Insider Risk Programme Manager - ( Ref : 593 )

Overview The Ministry of Justices (MoJ) Security and Information Directorate (SID) has a broad range of responsibilities including personnel, physical and cyber security through to information management and data protection. Our aim is to ensure the MoJ holds information in compliance with legislation; that all information is correctly stored, accessible, and shared appropriately; and our information is protected, and the risks managed. The MoJ Group Security Team sits within SID and is enabling good security practices through the provision of personnel and physical security policies, guidance, and education and the provision of a leak investigation service, providing assurance to the departmental SIRO, the Permanent Secretary, and other senior stakeholders that these risks are being effectively managed in the delivery of MoJ objectives. Working as part of the MOJs Security and Information Directorate (SID) youll use your experience and passion to push forward MOJs ambitious goals in the security arena. You will work with a team of committed professionals to achieve clear, positive and ongoing improvements to our services, and the department-wide security culture. We are seeking to recruit people from a diverse group of backgrounds to make sure we have a wide range of skills to strengthen our security capability across government. We value the fact that our different backgrounds, cultures, genders, experiences, and ways of working produce a more effective team. Each one of us has a part to play in helping government to keep the United Kingdom secure. We welcome level transfers and applications for promotion. The role is part of the [1] Government Security Profession, and is eligible for sponsored membership to the Security Institute or other relevant professional body. Role Purpose The Insider Risk Programme manager reports to the Personnel Security Lead and actively works as part of the Insider Risk Programme Team to assess, manage and reduce insider risk within the MOJ. This is a new role which has been created to help the MOJ meet the requirements of the Government Security Functional Standard GOVS007 and the Personnel Security Standards. The insider risk programme team acts as a central hub for organizational activities relating to insider risk. Its aim is to have a systematic risk identification and management approach where insider risks are assessed and considered against organisational assets. The team will work collaboratively with other security teams and the wider business areas to break down data silos and implement proportionate actions to reduce organisational insider risk. Insider Risk Programme Managers are responsible for creating and running the MOJs insider risk programme. This includes the identification, assessment and implementation of countermeasures to help reduce insider risk within the MOJ. We are looking for someone who already has practical knowledge and experience of working within a team dedicated to insider risk mitigation. This role and the wider team is new, so the successful applicant will need to be proactive and able to utilize their experience and knowledge to initiate and build a successful insider risk programme. The successful applicant will have an exciting opportunity for developing their knowledge and experience within the security profession with learning, development, and networking opportunities. All security essential courses will be provided. We are seeking to recruit people from a diverse group of backgrounds to make sure we have a wide range of skills to strengthen our security capability across government. We value the fact that our different backgrounds, cultures, genders, experiences, and ways of working produce a more effective team. Each one of us has a part to play in helping government to keep the United Kingdom secure. Key responsibilities Develop an organisation-wide insider risk programme aligned to the MOJ's strategic objectives and following NPSA best practice. Provide expert advice on insider risk matters to stakeholders, seniors and governance groups. Ensure compliance with relevant legislation, regulations, and standards, including GDPR and the Personnel Security Standards. Implement an insider risk programme, including developing a project plan, managing timelines, and ensuring successful transition to business as usual. Conduct and manage insider risk assessments, prioritising critical assets and working with stakeholders to implement proportionate mitigations. Collaborate with stakeholders to embed insider risk considerations into business processes and systems. Stakeholder Management: Build relationships with key stakeholders across the organisation, including legal, HR, Justice Digital, and other SID teams. Policy creation and Review: Ensure that personnel security and insider risk policies and procedures align with current standards, legal requirements, and organisational objectives. Collaborate with business areas to identify policy gaps, inconsistencies, or outdated procedures. Identify and leverage relevant organisational data sources to gain valuable insights into potential insider threats and risk. This includes negotiating access to the data and working with data analysis experts to, identifying trends, and developing early warning indicators. Monitor the effectiveness of insider risk controls and recommend enhancements. Provide regular reporting on programme performance and emerging threats to senior management and governance groups. Stay informed about emerging insider risks and industry best practices to maintain programme effectiveness. Build and develop the insider risk team's capabilities through coaching, mentoring, and knowledge sharing. This involves creating a learning culture, providing opportunities for professional development, and fostering teamwork. ReferencesVisible links1. https://www.gov.uk/government/publications/the-government-security-profession-career-framework...Less