Cyber Security Governance Risk and Assurance Manager
The Met Office is a ‘high-technology’ organisation with everything from supercomputers through to mobile apps. We are committed to exploiting the benefits of emerging technologies to help the Met Office remain at the forefront of weather and climate science.
Technology has increased our ability to innovate, collaborate, improve productivity and gain a competitive edge by engaging with our customers in an innovative way. However, the benefits from today’s connected world come with evolving risk. We believe that good cyber security is essential to support our ability to continue to deliver world class services and maintain our world-leading science and capability.
The Met Office seeks a Cyber Security Governance Risk and Assurance Manager to support the business in managing Cyber risks, maintaining an effective Cyber Security Management System and complying with agreed standards.
To work with the Cyber Security and Resilience Team and its customers to ensure the effective management of cyber risks and the associated controls such as policies, standards and technologies.
1. To ensure the corporate cyber risk register is managed effectively to align with corporate risk tolerance and strategy set by the CISO.
2. To ensure that cyber security policy and standards are up to date and maintain alignment with strategic goals and initiatives.
3. To provide pragmatic expert information security advice and guidance when exceptions to corporate cyber security policy and standards are requested. The job holder is the primary point of contact for the Met Office for cyber security control exception requests and has responsibility for the process and timely successful resolution of exceptions.
4. To produce corporate cyber security metrics and reports.
5. Manage cyber security assurance processes to ensure the Met Office maintains certificates and standards such as Cyber Essentials Plus, annual government Security Health Check returns and compliance with the Cabinet Office Minimum Cyber Security Standard.
6. Document and update our Met Office Cyber Security Management System.
Essential Qualifications, Skills & Abilities:
1. A relevant Cyber Security degree or Cyber Security professional qualification e.g. CISSP, CESG Certified Professional (CCP) or equivalent experience
2. Proven experience working as a Cyber Security professional with an excellent understanding of risk management
3. Extensive experience developing cyber security policies and maintaining an effective management system.
4. Capable of making and guiding effective decisions on risk, explaining clearly how the recommendations have been reached. Able to make recommendations proportionate to the level of risk and technical complexity.
5. Exceptional communication and interpersonal skills, with the confidence to inspire, inform, engage and influence at all levels of the organisation, the wider Government Cyber Security community and customers.
6. The ability to work independently and lead the agreement of effective compromise between cyber security risk management and other competing business requirements.
Desirable Qualifications, Skills & Abilities:
1. Experience of the Cabinet Office Cyber Security standards and Cyber Essentials certification
2. Experienced ISO27001 professional
3. Technical writing experience, specifically related to technology development and / or cyber security
Additional Supplementary Information:
To apply, please click on the apply button below.
Key Dates: Closing date 18/09/19 with interviews commencing 08/10/2019. Please note that you will be notified if you are successful or unsuccessful.
Should you be offered an interview, please be aware there may be a selection exercise which could include a presentation, written test or a scenario-based activity. If you require any reasonable adjustments during these exercises, please include this information in your application.
Please note, when joining the Met Office all new employees will start on the salary band minimum.
Full-time, part-time and job share applications are invited. The Met Office is an equal employer and flexible and UK homeworking requests will be considered within operational requirements. There will be a requirement for staff to attend training and induction in Exeter initially. Successful applicants will be required to work 75% of their working week in Exeter. Homeworking may be considered for 25% of week.
Candidates who are interviewed maybe considered for other similar technology posts available in the Met Office during the next 12 months.
We are a “Disability Confident” employer, Mindful Employer, with an Athena Swan Bronze award for our work on gender equality and an LGBTi network.