Cyber Security Practitioner – Principal

This role is part of the DHSC Cyber function based at one of the offices identified in the linked locations with a possibility of adding more locations inc Newcastle in future.

In DHSC, we are proud of our purpose – to enable everyone to live more independent, healthier lives for longer. To achieve this, and create a great place to work, we have four values: we are inclusive, we constantly improve, we challenge, and we are agile. If this sounds like an environment you’d like to work in, we’d love to hear from you.

The Workspace, Information, Security and Technology Directorate (WIST) is responsible for providing the property and technologies needed by the Department to deliver its objectives. The role of WIST is to provide innovative and great value property, security, and technology solutions to enable people to operate efficiently and effectively.

Our aim is to:

• Provide healthy, safe, efficient, sustainable, secure, and smart places to work that maximise productivity.
• Provide technology solutions that are fit for purpose, available, stable, and resilient enabling collaboration, and productivity.
• Safeguard our people & estate from attacks; minimise insider threats; assures the integrity of our systems & plan ahead to manage disruptions.

This role is part of the DHSC Cyber Security Team, within WIST based at one of the offices identified in the linked locations with a possibility of adding other locations in future.

Department of Health and Social Care (DHSC) Cyber Security’s simple purpose is to secure the Department in cyberspace. DHSC Cyber is comprised of three core function areas, Security Operations, Business Support, and team management. As a Lead Cyber Security Practitioner you will focus on either the Operations or Business Support function but would be expected to support the other functions of Cyber as needed.

Security Operations works with the supplier managed Security Operations Centre (SOC) to analyse data across the estate and wider, identifying threat or malicious cyber activity, investigate and take steps to mitigate DHSCs exposure. Additionally, the SOC function takes a leading role in the response to cyber incidents by clearly and calmly communicating issues, helping to identify and implement solutions.

Business Support works with DHSCs Project and Programme teams as well as business units to support delivery of 1st line risk identification, assessment, remediation, and treatment of risks. You will lead the work in collaboration with Business Owners to identify and address security risks and concerns within projects, current and proposed business activities, as well as commercial engagements (including procurements). As a subject matter expert you will enable them to make well informed risk-based business decisions whilst ensuring the secure delivery of DHSCs aims.

You must have very strong communication skills and be able to discuss risk and technical matters to senior management in a simple and understandable way.

• Contribute to and take a leading role in the delivery of DHSCs evolving security and technology landscape.
• Assist in collaboratively defining and ensuring managed delivery of SOC in association with 3rd party suppliers.
• Working collaboratively with suppliers, project managers and programme leads to provide subject matter expertise on a range of security & risk requirements.
• Undertake stakeholder management for major projects partnering Senior Programme Leadership and governance boards and ensuring the cyber work commitment required is delivered to time and quality.
• Act as an escalation point for cyber security related incidents and problem management ensuring their resolution.
• Act as an empowered deputy for the Head of Cyber at key meetings.
• Identify and manage (escalating as needed) cyber risks for the business to influence appropriate decisions in keeping with the DHSC risk appetite and subsequently assist with risk minimisation.
• Collaborate with governance and compliance teams to manage and handle Cyber Security risks.
• Ensure delivery of technical security activities to identify vulnerabilities and plan risk-based mitigating actions.
• Research, identify, validate, and embrace innovative technologies and methodologies.
• Provide peer reviews and coaching and mentoring as appropriate.
• Undertake line management responsibilities.

Key skills and experience required for the role

We are looking for dynamic and enthusiastic candidates, with a proven track record in Cyber Security and Risk, to work in partnership with the organisation and its suppliers, to continuously develop how we grow and embed our approach to cyber security by design.

It is essential that candidates have significant experience in:

• Advising and/or delivery of security aspects of major projects.
• Demonstrable experience designing & delivering information security & risk management aligned to corporate risk appetite across several enterprises.
• Demonstrable understanding of cloud security and appreciation of zero trust principles.
• Ability to demonstrate a deep knowledge of security and privacy risks and threats along with a strong understanding of key considerations such as confidentiality, availability, integrity, non-repudiation, and privacy.
• Deep knowledge of multiple security domains and disciplines including Cyber, Physical, Personnel, Process, Policy, Privacy, Law & GDPR.
• Ability to consider and articulate issues and concerns within the wider security and business context.
• Ability to manage effective relationships with stakeholders and suppliers.
• Demonstrating professional credibility and authority.
• Sharing knowledge, supporting, advising, and training colleagues.
• Strong written & verbal communication skills with the ability to communicate effectively at all levels to technical and non-technical audiences.
• Strong knowledge in defining and managing security incident plan and procedures.

It is desirable that candidates have the following criteria:

• Proven ability to monitor and manage security capabilities delivered by 3rd parties.
• Proven knowledge of Microsoft Security and its tools.
• Applied knowledge of security architectures, operating systems & networking architectures.
• Working knowledge of appropriate Industry and UK gov security standards and guidance e.g. NCSC portfolio, ISO27000 series, NIST Framework, CIS Benchmarks etc.
• Sound working knowledge of Cryptography including symmetric & asymmetric encryption systems, infrastructure, risks, weaknesses, and mitigations.
• Membership of, or willingness to obtain membership of a relevant Professional Body such as The Security Institute, BCS and the Chartered institute of information Security.
• Hold a professional certification as a security specialist – e.g. CISSP, CISM, CCSP, SABSA or degree-based equivalent.

We’ll assess you against these behaviours during the selection process:

• Seeing the Big Picture
• Working Together
• Making Effective Decisions

We’ll assess you against these technical skills during the selection process:

• Information risk assessment and risk management
• Applied security capability
• Cyber Security operations

• Learning and development tailored to your role
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension with an average employer contribution of 27%

Job contact :

• Name : Allistair Srogi
• Email : allistair.srogi@dhsc.gov.uk

Recruitment team

• Email : dhscrecruitment.grs@cabinetoffice.gov.uk