Your main day to day responsibilities will be:
- The planning and implementation of organisation-wide auditing processes and procedures for the management of risk to the success or integrity of the business, especially those arising from the use of information technology hardware or data. Monitor the efficiency and effectiveness of the risk management processes across the organisation and make recommendations for continuous improvement.
- Conduct reviews, audits and assessments when necessary and feedback findings to the relevant parties. Communicate outcomes to stakeholders in ways that support effective security, risk management and decision-making, and advise stakeholders on their recommendations in the context of their business outcomes
- Work within established security and risk management governance structures, usually under supervision to support, review and undertake straightforward audit activities such as: helping with the analysis and derivation of business-supporting security needs; undertaking cyber security related audits; control assessments and other audit activities
- Interpret and contribute to the development of audit-related policy and assure the ongoing appropriateness of policy in accordance with regulation and wider departmental and government policies. Have an understanding of the applicability of appropriate legislation and regulations
- Provide advice to address identified cyber security related risks by applying of a variety of security testing, which may include using published guidance, standards or experts as appropriate: the scenarios will be straightforward, and the advice given will be proportionate and contextualised to the use case. Provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different auditing activities and make recommendations for improvement
- Help risk or service owners to make decisions that are well informed by good and clear security advice, including contributing to documentation, reports or working within established reporting chains in a security team to a high level of quality.
Note: An employee may be required to carry out other duties within the scope of the grade and within the limits of their skill, competence and training.
Skills and Experience
You’ll have a demonstrable passion for Cyber Security, with the following skills or some experience in:
Strategy and architecture:
- Security and Privacy
- Information Assurance (INAS) - Level 4
- Governance, Risk and Compliance
- Risk Management (BURM) - Level 4
- Audit (AUDT) - Level 4
- Quality Assurance (QUAS) - Level 5
- Advice and Guidance
- Specialist Advice (TECH) - Level 4
Relationships and Engagement
- Stakeholder Management
- Stakeholder Relationship Management (RLMT) - Level 4
The skills listed above are reflective of the Home Office DDaT Profession Skills and Competency Model (based on the industry standard SFIA framework).
Please see below for the relevant skills required for your role:
- Auditing security policy documentation, working in line with best practice principles for information security and risk management
- Developing technical knowledge in order to understand the security impacts of any changes, and applying yourself to manage these
- Absorbing potentially large amounts of conflicting information and using it to produce recommendations and solutions, leveraging analysis to enhance business performance
- Demonstrating strong stakeholder skills in order to communicate and influence colleagues around the impact of security issues