City of Westminster, London (region), SW1A 2HB

The post holder will be required to engage with MOD specialists and other agencies to develop sound and practical Information and Cyber Security advice to Head Office business units. They will be required to produce and implement a coherent Cyber and Information Security strategy for Head Office aligned to the Cyber Resilience Programme and wider Departmental priorities including the identification of all CIS in use across the Head Office. The post holder will be required to prepare and respond to activities regarding the Cyber Compliance Audit. Working alongside Information Management colleagues, the post holder will seek to improve the information assurance practices of the Head Office – including security culture, training and awareness. The post holder will oversee the Information risk management process and deal with risk balance cases on behalf of the Senior Information Risk Owner.

The post holder will be expected to undertake and oversee the accreditation of CIS operated by Head Office. When necessary, they will commission Cyber vulnerability assessments and confirm appropriate action has been taken when responding to a cyber security incident, liaising with the Warning and Advice reporting point (WARP) on all CIS/Info matters. They will be expected to provide SME advice to the Head Office CIS Governance Group on new infrastructure / change projects involving IT. They will be expected to build up a network of Information and Cyber Security contacts. Some of the work is complex and may be technical. It will rely on the post holder knowing when to consult with SMEs and when not. The role requires a large amount of autonomy but keeping others informed on progress is essential. You will have line management responsibility for a Band D (Executive Officer). There may be other cyber security work that needs to be undertaken including supporting campaigns and raising awareness. Occasionally the post holder may be involved, as part of the SSBR team, in helping to manage business resilience incidents occurring in Main Building and supporting the Head of Establishment in their broader responsibilities with running the building.

This position is advertised at 37 hours per week.

• Mentoring, development and line management of a Cyber Security Apprentice with particular emphasis on their Continuous Professional Development.
• Leading the promotion of cyber security standards and best practice across Head Office, guiding and influencing project and policy decision making as appropriate and seeking novel solutions to challenging security issues.
• Ensuring that the assessment process meets the requirements of Government & MOD Policy and Standards, (e.g. HMG Government Functional Standard (GovS) 007 – Security and MOD Cyber Security policy).
• Oversee Cyber and Information Security risk balance cases and risk management processes escalating risks to the Principal Security Advisor and Senior Security Risk Coordinator.
• Oversee / manage the accreditation of IT systems in line with Head Office delegations. Promote Secure by Design when planning, developing new systems.
• Act as Cyber Security Consultant for Head Office business units and system owners.
• Review risk management and security design evidence to confirm that risk assessments and risk treatment plans are consistent with business requirements.
• Respond to, manage and coordinate responses to Cyber security incidents.
• Promulgation of cyber security vulnerability alerts and patch updates. Dissemination of MODCERT alerts when issued.
• Build and maintain constructive relationships with Head Office Project Teams to help build risk management and Secure by Design into business and project plans.
• Provide advice and guidance to Project Security Leads, through Independent Assessment of risk management and security evidence, and attendance at relevant Security meetings.
• Guide projects in the accurate recording of all Targets of Assurance (TOAs) on the Defence Accreditation & Risk Tool (DART).
• Maintain an accurate risk register of all security risks, utilising STREAM where necessary.
• Contribute to the development of the organisation’s processes and IA Policy that affect ability to deliver within risk appetite. Incorporating lessons learnt from incident management and/or project development.
• Provide technical support, advice, on Cyber Security matters across HOCS.

The ideal candidate will be enthusiastic, committed and driven with an evidenced passion and expertise in cyber/information security. They will have a sound understanding of risk management principles and be able to clearly and concisely articulate risks and vulnerabilities to system owners, seniors, stakeholders and Cyber security experts in Defence, Cabinet Office & NCSC.

They should possess keen analytical skills and be able to analyse a range of complex data sets and quickly focus on and extract the salient/pertinent detail.

Essential Criteria:

1. The candidate must hold a UK recognised qualification in Cyber or Information Security or have successfully completed a UK recognised training course in Cyber/Information Security.

                                                               AND/OR

2. Experience of working in a Cyber/Information security environment (ideally 2 or more years)

Note. Candidates progressed to the Interview stage will be asked to supply evidence of their qualifications or training.

Desirable:  

• Practical experience of the application of principles contained in NIST and/or ISO 27001
• Practical experience or use of STREAM
• Experience, knowledge or application of Secure by Design principles
• Evidence at Practitioner (Level 3) of Institute of Information Security Professionals skills framework:

         A1 – Governance

         A2 – and Standards

         A3 – Information Security Strategy

         B1 – Risk Assessment

         B2 – Information Risk Management

         E1 – Secure Operations Management

         E2 – Secure Operations & Service Delivery

Any UK recognised qualification in the field of Cyber Security at any level, fundamentals, intermediate or advanced

We’ll assess you against these behaviours during the selection process:

• Leadership
• Delivering at Pace
• Making Effective Decisions
• Seeing the Big Picture
• Managing a Quality Service

Alongside your salary of £42,540, Ministry of Defence contributes £11,485 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• Learning and development tailored to your role, including support for Continuous Professional Development and access to internal and external training courses, which include access to those leading to nationally recognised qualifications
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension with an average employer contribution of 27%
• Generous Annual Leave allowance
• On site gym
• On site creche

The post does not offer relocation expenses.

External recruits who join the MOD who are new to the Civil Service will be subject to a six-month probation period.

Posts based in London will attract the relevant London weighting.

The Ministry of Defence is committed to providing a safe and healthy working environment for its staff which includes educating them on the benefits of not smoking, protecting them from the harmful effects of second-hand smoke and supporting those who want to give up smoking. Under the Smoke-Free Working Environment policy, Smoking and the use of all tobacco products (including combustible and chewing tobacco products) will not be permitted anywhere in the Defence working environment by 31st December 2022. The policy is Whole Force and includes all Defence personnel, contractors, visitors and other non-MOD personnel. All applicants seeking, considering, or accepting employment with the Ministry of Defence should be aware of this policy and that it is already in place at a number of Defence Establishments.

Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.

Expenses incurred for travel to interviews will not be reimbursed.

Any move to MOD from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/.

London* Warrington, Birmingham – *Under the NCA Estates Strategy, the London office is part of a planned relocation to a new NCA HQ in Stratford, London. Relocation is expected to take place in 2025. If you are successful for a London role, please be aware that your post will be relocated.

TICAT is the single point of entry into the NCCU for reporting new information and intelligence relating to serious cyber-crime.

It has three core functions: 

Triage: The team is responsible for the receipt, triage and assessment of referrals into the National Cyber Crime Unit, including crime reports from National Fraud Intelligence Bureau (NFIB) and actionable intelligence from various partners.

Incident Coordination: The team coordinates live time cyber incidents requiring an immediate Law Enforcement response, providing an investigative response and facilitating liaison between the NCCU, the victim and key partners, principally the National Cyber Security Centre, Regional Organised Crime Units and key international partners.

Tasking: TICAT is the conduit for tasking operational work for both national and regional cyber teams, ensuring adherence to the framework provided by the National Cyber Tasking mechanism. TICAT works closely with NCCU Operational Support and Regional Organised Crime Units to manage pro-active and reactive tasking and operational capacity across Team Cyber UK.

To be successful in this role, you will be a team player and a motivated self-starter.

You will have the ability to work with multi-disciplinary officers and work collaboratively with both internal and external stakeholders across Law Enforcement to achieve a common and shared operational objective.

Essential: 

• PIP2 or equivalent experience

or;

• IPP accreditation or equivalent experience

NCA welcomes applications from individuals with a range of neurodivergent thinking styles and from those who may require reasonable adjustments.

***All NCA officers must hold SC Enhanced upon entry as a minimum. To meet the National Security Vetting requirements for this role you will need to have resided in the UK for a minimum of 3 out of the past 5 years. For more information please see the Candidate information Pack***

• Receiving and assessing intelligence to determine whether it involves a cyber-dependent threat to the UK.
• Enriching received intelligence through the interrogation of NCA and bespoke NCCU intelligence systems, national and international law enforcement databases as well as conducting of open source research.
• Co-ordinating the law enforcement response to received intelligence through engagement with the wider NCCU and NCA teams, as well as engaging with domestic and international law enforcement partners.
• The recording and dissemination of intelligence to partners in order to enrich the understanding of the cyber security landscape.

The following qualifications/skills are essential to the role and proof will be required at interview:

IPP Intelligence Officer accreditation OR working towards accreditation (Non IOTP), OR equivalent experience gained from previously performing Intelligence Officer functions.
OR PIP2 Investigation Officer accreditation OR working towards accreditation (Non IOTP).

Please ensure the dates of any accreditations you are relying on, are entered on to the CV.
Should you progress to the assessment stage of the process, you will be required to provide a copy of the original certificate.
Failure to provide evidence at interview may result in your application not progressing to the next stage.

We’ll assess you against these behaviours during the selection process:

• Making Effective Decisions
• Communicating and Influencing

We’ll assess you against these technical skills during the selection process:

• An understanding of investigations, incident management and intelligence.
• Experience of working within a multi-disciplinary team within a dynamic environment.
• Experience of working in collaboration with a variety of stakeholders to achieve a shared objective.
• A sound understanding of the Cyber Crime landscape, emerging techniques and the threat to the UK.

Alongside your salary of £34,672, National Crime Agency contributes £9,361 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Whatever your role, we take your career and development seriously, and want to enable you to build a really successful career with the Agency and wider Civil Service.

If you are an active police pension member immediately prior to joining the NCA, you can continue your membership throughout your employment with us as if you were a serving police officer. If you do remain an active member and subsequently return to a police force, you should be able to continue your membership there too.

All officers in the NCA are members of the UK Civil Service. You will be eligible for:

• Civil Service pension scheme
• 26 days annual leave rising to 31 on completion of 5 years continuous service
• Training and development opportunities
• Cycle2work scheme

City of Westminster, London (region), SW1A 2HB

Project Blueprint is a major infrastructure project to update the look and feel of MOD Main Building to align with the Future Workplace model. The Project is being delivered in a phased approach working on clusters of work spaces at a time.

The Safety, Security and Business Resilience (SSBR) team are implementing and coordinating ExCo decisions on behalf of the Permanent Secretary and the Department’s Chief Operating Officer on the Accommodation Strategy for MOD Head Office. The team act on behalf of the Strategy Owner’s (Director Head Office) and are the key interface with building users (Head Office’s Director Generals, business units and other MOD occupants) on their space needs, working alongside and supporting other members of the team who lead on behaviours, CIS, and infrastructure, considering MOD organisational interests and Head Office’s demands for space.

The Accommodation Strategy’s aims are to enable our people to thrive, and to maximise the opportunity to create space and embed smarter working in Main Building to accommodate Head Office priorities arising from outcomes of the Modernising Defence Programme (MDP) and other strategic organisational changes, protect Defence outputs (notably the Department of State and Strategic military HQ functions). To implement and co-ordinate the Accommodation Strategy for MOD Head Office, including follow on work, ensuring alignment with the changing needs of the new Head Office which is being reshaped to modernise and transform MOD as part of the Defence Operating Model.

This is a Fixed-term Appointment as Security Project Lead in the Head Office Security & Resilience Team. Your responsibilities will be as described in this job advert. The reason why you are appointed for a fixed period is to provide security advice for the duration of the project. This post will therefore begin on your appointment and end 24 months after that date. Candidates should be aware that if the project is likely to overrun there is potential for the FTA to be extended in line with the extended project duration. You should be aware that when your Fixed-term Appointment at MOD comes to an end, arrangements will be made in line with the FTA policy.

If you are a permanent MoD civil servant and are found successful for an advertised Fixed-term Appointment (FTA) you should move into the post under a Temporary Transfer (for up to a maximum of 23 months). At the end of the posting you will return to your previous MoD Business area. If this posting is at a higher grade, your promotion will be temporary, and you will return to your substantive grade at the end of the Temporary Transfer. If a Temporary Transfer cannot be agreed between all parties then a transfer on an FTA contract is possible, read the FTA and Change of Work Location in the UK policy for further information.

If you are transferring to MoD from another government department (OGD) you should join the MoD on an inward loan. At the end of the loan you will return to your home (OGD) department. If a loan cannot be agreed between all parties then a transfer on an FTA contract is possible, read the FTA policy for further information.

This position is advertised at 37 hours per week

Although working as part of the Head Office security team, the successful candidate will be solely responsible for providing the infrastructure project team and contractors with key security policy considerations thus ensuring that they are embedded by design at the planning stage. The candidate will continue to work in a consulting capacity advising on all aspects of physical, technical, personnel and information security throughout project delivery.

Specific responsibilities will include:

• Provision of physical security advice to the Project team and other key stakeholders to facilitate the correct integration of physical security aspects in the project.
• Conducting security risk assessments established risk assessment models.
• Representing the security team at regular project meetings and working groups.
• Acting as the SPOC for all physical security considerations for the above parties and stakeholders.
• Briefing Head Office Principal Security Advisor (PSYA) or their deputy, on progress of the project and providing assurance that proposed works adheres to the necessary security specifications and will meet accreditation requirements.
• Identify and highlight potential security risks or vulnerabilities with proposed Project work and escalation of such issues to PSYA/Dep PSYA when/if necessary.
• Collaboration with the necessary accreditors to ensure the infrastructure works/installations comply with relevant security specifications and standards.
• Support the wider aims and objectives of the Head Office Security team.
• Liaison with technical teams for security accreditation inspections.

We are looking for an enthusiastic and pro-active individual to fill the role of Security Aspects Lead for Project Blueprint. This is an exciting and high-profile role which will work across the entirety of Main Building and its multitude of Defence business units. The role will ensure that security aspects and standards are embedded at every point throughout the delivery of works and provide assurance that all works comply with MOD and wider Government security policy.

Given the nature of the role the ideal candidate should have a background in or practical knowledge of Government Security policy. Experience of embedding security aspects in major infrastructure projects would be an advantage.

Note. Applicants should be aware that this role requires Developed Vetting security clearance. Please see the note under Desirable criteria.

Essential 

• Practical working knowledge or experience of MOD or wider Government security policy and accreditation standards.
• Experience of working on Defence or Government infrastructure projects advising or consulting on security aspects i.e. physical, personnel, technical and information security.

Desirable

Previous experience working as an MOD or Government Security Officer

Experience of knowledge of conducting security risk assessments

Qualifications or training in MOD or Government security

Current or recently expired security clearance at SC or DV

We’ll assess you against these behaviours during the selection process:

• Leadership
• Delivering at Pace
• Making Effective Decisions
• Managing a Quality Service
• Working Together

Alongside your salary of £42,540, Ministry of Defence contributes £11,485 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• Learning and development tailored to your role
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• On site gym
• On site creche
• Generous annual leave allowance

   

MOD Abbey Wood, Filton, Bristol, Avon BS34 8JH

We are Defence Equipment and Support (DE&S). We manage a vast range of projects to supply and maintain vital equipment and services for the Royal Navy, British Army and Royal Air Force. Together, we deliver essential defence programmes – and strive for what’s next. Because it helps keep our military at the top of their game and our nation safe, now and in the future.

Across our 12,500-strong organisation, we support all our people to be at their very best, fostering a family-friendly approach to flexible and hybrid working. After all, support is in our name.

Working as a Security Manager will provide you with the opportunity to position yourself at the forefront of the security specialism. Security Managers provide critical support in the secure delivery of specific security projects.

Liaising with leading defence industry partners, you will be assisting in the identification and mitigation of risks, providing expert advice and guidance in line with security policy, to work towards mutual security assurance goals.

You will also support the development of good security practice across a range of facilities and projects. In addition, this is an excellent opportunity for you to enhance your skillset and continue your professional development, with opportunities to undertake specialist training relating to your role, while in the position.

Some attendance to the stated site will be required for this position, also some of these roles require travel throughout the UK and overnight stays as required.

Please note, this role is reserved for UK Nationals.

Responsibilities

• Align with relevant regulation, policy, and standards to provide proportional, practical advice, tailored to the strategic environment, and advise relevant stakeholders on any residual risk.
• Ensure security and business continuity effect is delivered in alignment with organisational objectives and standards.
• Deliver the Project Security Plan, for the assigned project(s).
• Ensure that contracts include the correct artefacts (e.g. Security Aspects Letters) and clauses, to ensure that our suppliers deliver secure products and manage our information securely.
• Complete the Defence Cyber Protection Partnership (DCPP) questionnaire, ensure that the Cyber Security Model (CSM) is maintained and that risks are managed and issues are addressed.
• Conduct a Data Protection Impact Assessment (DPIA) & Risk Screening for each project, ensuring that all information is managed and protected in accordance with GDPR.
• Ensure that any facilities associated with the project (including suppliers premises) have the correct Facility Security Clearance & Industry Personnel Security Assurance in place.
• Manage any Defence Critical National Infrastructure (DefCNI) associated with the project.
• Ensure that applications for Sub-contracting Overseas, F1686, are in place where required.
• Ensure that all security risks are managed, implementing risk reduction methods, advising on potential resolutions and making evidence-based recommendations for decision-makers; pragmatically and cognisant of cost and schedule adherence. 
• Coordinate Security Working Groups to discuss the risks and issues, monitor progress and manage the stakeholders, including those outside of the security profession, such as the end users and risk owners.
• Coordinate activities to drive continuous improvement and encourage the sharing of knowledge and best practices.

To be successful with your application, you’ll need to show that you meet the following essential criteria:

• Proven experience of working in a security, business continuity or project management role or similar.
• Expectation to work towards becoming a Member of the Security Institute or Member of the Business Continuity Institute.
• Expectation to work towards the Level 5 Security Management Qualification, or to hold an equivalent qualification.

In addition to the responsibilities above, the following technical competences and behaviours will be assessed at interview:

• Security Compliance and Assurance (Supervised Practitioner)
• Risk Understanding and Mitigation (Practitioner)
• Making Effective Decisions
• Communicating & Influencing

• 25 days’ annual leave +1 day a year up to 30 days, 8 bank holidays and a day off for the King’s birthday
• Flexible and hybrid working wherever possible, to support your work-life balance (though some attendance to the stated site is required)
• Market-leading employer pension contribution of around 27%
• Annual performance-based bonus and recognition awards
• Access to specialist training and funded professional qualifications
• Support for progression
• Huge range of discounts
• Volunteering days
• Enhanced parental leave schemes

We believe in creating an inclusive environment where our people can grow, thrive, and be their authentic selves. We value diversity of thought and the ways in which it enriches our culture and our work. So whether you’re looking for a new opportunity, a next step, or a helping hand as you return from a career break, here you’ll find a supportive, family-friendly organisation to be a part of. And if you need any assistance with your application, just let us know.

Further Information

More information can be found below:

• DE&S Little Book of Big Benefits: https://bit.ly/3FEb54v
• Further Information: https://bit.ly/3K26Xhl
• Terms and Conditions: https://bit.ly/3yUwcM1