Job description Working for the Cyber Resilience Centre (CRC), you will be part of an innovative and service oriented team working across DWP, other government departments and private sector partners, to build capability, detect malicious behaviour, to respond quickly to emerging online threats and to actual or potential compromises to information assets and reputational damage caused.

About the role:

Lead the incident response, determining the risk and level of impact to DWP business, including its customers and staff, and coordinating the appropriate response. You will act as a senior reference point for the DWP Security Advice Centre, Physical Security Group, Technology Services and all relevant stakeholders both internal and external to DWP.

Security incident management is a complex and rapidly evolving area and you will be expected to keep abreast of how the security environment and threat vectors impact the business. The skills required in this team are a complex blend of investigating, information analysis, decision making and technical capabilities, married with well-developed inter-personal and communication skills.

Responsibilities:

• Working with multiple internal and external stakeholders you will co-ordinate the security incident response plan, advise the Head of Cyber Resilience Centre (CRC), DWP Chief Security Officer, and Gold Incident Commanders, produce communications statements, escalate incident recovery issues and coordinate response forums to ensure effective and timely incident recovery.

• Representing SIRT at security events and governance meetings you will ensure all security issues and incidents are impacted, assigned and resolution action is taken forward.

• Lead and coordinate the response to security incidents rated high risk.

• Ensure security incidents and breaches are managed effectively within SIRT and by appropriate stakeholders.

• Provide security related advice and guidance on the threat environment and security incidents.

• Prepare and deliver briefings on the security threat landscape and security incidents.

• Manage security incidents in accordance with applicable DWP and Her Majesty’s Government (HMG) policies and standards.

• Operate security incident response plans and procedures for DWP.

• Recommend improvements to incident response procedures - Manage SIRT recommendations from live incidents and drills.

• Conduct security incident impact assessments, where necessary ensuring that security issues are escalated across the full range of security functions.

• Lead, manage and/or chair cross functional and cross government incident response groups, ensuring appropriate responses to security incidents or threats are taken.

• Manage security alerts and notices from external agencies, including the National Cyber Security Centre (NCSC).

• Establish and maintain supplier security incident response plans and procedures.

• Co-ordinate the production and continuous review of security incident response plans, procedures and processes for SIRT (Security Incident Response Team).

• Deliver timely and accurate Incident Response briefings and communications to the Head of Cyber Resilience Centre, DWP Chief Security Officer, and Department’s Senior Information Risk Owner, relevant stakeholders, delivery partners and other government departments, where appropriate, such as the Cabinet Office and NCSC/GCHQ.

• Provide effective stakeholder management to ensure remediation activities are focused on responding to security incidents in an effective and timely manner.

• Manage the coordination and DWP’s collective response to vulnerabilities identified via Threat Intelligence.

• Manage SIRT’s response to ‘zero day’ vulnerabilities – including instigating patching activity.

• Collaborate with Tech Services to manage patching activity across DWP’s assets in response to vulnerabilities that pose a threat to DWP.

• Engage with ESRM in assessment of vulnerability risks where patching activity to be undertaken.

• Manage SIRT’s response to ‘zero day’ vulnerabilities – including instigating patching activity.

• Draft communications to SCS/Perm Sec of DWP’s vulnerability exposure, mitigation activity (including patching status) across DWP.

• Manage SIRT’s role as ‘Central Planning Function’ on behalf of all incident teams within DWP for incidents that are complex, serious in nature and involve the coordinated response of more than one expert domain incident team.

• Support the timely identification of appropriate Incident Commander within DWP. Mentoring them on appropriate decision making.

• Lead SIRT’s full end-to-end understanding of a serious / complex incident impacting DWP, and provide situational awareness role on behalf of Incident Commander.

• Ensure Incident Commander has access to specialist and expert advice from Legal Group; Press Office; DWP Communications etc.

• Fully contribute to SIRT’s regular drilling / exercising and learning events to build capability and embed incident response procedures.

• Implement and manage appropriate Management Information (MI) capture in relation to reported security events/incidents – including production of KPI’s to feed DWP ET and S&R SLT requirements.

• Provide expert ‘incident management’ stakeholder input into the development of new capabilities within CRC and across DWP.

• Manage the administration of Symantec software for setting up and deleting user accounts, white ad blacklisting email domains and raising queries for DWP with the current service provider.

• Manage effective, collaborative working relationships with Security teams within the supplier community – e.g. DXC, BT.

• Voluntarily provide 24/7 ‘escalation’ out of hours cover for security incident management across DWP on behalf of SIRT and all other areas of S&R. Person specification In your application, please provide evidence of how you meet the required experience/skills detailed below:

• Proven experience applying risk based security controls in decision making and using security risk management methodology and techniques for the assessment and management of business and information risk.

• Proven experience managing suppliers to deliver a secure service in a complex environment with multiple service providers.

• Proven experienced handling security incidents of direct concern to senior leaders up to director levels, regulatory bodies and/or ministers; and deep knowledge and/or understanding of requirements to co-ordinate responses to security incidents across multiple organisations.

• Proven experience communicating complex security related messages and presenting updates and recommendations in a clear and comprehensive manner to a senior audience.

• Experience of managing suppliers to deliver a secure service in a complex environment with multiple service providers.