Security Risk and Assurance Associate (EO)
The MoJ Information Security Team sits at the heart of the Ministry of Justice, enabling good security practices through the provision of security policies, guidance and education, by understanding cyber security risks from all parts of the Ministry of Justice and providing assurance to the departmental SIRO, the Permanent Secretary and other senior stakeholders that these risks are being effectively managed in the delivery of MoJ objectives.
The role of the Security Risk and Assurance Associate is to support the central MoJ Information Security Team in carrying out cyber security assurance, highlighting non-compliance with required standards and bringing awareness to the cyber security risks arising from control gaps.
The Security Risk and Assurance Associate may also support others with good risk management practices to enable them to manage residual risks well, identify trends resulting from risk and assurance activities and use these to propose improvements to processes, policies and guidance, and support senior team members to resolve tactical requests to the team.
All members of the team are expected to help develop the MoJ Security Function as a centre of excellence for the department and to contribute to building a brilliant and diverse team that is a welcoming place for all.
Typical role expectations and responsibilities
Support senior stakeholders with the implementation and delivery of security assurance processes, including GovAssure and supplier assurance activities. Support the communication of assessment and assurance outcomes to stakeholders in ways that support effective security, risk management and decision-making, and assist stakeholders with their approach to risk assessment in the context of their business outcomes.
Work with Justice Digital and Information Assurance colleagues to support the gathering of evidence of the performance of technical services and organisational processes against security baselines, controls and requirements, using key performance indicators. Analyse relevant data to provide an informed opinion on Cyber Security risks and the adequacy of controls in place, with a focus on business critical services.
Understand relevant regulation, policy and standards to be able to support the provision of proportional, practical advice that is tailored to the local environment, and advise on any residual risk. Understand when risks need to be escalated to more senior staff and raise awareness of this.
Contribute to the development and enablement of security policy and security culture by collaborating with the Security Policy, Culture, Awareness and Education team, providing insight on the trends identified from security assurance activities. Assure the ongoing appropriateness of policy in accordance with regulation and wider departmental and government policies. Support risk-related work and enable compliance and governance.
Support and take part in building the network of security partners across government and national technical authorities, and within industry.
Contribute to submissions and reports for senior MoJ officials and support efforts needed to respond to requests and advisories received from government partners.
Monitor the efficiency and effectiveness of security processes across the organisation, make recommendations for continuous improvement and support the delivery of these.
Support the administration of meetings, including but not limited to setting them up, taking notes and recording actions.
About you:
You will need experience of working well within a team, desirably but not essentially in a cyber or risk related role.
You will be enthusiastic about cyber security and technology, showing willingness to grow your awareness of current and emerging technologies and their impact on existing security practices.
You will be able to communicate well with a variety of stakeholders and relay technical information to a non-technical audience.
You will possess analytical and problem-solving skills, adopting a positive approach and displaying flexibility of mind when encountering new situations.
You will display attention to detail and discretion in dealing with confidential topics.
You will need to be curious and inquisitive, probing for information where appropriate to understand business context and reasoning, understanding when to challenge security decisions made by stakeholders and how best to do this.
We'll assess you against these behaviours during the selection process:
Managing a Quality Service
Delivering at Pace
Developing Self and Others
Making Effective Decisions
Changing and Improving
The lead criterion is: Ability to proactively learn, develop and apply new cyber security skills and knowledge in accordance with changes in the wider security landscape to meet business needs. (Managing a Quality Service).
We may assess your current level of knowledge of cyber security and risk management during the selection process.