Technology Services provide the foundations upon which digital services for DWP are developed and operate. Our purpose is to deliver secure, effective and cost-efficient digital infrastructure services and to run live IT operations that support DWP business objectives. We do this by putting users and quality of service at the heart of what we do.

Our team is made up of 1,500 colleagues working collaboratively across 10 portfolio-led teams in a fast-moving environment. Our teams deliver an end-to-end suite of digital products and services that support DWP colleagues and citizens in an ever-evolving technology landscape. Our work is focused around the following 6 themes:

1. Delivering a digital workplace that improves the way we work. We provide the products and services to make our users’ jobs easier, encourage greater collaboration and support flexibility in working patterns, locations and on devices of their choice – helping to drive forward DWP’s digital transformation.

2. Delivering high-quality and resilient IT services and support. We are embedding a Full Stack Service Model to integrate our IT operations and ensure our services meet existing and future network demand.

3. Building a world-class performance-focused user experience control centre. We have created an end-to-end, data-driven performance environment to measure our systems and ensure we keep the department functioning.

4. Exploiting and enhancing hybrid cloud services. We provide hybrid cloud services that balance on-premise and public cloud to offer true platform independence and optimum price performance.

5. Protecting and securing our services. We ensure our IT systems remain secure and available, resilient to natural and human-caused disaster – ensuring citizens always have access to our key services.

6. Developing our people, capability and skills. We have created a sustainable service by developing our people, bringing key skills in-house to DWP, giving our teams professional pathways to develop and opportunities to progress within Technology Services.

As we continue our journey to service excellence we have identified a number of opportunities to join our Technology Services team.

Are you ready to embrace the challenges of a progressive DWP Digital Security Risk Management team?

Are you a Cyber Security Risk Manager that has worked in a large scale organisation?

If the answer to these two questions is ‘Yes’ you could be our next Senior Cyber Security Risk Manager.

This is a critical role co-ordinating and delivering the Digital Security Risk management programme of work, with risk driving security, enabling a clear, practical, and realistic view of Cyber Security Risk information. The role forms a vital First Line capability within the HMG three-line defence model.

As a Senior Cyber Security Risk Manager, you will work within the Digital Group to help deliver 1st line risk identification, assessment, remediation, and treatment of risks. You will identify controls, make recommendations to address security vulnerabilities and control weaknesses in products, projects, and programmes, working with product owners and Subject Matter Experts to enable them to make well informed risk-based decisions whilst leading and influencing management of tactical and strategic risks.

Security engagement must be inclusive to ensure we avoid treating security as just another specialism and instead, ensure minimum standards of awareness and minimum security standards are built into our product base.

As a Senior Cyber Security Risk Manager you will:

• Manage and support Digital’s Cybersecurity risk management lifecycle by working to help deliver 1st line risk identification, assessment, remediation, and treatment of risks.

• Drive a culture of effective and accurate security risk management and facilitate the governance of Digital Security Enterprise Risk Management within the four stages of the Security/Fraud Risk management lifecycle.

• Provide thought-leadership to ensure effective security Risk expertise, advice and support is delivered to business managers, Senior Risk Owners, and the Executive Team within DWP.

• ldentify controls and make recommendations to address security vulnerabilities and control weaknesses in products, projects, and programmes, working with product owners and Subject Matter Experts to enable them to make well informed risk-based decisions whilst leading and influencing the management of tactical and strategic risks.

• Identify, capture, or contextualise risks and mitigating controls, enabling risk owners and managers to take responsibility for the management and maintenance of their security.

• Work closely with Security and Data Protection and other internal and external stakeholders, to ensure Cyber Security threats, vulnerabilities, and opportunities with the potential to impact or improve resilience of Digital IT Infrastructure are identified, and / or reported appropriately.

• Take responsibility for delivering timely and quality results with focus and drive.

• Use evidence and knowledge to support accurate, expert decisions and advice. Carefully consider alternative options, implications and risks of decisions.

• Support strategic development of the service vision with programmes, enabling the prioritisation and delivery of solutions with appropriate security controls to mitigate Cyber Security Risks through a structured risk management process.

Responsibilities

Responsibilities are outlined above.

We’ll assess you against these behaviours during the selection process:

• Making Effective Decisions
• Delivering at Pace

We’ll assess you against these technical skills during the selection process:

• Information Risk Assessment and Management:
• Applied security capability
• Protective Security
• Threat Understanding