Department for Work and Pensions

Contents

• Location
• About the job
• Benefits
• Things you need to know
• Apply and further information

These roles may be located in one of the following locations; Birmingham, Blackpool, Leeds, Manchester, Newcastle-upon-Tyne and Sheffield. Please find further information on the Corporate hub locations here.

About the job

Job summary

Are you a Cyber Security Risk Analyst that has worked in a large-scale organisation?

If yes, we want you to join us at DWP Digital!

These are critical roles coordinating and delivering the Digital Security risk management programme of work, with risk driving security, enabling a clear, practical, and realistic view of Cyber Security Risk information. The role forms a vital First Line capability within the His Majesty's Government Three Lines Defence model.

As a Cyber Security Risk Analyst you will work within the Digital Group to help deliver 1st line analysis of control implementation against Centre of Internet Security (CIS) safeguards and drive risk identification, assessment, remediation, and treatment of risks on any identified control gaps. A solid working knowledge of the 8 Certified Information Systems Security Professional (CISSP) domains is required. Ideally gained from working in technical security / infrastructure roles, along with extensive Risk Analyst experience.

You will identify compensating controls, make recommendations to address security vulnerabilities and control weaknesses in products, projects, and programmes, working with product owners and Subject Matter Experts to enable them to make well informed risk-based decisions.

Please note this role requires you to pass Security Check clearance. For further information, please see 'Selection process details'.

Job description

The Cyber Security Risk Analyst role will be focused on the delivery of 1st line security controls analysis validating they provide the correct security outcomes for DWP and undertaking deep risk analysis of any identified control gaps or failings. You will be writing formal risk reports for presentation to Senior Leaders, which must be factually correct, articulate and clear. Ensuring these are framed in a way which reflects all compensatory controls in place and are easily understood by technical delivery teams as well as non-technical senior business leaders so they can make informed management decisions.

The Cyber Security Risk Analyst will work on complex deliveries across a range of technologies, including cutting edge technology as well as complexities of tech debt ensuring appropriate defence in depth and compensatory technical controls are built into designs and tested prior to deployment to ensure vulnerabilities are fully understood to reduce risk exposure.

As a Cyber Security Risk Analyst you will work to ensure the timely recording and updating of risks throughout the lifecycle, delivering timely and quality results with focus and drive.

You will also manage and support DWP Digital’s Cybersecurity risk management lifecycle by working to help deliver 1st line risk identification, assessment, remediation, and treatment of risks.

The Cyber Security Risk Analyst sit within Digital Security Risk Management team (DSRM), which is part of the wider Digital Security function. The scale of the transformational work that DSRM is driving out across DWP is massive and exciting and leading the way across His Majesty's Government.

The role is technical in nature and will draw upon your knowledge and experience to influence design decisions and identify suitable controls and mitigations. Part of the role will involve giving technical Cyber Security advice to business delivery teams.

The roles will not have any direct line management responsibility, but successful candidates will have the autonomy to make empowered decisions and problem solve within the technical services they lead in collaboration with their functional Grade 6 lead.

Cyber Security Risk Analysts are part of our wider Cyber Security Risk Management community, and incorporate risk practices outlined in The Orange Book – Management of Risk – Principles and Concepts

Person specification

When giving details in your employment history and personal statement you should highlight your experience in line with essential criteria below:

• Significant experience of technical security controls analysis across various platforms such as networks, cloud, legacy, web-based applications. Working knowledge of current technical controls in the 8 CISSP security domains.
• Experience of scoping and planning security testing through interpretation of architecture diagrams.
• Experience of using evidence and knowledge to support accurate, expert advice, decisions and recommendations. Considering alternative options, implications, and risks of decisions. Enabling the prioritisation and delivery of solutions with appropriate security controls to mitigate cyber security risks through a structured risk management process.
• Evidence that you can make proportionate, risk-informed decisions about current and future security investments can be taken to protect a large-based business organisation’s assets and improve their security risk posture.
• Evidence of working with product owners and Subject Matter Experts to enable them to make well informed risk-based decisions whilst leading and influencing the management of tactical and strategic risks. Proficient at writing and presenting articulate formal risk reports to senior management and able to work on work items concurrently. 
• Threat Understanding - Uses lessons learned to maintain an understanding of the organisation’s attack surface, and uses local and strategic threat information in decision-making and planning.
• Significant evidence of researching and evaluating business processes in alignment to known/emerging Security risks and controls to ensure expert advice is provided.

If you would like to learn more about the role, please contact richard.hanley@dwp.gov.uk.

Technical skills

We'll assess you against these technical skills during the selection process:

• Information Risk Assessment and Management
• Applied Security Capability
• Protective Security
• Threat Understanding

Benefits

Alongside your salary of £55,557, Department for Work and Pensions contributes £16,094 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

We also have a broad benefits package built around your work-life balance which includes:

• Working patterns to support work/life balance such as job sharing, term-time working, flexi-time and compressed hours.
• Generous annual leave – at least 25 days on entry, increasing up to 30 days over time (pro–rata for part time employees), plus 9 days public and privilege leave.
• Support for financial wellbeing, including interest-free season ticket loans for travel, a cycle to work scheme and an employee discount scheme.
• Health and wellbeing support including our Employee Assistance Programme for specialist advice and counselling and the opportunity to join HASSRA a first-class programme of competitions, activities and benefits for its members (subscription payable monthly).
• Family friendly policies including enhanced maternity and shared parental leave pay after 1 year’s continuous service.
• Funded learning and development to support progress in your role and career. This includes industry recognised qualifications and accreditations, coaching, mentoring and talent development programmes.
• An inclusive and diverse environment with opportunities to join professional and interpersonal networks including Women’s Network, National Race Network, National Disability Network (THRIVE) and many more.

This job role may be suitable for hybrid working, which is where an employee works part of the week in their DWP office and part of the week from home. This is a voluntary, non-contractual arrangement and your office will be your contractual place of work. The number of days that anyone will be able to work at home will be determined primarily by business need but personal circumstances and other relevant circumstances will also be taken into account. If you are successful, any opportunities for hybrid working, including whether a hybrid working arrangement is suitable for you, will be discussed with you prior to you taking up your post. 

Salary Information

Pay for this role is from £55,557 to £73,517. 

The maximum salary for the grade is £66,058, however a Digital Allowance of up to £7,459 per annum is available for exceptional candidates. Digital Allowance is non-salary, and non-pensionable, and is classed as a temporary allowance. It is reviewed annually where it could be retained, amended, or removed. 

Our offer to successful candidates will be based on an assessment of your skills and experience as demonstrated at interview. 

Existing Civil Servants who secure a new role on lateral transfer should maintain their current salary. 

Existing Civil Servants who gain promotion may move to the bottom of the grade pay scale or 10% increase in salary whichever would be the greater. 

The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : Richard Hanley
• Email : richard.hanley@dwp.gov.uk

Recruitment team

• Email : digitalrecruitment.grs@cabinetoffice.gov.uk

Further information

Appointment to the Civil Service is governed by the Civil Service Commission Recruitment Principles. If you wish to make a complaint, please find further details here https://careers.dwp.gov.uk/how-we-recruit/.

Read Full Description