Principal Cyber Security Risk Manager

Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.
Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.
Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.
The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission.
DBT Cyber work to improve the security of the systems and processes that affect the operation of the Department. The Governance Risk and Compliance (GRC) team were established to create a safer Cyber landscape to deliver DBT’s vision and do this through establishing good practice in new information projects, reviewing compliance and setting standards for the department., The Principal Cyber Security Risk Manager identifies, understands, and mitigates cyber-related risks. They provide risk and service owners with advice to help them make well informed risk-based decisions. Reporting to the Head of Cyber, the role will collaborate with the other teams in Cyber and the broader DDaT community and is responsible for the IRAP service, process enhancements, IRAP case approvals to medium and liaising with SIRO for high-risk cases.
You’ll need to possess cloud expertise, experience, integrity and be able to communicate across all levels and professions within the department, working with teams that are under pressure to provide the most informed risk assessment possible to decision makers. It will take strong collaboration skills to work across the department and with external stakeholders to protect and promote a governed, Cyber risk aware and compliant DBT.
There are four key areas of this role:
1. Assess - leading risk and threat assessments activities at pace
2. Explain - creating tailored oral and written communications, briefings and preparing advice on regulation, guidance, policy, standards and risk assessment documentation
3. Influence - establishing a reputation of authority & influence to enable risk owners, suppliers, developers, and project leads to make well informed decisions
4. Inspire - line managing SEOs and below in the team and support their progression

Main responsibilities
You will be a risk assurance professional who understands technology and can:
+ Independently lead and undertake Cyber risk identification and management activities, making use of established security and risk management governance structures and where necessary developing new ones
+ Undertake Cyber Security risk assessments as part of the IRAP (Information Risk Assurance Process), conduct tailored threat assessments and other risk management activities, to ensure activities are consistent with applicable regulations, legislation, good practice, and Government guidance
+ Mentor and develop junior team members in Risk assessment
+ Be the point of contact for the CTO and SIRO about Cyber Security Risk
+ Provide tailored advice to a range of stakeholders on how to mitigate identified risks by proportionately applying security good practice, ensuring credible advice that is aligned to published guidance and standards and drawing on the breadth of expert support available
+ Supporting Cyber compliance and audit activities
+ Work across the Cyber team and other professions to provide practical expert advice that enables risk-based decision making at all levels within the department, Offers may be made in merit order based on location preferences. If you pass the bar at interview but are not the highest scoring you will be held on a 12-month reserve list in case a role becomes available. If you are judged a near miss at interview, you may be offered a post at the grade below the one you applied for.
This role requires SC clearance. DBT’s requirement for SC clearance is to have been present in the UK for at least 3 of the last 5 years. Failure to meet this requirement will result in your application being rejected and your offer will be withdrawn.
Checks will also be made against:
+ departmental or company records (personnel files, staff reports, sick leave reports and security records)
+ UK criminal records covering both spent and unspent criminal records
+ your credit and financial history with a credit reference agency
+ security services record
+ location details

It is essential that you have:
+ A professional information security certification – CISSP or similar
+ Experience managing a team and managing contracts
+ Experience leading risk management and assurance activities in complex environments - balancing service delivery with security assurance
+ Working knowledge of cloud technology architecture
+ Solid knowledge of information security frameworks, such ISO 27001, and applying those frameworks in assessing risk
+ Effective verbal and written communication skills up to and including C-Suite
It is desirable that you have:
+ Experience working within large, complex organisations
+ Experience of executing cases and managing outsourced assurance teams, At the interview stage for this role, you will be asked to demonstrate relevant Technical Skills and Behaviours from the Success Profiles framework. These are role specific and in line with the Government Security Framework. You will be asked to complete a risk assessment exercise as part of the process.
Technical Skills
+ Information Risk Assessment and Risk Management (IRAP)
+ Applied Security Capability
+ Proactive Security
+ Threat Understanding
+ Legal and Regulatory Compliance
Behaviours
+ Making Effective Decisions
+ Managing a Quality Service
+ Communicating and Influencing

The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.

+ Learning and development tailored to your role
+ An environment with flexible working options
+ A culture encouraging inclusion and diversity
+ A Civil Service pension with an employer contribution of 28.97%, This role can only be worked from within the UK, not overseas. If you are based in London, you will receive London weighting. DBT employees work in a hybrid pattern, spending 2-3 days a week (pro rata) in the office on average. Travel to your primary office location will not be paid for by DBT, but costs for travel to an office which is not your main location will be covered.
You can find out more about our office locations, how we calculate salaries, our diversity statement and reasonable adjustments, the Recruitment Principles, the Civil Service code and our complaints procedure on our website.
Find out more about life at DBT, our benefits and meet the team by watching our video or reading our blog!

Feedback will only be provided if you attend an interview or assessment.

Security
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements
This job is broadly open to the following groups:
+ UK nationals
+ nationals of the Republic of Ireland
+ nationals of Commonwealth countries who have the right to work in the UK
+ nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
+ nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
+ individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
+ Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.