Principal Cyber Security Consultant, London / National

Cyber Security and Privacy


Description

Salary: Upto £75K London / Upto £71,000 National, depending on skills and experience   
Contract type: 2-year fixed term appointment
Grade: MoJ Band Ac
Number of open roles: 1
Location: London / Sheffield / Birmingham / Manchester
Hours: 37 hours/week (42 hours incl. lunch)
Working pattern: flexible working, full time, part time
Closing date for applications: rolling campaign, please apply asap
Interview location: London / National

Introduction

These are exciting times at MOJ Digital and Technology. We have a clear vision - to develop a digitally-enabled justice system that works more simply for users - and we’re looking for talented people to help us achieve it.

We’re making things better by building adaptable, effective services and making systems that are simple to use for staff and citizens. It can be challenging but it’s also important and rewarding.

As well as doing great work, we’re creating a place that’s great to do work in. We offer tip-top kit, brilliant training opportunities and support from expert colleagues. On top of that, you’ll find flexible working, an inclusive culture and a place where your opinion is valued.

The Role

In this role you'll help others in Digital and Technology, and the wider MoJ, build secure solutions, advise technical teams on cyber security decisions, help them design and implement effective controls and mitigations for their particular risks. You'll also get involved and embedded in projects and products early, helping teams undertake threat modelling activities, and advising them on appropriate and pragmatic security to enable business outcomes.

You'll work with relevant Cyber Risk Managers to help the business understand what risks it has to manage, to prioritise investment decisions, and to understand the importance of different data sets in various business contexts. 

You'll be a recognised specialist in the security of digital services, enterprise technology or line of business applications, with a good understanding of the subtleties of designing, implementing and operating such systems securely.

All Cyber Security Consultants work for and come under the management of Digital & Technology but may deployed into/support different geographical business areas.

You’ll

  • Work in Digital and Technology’s most complex and riskiest product and project teams to provide detailed cyber security advice and guidance to the delivery team
  • Propose and develop security mitigations to address identified threats - work with the delivery team to ensure mitigations are implemented at an appropriate point in the delivery lifecycle, advising on risks that emerge as a result of incomplete or ineffective delivery
  • Ensure cyber security policies are implemented effectively and reviewed regularly- apply and maintain specific security controls as required by organisational policy to maintain appropriate security of business systems, provide expert advice and guidance on the application and operation of basic physical, procedural, and technical security controls
  • Assess alignment of products and projects’ cyber security with business, legislative, and government requirements - assist teams in the preparation of security governance materials, such as Data Protection Impact Assessments, and support governance processes such as Service Assessments from a security perspective
  • Support incident investigation, remediation and root cause analysis for systems which you are knowledgeable about
  • Ensure the product and project teams you are supporting are well aware of their responsibilities for cyber security principles and practices, through coaching, briefings at team meetings, running training events etc.
  • Lead a small team of Cyber Security Consultants, overseeing their work, mentoring and developing their skills, and helping them with hard challenges in their tasks

You’ll have experience in

  • Design of secure systems - Design and review system architectures through the application of patterns and principles to reduce cyber security problems.
  • Threat modelling and analysis - perform structured analysis of proposed or implemented complex systems to identify likely cyber security problems. Propose realistic and pragmatic mitigations that address these problems, and work with the product / project team to implement these effectively into their work.
  • Enabling and informing risk based decisions - Works with risk advisors to advise and give feedback. Advise on risk impact.
  • Research and innovation - Able to advise on developments on security properties in technology. Able to identify new technologies and design the use of these in the business context.
  • Specific technology and security understanding - Has knowledge of system architectures. Able to understand and articulate the impact of vulnerabilities on existing and future designs and complex systems, and is able to articulate a response. Has broad knowledge of a range of systems but may specialise in one.

Desirable:

  • Analysis - Able to apply the approach to real problems and consider all relevant information. Applies appropriate rigour to ensure a full solution is designed and achieves the business outcome.
  • Understanding security implications of transformation - Can interpret and apply understanding of policy and process, business architecture, and legal and political implications in order to assist the development of technical solutions or controls.

Throughout the process we will assess your technical specialist skills and experience on the above requirements.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status or disability status.

Salary and working arrangements

If successful, the salary we offer you will be within the advertised range and will depend on the skills and experience you demonstrate at the interview.

Therefore in your cover letter it would be helpful to the hiring teams if you can indicate your salary expectations and if possible your notice period.

You’ll also get:

  • Flexible working options such as working from home or remotely, working part-time, job sharing, or working compressed hours, we have people doing it and are happy to discuss further
  • Lots of training and development opportunities
  • A civil service pension with an average employer contribution of 22%
  • 25 days annual leave (plus bank holidays), and an extra day off for the Queen’s birthday. No promises you’ll be invited to her party, though
  • Great maternity, adoption, and shared parental leave, with up to 26 weeks leave at full pay, 13 weeks with partial pay, and 13 weeks further leave. And maternity support/paternity leave at full pay for 2 weeks, too!
  • Bike loans and secure bike parking (subject to availability and location)
  • Season ticket loans, childcare vouchers, and eye-care vouchers.

Selection process details

Candidates must submit:

  • a current and relevant CV;
  • a Cover letter  (1 page max) setting out why you are interested in the role and how you meet the essential skills and experience required

The job advert lists the essential, specialist skills and experience as well as key Civil Service competencies required for the role.

At the CV review/sift stage we will use the technical/specialist skills and experience to determine your suitability for the role. At the interview we ask you questions based on the specialist/technical skills and experience in the job advert. If invited to an interview we will send you a detailed Job description to help you prepare for your interviews.

We conduct competency based interviews which means the interviewers will ask open-ended questions to which they are seeking answers/evidence of essential, previous experience in order to guide their hiring decision. Some roles may also require us to use assessments as part of the interview process.

Please note that due to the volume of applications we receive we are unable to provide feedback after the CV review (sift) stage.

Things you need to know

Security and Immigration checks

Successful candidates must pass a disclosure and barring security check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check.

Candidates will be subject to UK immigration requirements as well as Civil Service nationality rules.

If you're applying for a role requiring security clearance please be aware that foreign or dual nationality is not an automatic bar. However certain posts may have restrictions which could affect those who do not have sole British nationality or who have personal connections with certain countries outside the UK.

Nationality requirements

Open to UK, Commonwealth and European Economic Area (EEA) and certain non EEA nationals. Further information on whether you are able to apply is available here.

Eligibility

Candidates in their probationary period are not eligible to apply for vacancies within this department.

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles.

The Civil Service embraces diversity and promotes equality of opportunity. There is a guaranteed interview scheme (GIS) for candidates with disabilities who meet the minimum selection criteria.

Contact point for applicants

For further information regarding this role please contact MoJ D&T Recruitment

Further information

All Civil Servants will adhere to the 'Civil Service code’, which outlines the Civil Service's core values, and the standards of behaviour expected of all civil servants in upholding these values.

Note for Civil Servants only: If successful, the salary offered would normally be determined by applying the MoJ salary progression rules. If the appointment is on level transfer your substantive salary (excluding any allowances) will remain unchanged, unless it exceeds the maximum stated within the MoJ pay band, and unless your current salary is below the relevant MoJ grade minimum. If the appointment is on temporary or substantive promotion the salary will be increased by the appropriate promotion percentage or moved to the minimum of the relevant MoJ grade minimum, whichever is the greater.

Note for all Applicants: This post is open to UK Nationals, Commonwealth Citizens, EEA Nationals of other member states and certain non-EEA family members. There must be no employment restrictions or time limit on your permitted stay in the UK. You should normally have been resident in the United Kingdom for at least 3 years and in some cases 5 or even 10 years preceding your application due to the requirement to have a checkable history for security vetting purposes. If you answer 'No' to the questions regarding nationality then it is unlikely your application will be pursued. If you are unsure as to your eligibility on any of these points, please contact the recruitment team for clarification or advice.