£60,000 (27% Pension)
We operate on behalf of government delivering Disclosure functions in England, Wales, Jersey, Guernsey and the Isle of Man, and Barring functions for England, Wales and Northern Ireland.
We operate in the complex world of safeguarding alongside our multi agency partners. Safeguarding means protecting people’s health, wellbeing and human rights, and enabling them to live free from harm, abuse and neglect.
DBS Cyber Security is a high-performing team which ensures the secure delivery of the technology and online products that underpin our citizen facing Services. This is an exciting time to join the organisation at the start of an ambitious change journey as we build our Digital Data and Technology (DDaT) capabilities that will design, build and operate services that are critical to our vision to make recruitment safer by providing outstanding quality of service to all our customers and partners.
Whether developing new systems or enhancing exiting ones you will use your architectural skills to ensure "Secure by Default" is integral to all changes during the design, development and operation stages.You will be part of a multi-disciplined cyber security, information security assurance and data protection team with management responsibilities for the cyber security team. You will work closely with internal stakeholders along with supplier communities and central Home Office as part of our technical and DDaT developments to enhance and expand our technology and digital products to deliver citizen facing services. You will also advise Senior Responsible Owners and directors to determine security designs and manage cyber risks.
- design and implement the Security Architecture, setting the security standards and design to which solutions within the Enterprise Architecture must be built.
- effectively translate cyber security risk analysis to develop the vision, principles and strategy for the development of secure solutions in line with the DDaT Strategy and the Technical Road Map.
- Lead the security engagement on projects with high strategic impact, driving the cyber security strategy and secure by design principles that can be used in the long term across the organisation.
- communicate with and influence a broad range of senior stakeholders, technical architects and cyber security risk advisors to drive the cyber security vision and principles to deliver the cyber security strategy.
- influence important business and technical architectural decisions to support the delivery of the organisational objectives.
- research, identify, validate and adopt new technologies and methodologies by following developments in the security and technology industry to ensure that the technology landscape is kept secure in line with industry standards.
- be a recognised expert and demonstrate this expertise by solving unprecedented issues and problems.
- effectively translating cyber risk analysis into standards, patterns and approaches to enable the safe exploitation of current and emerging technologies.
- line manage the Cyber Security team, supporting the team in the development and implementation of best practice security controls.
- support the delivery of the Technology and Innovation Directorate objectives e.g. business and budget planning.
- play an active part as a member of the Cyber Security Team, taking a leading role on the team and undertaking corporate duties on behalf of Head of Security.
- take a lead role in developing the ISTM team, ensuring a continued focus on VFM.
- Work as part of a wider directorate management team, bringing together skills and expertise into a single, coherent and enabling directorate.
- Person Specification
- Essential Criteria:
- One or more of the following: CCP Architect (minimum of Senior Practitioner) or CRTSA (Crest Registered Technical Security Architect)
- 5 or more years leading the secure design of major products and services.
- One or more of the following qualifications CISA, CISSP, CISM, or CIA.
- Be a CRTSA (Crest Registered Certified Technical Security Architect)
- Technology-agnostic and possess broad knowledge of a range of technologies
- Extensive working experience with network security infrastructure technologies.
- Experience of developing and leading teams to support the secure design of products and services
- Excellent knowledge of prevailing security tools and technologies.
- Working experience with ISO 27001, NIST, CoBIT, and/or other Information Security Management frameworks
- Extensive experience of implementing a wide range of security products such as audit tools, IDS, IPS, DLP, SoC, Firewalls, End Point Security, encryption, proxies, DDOS protection to inform technical security architectural design, particularly using cloud (virtualisation/ containerisation) and digital technologies.
- Experience in networking design patterns, tools and standard methodology (e.g. Amazon Web Services, Microsoft Azure, Google Cloud Platform).
- Experience of secure delivery in an Agile environment
- Making, guiding and communicating effective decisions on risks to technical and non-technical stakeholders, based on information assurance risk assessment methodology, explaining clearly how the decision has been reached.
- Strong understanding and application of NCSC best practice, guidance and architecture patterns
- Strong understanding of Data Protection legislation