Skip to main content

Security Incident Management & Operations Lead

Posted: 18 Jun 2019 Closes: 17 Aug 2019
London, Reading, Bristol National - £46,612, London - £51,258 - National - £54,320 London - £59,740
Flexible defra/20190618193118

This is a highly influential and strategically important role for Defra. It will act as the lead for management and investigation of security incidents for Defra group, taking responsibility for preparing for and responding to major security incidents, ensuring appropriate policy and procedures for incident management are in place, and acting as the primary point of contact for group level incident management 

The Department for Environment, Food and Rural Affairs (Defra) is the UK government department responsible for safeguarding our natural environment, supporting our world-leading food and farming industry, and sustaining a thriving rural economy. Our broad remit means we play a major role in people's day-to-day life, from the food we eat, and the air we breathe, to the water we drink. 

Government security is undergoing a step change, and now is an exciting time to get involved. The security profession has an increasingly important role to play in a more digital world - the vision is to create an energetic, forward-thinking and technically proficient profession for government that leads the way in balancing security risks with the delivery of cost-effective, high-quality services. As part of this step change, Defra’s specialist security function is currently undertaking a transition to a more integrated model bringing together skills across physical, personnel and cyber security. 
We are currently recruiting for a Security Incident Management & Operations Lead to support senior management in responding to and managing security incidents 

This is a highly influential and strategically important role for Defra. It will act as the lead for management and investigation of security incidents for Defra group, taking responsibility for preparing for and responding to major security incidents, ensuring appropriate policy and procedures for incident management are in place, and acting as the primary point of contact for group level incident management 

The role will form a part of Defra group’s security leadership team, and will also be responsible for jointly setting security priorities and objectives for the group. This is the senior role at group level responsible for responding to security incidents, and therefore has extensive impact and reach 

Responsibilities will include 

• Visibly lead on response to major security incidents, including physical, personnel, cyber and information security incidents, dealing with complex and varied situations where no clear guidance is available, assimilating available information and making clearly reasoned recommendations to senior stakeholders. 

• Developing and maintaining the ‘front door’ to the security team, ensuring that comms channels are fit for purpose, requests for support and advice are triaged effectively, actions are prioritised and customers receive a high quality service. 

• Representing Defra group in cross-government security incident response committees and fora, ensuring that Defra group requirements and challenges are clearly articulated. 

• Actively involving resources from across Security Management and Assurance team to effectively respond to incidents, events and requests for support, working with wider team to balance workload and ensure effective prioritisation. 

• Creating and maintaining security incident management playbooks at both operational and senior management/Director levels for Defra group, providing clear policy, process, responsibilities and governance for tackling security incidents across core Defra, agencies and arms length bodies. 

• Coordinating across all parts of Defra group to draw on best practice, align incident management processes and integrate with group level approach. 

• Working with Business Continuity teams to ensure clear roles and responsibilities for incident management and recovery. 

• Working with communications teams to communicate roles and responsibilities for security incidents across Defra group, and to ensure communications channels are established for incident management. 

• Coordinating and leading security incident exercises across physical, personnel and cyber security incidents. 

• Acting as primary point of contact and lead for management of security incidents, drawing on expertise from wider Security and Assurance Team and Security Operations teams to triage, manage, investigate and respond to incidents. 

• Leading on investigation of leaks and other security breaches on behalf of Defra group, conducting investigations in accordance with policy and in collaboration with Cabinet Office where appropriate. 

• Reporting on security incidents, events and advisory requests to security governance groups, including agreeing reporting processes and thresholds will all areas of the business, and overseeing analysis, identification of trends and root cause analysis. 

• Establishing strong relationships with Security both within Digital, Data and Technology Services (DDTS)/Defra and wider government departments in order to manage risk profile effectively. 

• Full line management responsibilities of a small team, delivering team objectives and embedding DDTS/Defra vision, values and culture. 

• Responsible for performance of the incident management and operations team including all decision making associated work allocation and completion of all activities. 

The successful candidate will either hold DV clearance or will be required to obtain DV clearance prior to commencement of the role 

Person specification 

We are looking for candidates to demonstrate: 

• Engaging, advising and influencing at all levels of an organisation including senior managers and proven leadership skills in challenging and complex environments. 

• Taking a cross-government approach, considering the impact of your decisions in the broadest of settings. 

• Forming excellent relationships within your organisation and with the wider security community including teams and the UK Intelligence Community. 

• Analysing complex information in order to provide appropriate expert advice and guidance. 

• Managing complex and diverse workload, drawing on multiple teams to complete tasks. 

• Performing effectively to deadlines, maintaining focus in challenging situations and adapting to find solutions that meet the needs of stakeholders. 

Any of the following qualifications would be desirable: 

• CISSP (Certified Information Systems Security Professional). 

• CISM (Certified Information Security Manager). 

• CISMP (Certificate in Information Security Management Principles). 

These should be detailed in your CV if applicable. 

Important information 

Please note that there is the possibility of a number of roles in the security team that may become part of the Home Office government Cluster 2 Security Unit (C2SU) which has a remit to provide services pan government. This role may or may not be subject to a future move under TUPE. 


We'll assess you against these behaviours during the selection process:

  • Communicating and Influencing
  • Changing and Improving
  • Making Effective Decisions
  • Managing a Quality Service
  • Working Together

We only ask for evidence of these behaviours on your application form:

  • Communicating and Influencing
  • Changing and Improving
  • Making Effective Decisions



Civil Service pension schemes may be available for successful candidates.


The benefits of working for Defra 

Equality Diversity and Inclusion: 

We have many strong and pro-active staff Networks that cover a broad range of requirements including 
Mental Health and Disability. We also have a range of Special leave policies for hospital appointments and a 
commitment to putting reasonable adjustments in place for those who need them. 

The department also places significant emphasis on talent programmes which help everyone to achieve their full potential. 

The Civil Service as a whole is committed to providing a work environment free from discrimination, harassment, bullying and victimization. There is a range of support in place to help and support those that may be experiencing difficulties including the Bullying and Harassment network and Mediation services. 


Your pension is a valuable part of your total reward package. 

Defra invests in providing a contribution to the cost of your pension (contribution rates vary between 20.0% and 24.5%, dependent upon salary) 

The contributions you make are deducted from your salary before tax is taken. 

Generous Annual Leave and Bank Holiday Allowance: 

Defra offers 25 days annual leave (rising, over 5 years, to 30 days) for full time new entrants to the Civil Service. Employees receive 8 public holidays a year, plus an additional day in May to mark the Queen’s Birthday. 

Staff Recognition:

We have a Staff Recognition Scheme, to reward exemplary work. 

Learning and Development: 

All new employees joining (and returning) to Defra will have an induction to the department, our work and policies. You will have access to a broad range of learning and development opportunities with world class providers.

Mentoring and Coaching: 

Mentoring is an effective means of developing your career, boosting your confidence and empowering both the mentor and mentee. All our employees have the opportunity to voluntarily engage and work with a Mentor or a Coach. 


Defra employees are entitled to 3 days special leave with pay, per year, for volunteering. We encourage our employees to take this up, as it can be a great way to share skills with worthy charitable causes, while developing new insights and stronger links with the civil society sector. 


We fully support reservists and offer 15 days special leave with pay for training 

Salary Sacrifice: 

Childcare vouchers: 

The government has introduced the Tax-Free Childcare (TFC) scheme. Working parents can open an online childcare account and for every £8 they pay in, the government adds £2, up to a maximum of £2000 a year for each child or £4000 for a disabled child. Parents can then use the funds to pay for registered childcare. 

Bicycle Loan Schemes: 

Defra offers interest-free loans towards the cost of a bike and Cycle to Work Scheme. Defra loans you a bike for your commute as a tax-free benefit. At the end of the loan period, you have the option to buy the bike, saving 30% of the original cost. 

Season Ticket Loan:

We offer interest-free season ticket loans to all Defra employees with more than three months’ service, for purchasing train and bus season tickets, as well as station car parking 

Sick Pay:

We offer a generous and supportive Sick Pay Policy, with Sick pay progressively increasing, by the length of service, beginning at one month’s sick pay in the first year of service. 

Employee Discounts: 

Defra employees have access to a range of discounts at hundreds of top retailers via our employee discount scheme. 

Give as You Earn: 

Defra is registered with the Give as You Earn scheme, which enables you to make regular deductions directly from your salary, in support of a chosen charity. This is simple and tax efficient. 

Flexible working: 

Defra is committed to providing a great place to work and is open to smarter ways of working that enable you to choose how, when and where you want to work in line with business needs. This includes the ability to work from home, work compressed hours and choose from a range of locations best suited to when and where you need to be. Our offices are equipped with a range of onsite facilities including fitness centres, staff canteens and much more. You can discuss where you will be based and the amount of travel you will need to undertake at the interview with the Vacancy Holder. 

Employee Assistance Programme: 

Is a free and confidential 24/7 telephone advice service available to all our staff. 

Occupational Health Service: 

Provides a range of support services, to optimise attendance, engagement and performance at work. 

Sports and Social Association: 

Promotes sports and social activities and organises our annual sports day and staff lottery.



Things you need to know


Successful candidates must pass a disclosure and barring security check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check.

Nationality statement

Candidates will be subject to UK immigration requirements as well as Civil Service nationality rules.

If you're applying for a role requiring security clearance please be aware that foreign or dual nationality is not an automatic bar. However certain posts may have restrictions which could affect those who do not have sole British nationality or who have personal connections with certain countries outside the UK.

Selection process details

This vacancy is using Success Profiles, and will assess your Behaviours and Experience.

Please note depending on the volume of applications an initial sift may be conducted on the lead behaviour 
Communicating and Influending, candidates must pass this behaviour for their application to be progressed. 

Please note:
Feedback will only be provided if you attend an interview or assessment.

Nationality requirements

Open to UK, Commonwealth and European Economic Area (EEA) and certain non EEA nationals. Further information on whether you are able to apply is available here.

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles.

The Civil Service embraces diversity and promotes equality of opportunity. There is a guaranteed interview scheme (GIS) for candidates with disabilities who meet the minimum selection criteria.


Department for Environment, Food, and Rural Affairs

Share Job