Cloud Cyber Security Risk Manager

Cloud Cyber Security Risk Manager - (2400012Z)

Description

 

UK Research and Innovation

Salary: £56,745 to £72,509 per annum dependent on skills and experience (this may include allowances)
Hours: Full time 
Contract Type: Open ended
Location: Polaris House, Swindon or Keyworth, Nottingham (Hybrid working available)

Closing Date Sunday 12th January 2025

Employees applying for any opportunity which may mean being away from your substantive role for a temporary period of time, please refer to the Recruitment Policy and associated guidance UKRI recruitment policy – UKRI for further information in the first instance.  If you are made an offer, please ensure you liaise with your Line Manager and the designated HR Team as soon as possible in order that implications of any move are clear and understood, prior to a move taking place.  

About us 

The UKRI CIO Group plays a pivotal role in managing and optimising the organisations critical enterprise technical services that underpin and enable UKRI’s business capabilities. Within the group a team of Information Security Professionals support the delivery of modern, secure, resilient and scalable services across a larger federated team of Digital, Data and Technology professionals to deliver impact across the organisation and the wider UK research and innovation system.

Purpose

This post provides a rare opportunity for an experienced information security professional to step into a lead planning and operations role in an organisation at the heart of research and innovation in the UK. Working as part of a team of technical specialists, and reporting directly to the deputy head of information security, your broad remit is to provide the Organisation with security advice and best practice whilst developing ‘Secure by Design’ protections for organisational assets across our cloud environment and embed a culture that considers security and everybody’s responsibility

Main outputs and activities

• Supporting the development of business-focused security solutions for digital products
• Ensure compliance with industry standards and regulatory requirements.
• Ensure that security policies and controls remain appropriate and proportionate to the assessed risks, are responsive and adaptable to the changing threat environment and business requirements
• Oversee daily operations of cloud security infrastructure.
• Monitor cloud environments for unusual activities and potential threats.
• Lead incident response efforts in the event of a security breach.
• Identify and mitigate security risks associated with cloud environments.
• Perform regular risk assessments and implement corrective actions.
• Provide guidance and training to employees on cloud security best practices.
• Work closely with other IT teams to integrate security measures into all cloud-based solutions.

Shortlisting criteria

(S) – Assessed at shortlisting
(I) – Assessed at interview
(S&I) – Assessed at both shortlisting and interview

Applicants will be able to demonstrate skills in line with the Cyber Security Risk Manager role using the Government Security Profession career framework.

Essential:

• Proven ability to work effectively with cross-functional teams, including developers, operations and business units, to integrate security into all aspects of the organisation (S)
• Expert knowledge of cloud application, infrastructure and networking security controls, particularly in relation to data management (I)
• Experienced in providing detailed security advice and technical security solutions (I)
• Good knowledge of cyber security and information assurance standards, e.g. ISO 27001, DPA and experience (S)
• Proven track record of leading security initiatives and projects, demonstrating the ability to manage resources and drive security initiatives (S&I)
• Experience in handling security incidents, including detection, response, and recovery (S&I)
• Experience in ensuring compliance with industry standards and regulations and developing policies to maintain compliance (S)
• Able to shape leadership decision-making through:
  • Reporting and communication regarding the effectiveness of security processes across an organisation  (S)
  • Providing recommendations to highly complex problems (I)
  • Act as an SME for complex cyber risk management concerns, issues and problems (I)

Desirable: (optional)

• Experience in managing or participating in cloud migration projects, ensuring security is maintained throughout the transition (S)
• Conducting comprehensive security audits and assessments to evaluate the effectiveness of security measures and identify areas for improvement (I)
• Experience in managing relationships with cloud service providers and security vendors to ensure they meet the organisation's security requirements (S)
• Ability to conduct training sessions and presentations to educate employees and stakeholders about cloud security best practices (I)
• Experience in a public sector organisation. (S)

Qualifications

• A professional certification (e.g., CISM, CISSP, CCSP or AWS certification)  (S)
• Degree in a related subject or relevant comparable education.  (S)

Security 

As a minimum, due to the nature of this role, candidates must be eligible for clearance in line with UK National vetting guidelines and willing to undertake the process. 

The level of clearance required is security check 

Behaviours

We'll assess you against these behaviours during the selection process at Grade 7:

• Seeing the Big Picture
• Changing and improving
• Making effective decisions
• Delivering at Pace
• Communication and Influencing

 

Qualifications

 

About UK Research and Innovation (UKRI) 

UKRI launched in April 2018, UKRI is a non-departmental public body sponsored by the Department for Science, Innovation and Technology (DSIT).

Our organisation brings together the seven disciplinary research councils, Research England, which is responsible for supporting research and knowledge exchange at higher education institutions in England, and the UK’s innovation agency, Innovate UK. Together we build an independent organisation with a strong voice and vision to ensure the UK maintains its world-leading position in research and innovation. More information can be found at www.ukri.org. 

Choosing to come to work at UKRI means that you will have access to a whole host of benefits from a defined benefit pension scheme, excellent holiday entitlement, access to employee shopping/travel discounts and salary sacrifice cycle to work scheme.  For more details, visit Benefits of working for UK Research and Innovation (UKRI).

The role holder will be required to have the appropriate level of security screening/vetting required for the role.  UKRI reserves the right to run or re-run security clearance as required during the course of employment.

How we support EDI in the workforce 

At UKRI, we believe that everyone has a right to be treated with dignity and respect, and to be provided with equal opportunities to thrive and succeed in an environment that enables them to do so. We also value diversity of thought and experience within inclusive groups, organisations and the wider community. For further information, please visit ‘How we support EDI in the workforce’. 

Disability Confident Employer

As users of the disability confident scheme, we guarantee to interview all disabled applicants who meet the minimum criteria for the vacancy/ies. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. 
 
How to apply 

Online applications only preferred for this role. Please submit a CV and covering letter which clearly outlines how you fulfil the criteria specified along with your motivation for UKRI and the role. Ensure that the job reference number is included in the filename description of each document uploaded. Note that failure to address the above criteria or submit an application without a covering letter may result in the application not being considered. Assessment will only be based upon the content of your submitted covering letter and CV and not the ‘experience’ section of the application. 

UKRI seeks to ensure it creates and maintains a system of openness, fairness and inclusion – a collaborative, trusted environment, which is attractive to and accessible to everyone who is interested in developing their career with us. 

 

Primary Location

: England-Wiltshire-Swindon

Job

: Information Technology

Organization

: UKRI - Digital Data and TechnologyContract Type: Open Ended

Unposting Date

: 12-01-2025Hours: Full-time

Salary (Pay Basis)

: Pound Sterling (GBP)54,043.00Band UKRI: UKRI-Band F