Technology and Cybersecurity Assurance and Risk Manager

Sitting within the departments Digital, Data and Technology (DDaT) directorate, the Technology and Cybersecurity Assurance and Risk Manager sits within the DDaTs Technology, Information and Cybersecurity Operations (TICO) division. This division is responsible for the identification, assessment, evaluation and management of risks related to cybersecurity, data protection and information management. This role, within the cybersecurity element of the division, plays a vital role in leading the delivery of the directorates cyber risk programme, ensuring risk management is central to all evidence-based security decisions in DCMS.

This is an exciting time to be joining DDaT in DCMS, with the rollout of a new delivery model designed to enable the department's ability to support its sectors. As a cyber risk professional, you will have an unparalleled opportunity to apply your skills, shape the way in which DCMS manages its cybersecurity risks and gain significant exposure to senior decision-makers. Whats more, your work will make a real difference in protecting both UK citizens and society as a whole, through the use of your skills to protect vital services.

In this role, you will lead across four key areas to manage the departments cyber risk exposure:

• Operational Risk Assessment: Lead the analysis of business-supporting security needs and undertake cyber risk assessments within established governance structures. You will provide advice to stakeholders on remedying risks by proportionately applying security capabilities and drawing on expert guidance.
• Enterprise Risk Management: Independently undertake risk management activities to reduce departmental exposure identified through cyber exercises, threat intelligence, and SME engagement, ensuring advice is consistent with professional standards and personal expertise.
• GovAssure Compliance: Lead the annual assessment of departmental compliance with the Cyber Assessment Framework (CAF), reporting on cyber maturity to senior leaders.
• Arms-Length Body (ALB) Compliance: In response to the Government Cyber Action Plan (GCAP), monitor ALB compliance with mandated security requirements to enable the Accounting Officer to make informed, auditable, and risk-based decisions.

You will manage contracts and maintain relationships with suppliers to ensure good service quality and effective risk management. You will have line management responsibilities for a small team.

The ideal candidate would have the following key skills and experience:

Essential requirements:

Technical skills aligned to the cyber security governance & risk management skills in the Government Security Profession

• Conducting assessments for enterprise systems and reporting on security characteristics to ensure all identified risks are effectively addressed through appropriate treatment.
• Deriving security requirements through threat analysis, interpreting organisational risk appetite to provide actionable recommendations.
• Developing and applying new concepts in protective security, involving corporate enablers and the UK security community.
• Proactively leveraging diverse intelligence sources to interpret the strategic threat environment and attack surface.
• Experience of communicating complex technical matters to non-technical audiences and managing relationships with stakeholders across organisational boundaries.

Desirable skills:

• Previous experience evaluating cyber risk within government organisations or the private sector, and an existing professional network.
• Experience of successful leadership within a cyber security or intelligence environment in either the public or private sector.

We'll assess you against these behaviours during the selection process:

• Communicating and Influencing
• Delivering at Pace