The Home Office works to build a safe, fair and prosperous UK. We achieve this through our work on counter-terrorism, policing, fire, crime, drugs policy, immigration and passports.

The Public Safety Group’s role is to keep the public safe by cutting crime, disrupting the highest harm criminals, protecting the vulnerable and ensuring that our police, fire and rescue services are as efficient and effective as they can be in delivering front line public services. We work with our partners in other government departments, local government and the voluntary sector to develop and implement policy, provide funding, and deliver legislation.

Britain’s emergency services work 24/7 to serve the public in some of the most dangerous and challenging situations. To help them do their job even more effectively, the Emergency Services Mobile Communication Programme (ESMCP) is creating a next generation mobile communications network, including secure and resilient voice and broadband data services enabled by cutting-edge products and applications.

The Emergency Services Network (ESN), the replacement solution for the emergency services radio communication system (Airwave), is being developed by ESMCP. ESN will be used by thousands of front-line police officers, paramedics, fire fighters and back-office workers, along with employees from related operational organisations such as the Home Office, Border Force, and Immigration. ESMCP also provides governance oversight for Airwave, the current communications service used by the Emergency Services in the UK.

The Senior Cyber Risk Security role will support the Airwave communications service and development of the new Emergency Services Network (ESN). Reporting to the Security Operations Lead, the post holder will be the key point of contact for cyber security and information risk, managing cross-government cyber security governance and a supporting risk management framework.

The Senior Cyber Security Risk Manager identifies, understands and mitigates cyber-related risks. They identify and evaluate security risks to information, systems and processes owned by the organisation, and proactively provide appropriate advice, drawing on a wide variety of sources, to stakeholders across the organisation and at a variety of levels. They provide risk or service owners with advice to help them make well informed risk-based decisions, in accordance with risk appetite.

Key Responsibilities

Your main day to day responsibilities will be:

• The planning and implementation of organisation-wide processes and procedures for the management of risk to the success or integrity of the business, especially those arising from the use of information technology, and inappropriate disposal of materials, hardware or data. Monitor the efficiency and effectiveness of the risk management processes across the organisation and make recommendations for continuous improvement
• Conducting reviews and risk assessments when necessary and feedback findings to the relevant parties. Communicate risk assessment outcomes to stakeholders in ways that support effective security, risk management and decision-making. Recommend where risks should not be tolerated but escalated, using professional judgement and factoring in business area risk appetite. Advise stakeholders on their approach to risk assessment in the context of their business outcomes
• Working within established security and risk management governance structures to support, review and undertake straightforward risk management activities such as: analysis and derivation of business-supporting security needs; undertaking cyber security related risk assessments; basic threat assessments and other risk management activities
• Interpreting and contributing to the development of risk management-related policy, processes and standards, in accordance with regulation and wider departmental and government policies. Have an understanding of the applicability of appropriate legislation and regulations, while able to work as part of a wider team in providing a centralised, joined-up assurance function
• Providing advice to address identified cyber security related risks by applying a variety of security capabilities, which may include using published guidance, standards or experts as appropriate. Has excellent communication skills, verbal and written, and is able to work in a diverse team across multiple locations: Provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different assurance activities (such as a pen test, audits) ensuring they are tracked and monitored, holding action owners to account as necessary, make recommendations for improvement, and operates in line with Home Office processes
• Helping risk or service owners to make decisions that are well informed by good and clear security advice, including contributing to reports or working within established reporting chains in a security team
• Identify and classify security vulnerabilities in networks, systems and applications and mitigating or eliminating their impact. Analyse supplier’s provided evidence of complex information systems to understand the associated Cyber Security risks, audit requirements, and data value. Assist in the prioritisation of those vulnerabilities through a risk-based approach
• Monitor, triage and investigate security incidents, perform analysis of security event data to support the response, reporting or escalating where appropriate

Note: An employee may be required to carry out other duties within the scope of the grade and within the limits of their skill, competence and training.

Working Pattern

Due to the business requirements of this role, it is only available on a full-time basis. However, compressed hours are available.