UKStratCom Cyber Risk Management Lead

UK Strategic Command is a 4* HQ and a Top-Level Budget, tasked with developing and preparing an integrated Joint Force for current and future operations. It has a unique structure, with a small Headquarters that works above, and with, a number of federated organisations including, for example, Permanent Joint Headquarters, Defence Intelligence and the Overseas Bases.

The successful applicant will lead on the accurate reporting of Strategic Command’s strategic cyber resilience risk, driving action across the Command to manage the risk.  

As part of the new UK StratCom HQ Cyber Risk Management team, the role holder will work closely with the wider Principal Security Advisor team to ensure a coordinated approach to the management of cyber security within the Command.

This position is advertised at 37 hours per week.

Strategic Command is going through a significant transformation programme which aims to improve the way the Command conducts its business and delivers for Defence and the nation. As a consequence of this, all posts within Strategic Command Headquarters and in time the wider organisation, are/will be subject to review and potential changes as we continuously improve across the period of the transformation programme. These changes may be minor or could be more substantive and will generate new opportunities.  Throughout, the Command’s transformation programme is committed to following the MOD’s framework on managing and supporting people through the change process and places an emphasis on early and open consultation and engagement with the Command’s personnel and Trade Unions.

Responsibilities of the role holder will include:

• Providing direction, assessment and recommendations on current and future cyber security risks within Strategic Command
• Supporting implementation of Secure By Design across the TLB and its HLBs
• Overseeing the creation of reports and briefs on cyber risk activity and risk assessments to enable seniors (all the way up to the Commander) to make informed decisions
• Overseeing the TLB quarterly returns, accurately reporting Strategic Command’s cyber security risk to Head Office.
• Working collaboratively with risk owners across Strategic Command to better understand their risk areas and the funded activity taking place to manage cyber risk exposure.
• Providing advice and guidance to UKStratCom senior management and TLB stakeholders on cyber security related risks.
• Supporting the implementation of the Cyber Compliance Framework and Cyber Risk Management Framework across Strategic Command.
• Supporting the UKStratCom response to cyber incidents and rapidly emerging vulnerabilities.
• Providing support to the Cyber Risk Management Assistant Head, deputising where required.
• Line management responsibility for 1x HEO (C2)

Participation in an out of hours Duty Officer rota and some UK travel are a requirement of the role.

Please note that from the specific nature of your duties in relation to our business resilience, you may also be required to work occasional emergencies and unforeseen circumstances as the needs of the Department require. This could involve overtime and recall to duty (including if on leave, albeit we would only seek to do this in exceptional circumstances).  Commitments arising in such circumstances would be recompensed in accordance with the Department’s usual leave, expenses and pay policies which can be found on our internal People Portal.

Ideally, applicants will have the following desirable attributes, knowledge and skills:

• An understanding of cyber risk and cyber security
• Formal/ accredited qualifications in Information Risk Management and/or Information Security (e.g. CISSP)
• Excellent relationship-building and all-round communication skills
• Decisive leadership and the ability to support a team

Desirable past experience/skills:
– Cyber Risk Management
– Information Governance

We’ll assess you against these behaviours during the selection process:

• Leadership
• Managing a Quality Service
• Delivering at Pace

We’ll assess you against these technical skills during the selection process:

• IISP Skills Framework: A1 – Governance. Level 4 (Enable) – Senior Practitioner
• IISP Skills Framework: B1 – Threat Intelligence, Assessment and Threat Modelling. Level 4 (Enable) – Senior Practitioner
• IISP Skills Framework: B3 – Information Risk Management. Level 4 (Enable) – Senior Practitioner

• Learning and development tailored to your role
• An environment with hybrid working options
• A culture encouraging inclusion and diversity
• A Civil Service pension with an average employer contribution of 27%
• Excellent on site facilities including car parking, cafe, gymnasium and community hub

The post does not offer relocation expenses.

External recruits who join the MOD who are new to the Civil Service will be subject to a six-month probation period.

Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.  

Please Note: Expenses incurred for travel to interviews will not be reimbursed.

Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.

Any move to MOD from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/.

The Ministry of Defence is committed to providing a safe and healthy working environment for its staff which includes educating them on the benefits of not smoking, protecting them from the harmful effects of second-hand smoke and supporting those who want to give up smoking. Under the Smoke-Free Working Environment policy, Smoking and the use of all tobacco products (including combustible and chewing tobacco products) will not be permitted anywhere in the Defence working environment however some exemptions are in place, please refer to local guidance. The policy is Whole Force and includes all Defence personnel, contractors, visitors and other non-MOD personnel. All applicants seeking, considering, or accepting employment with the Ministry of Defence should be aware of this policy and that it is already in place at a number of Defence Establishments.

MOD Recruitment Satisfaction Survey – we may contact you regarding your experience to help us improve our customer satisfaction. The survey is voluntary and anonymous. You may however be given the opportunity to provide additional information to help us improve our service which includes the collection of some personal data as defined by the United Kingdom General Data Protection Regulation (UK GDPR). The MOD Privacy Notice sets out how we will use your personal data and your rights.

Job contact :

• Name : Sunbal Chaudhry
• Email : sunbal.chaudhry100@mod.gov.uk

Recruitment team

• Email : DBSCivPers-Resourcingteam3@mod.gov.uk