Principal Cyber Security Risk Manager
About us
The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.
Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.
Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.
Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.
The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission.
DBT Cyber work to improve the security of the systems and processes that affect the operation of the Department. The Governance Risk and Compliance (GRC) team were established to create a safer Cyber landscape to deliver DBT’s vision and do this through establishing good practice in new information projects, reviewing compliance and setting standards for the department.
About the role
The Principal Cyber Security Risk Manager identifies, understands, and mitigates cyber-related risks. They provide risk and service owners with advice to help them make well informed risk-based decisions. Reporting to the Head of Cyber, the role will collaborate with the other teams in Cyber and the broader DDaT community and is responsible for the IRAP service, process enhancements, IRAP case approvals to medium and liaising with SIRO for high-risk cases.
You’ll need to possess cloud expertise, experience, integrity and be able to communicate across all levels and professions within the department, working with teams that are under pressure to provide the most informed risk assessment possible to decision makers.It will take strong collaboration skills to work across the department and with external stakeholders to protect and promote a governed, Cyber risk aware and compliant DBT.
There are four key areas of this role:- Assess
- leading risk and threat assessments activities at paceExplain
- creating tailored oral and written communications, briefings and preparing advice on regulation, guidance, policy, standards and risk assessment documentationInfluence
- establishing a reputation of authority & influence to enable risk owners, suppliers, developers, and project leads to make well informed decisionsInspire
- line managing SEOs and below in the team and support their progression
Main responsibilities
You will be a risk assurance professional who understands technology and can:
- Independently lead and undertake Cyber risk identification and management activities, making use of established security and risk management governance structures and where necessary developing new ones
- Undertake Cyber Security risk assessments as part of the IRAP (Information Risk Assurance Process), conduct tailored threat assessments and other risk management activities, to ensure activities are consistent with applicable regulations, legislation, good practice, and Government guidance
- Mentor and develop junior team members in Risk assessment
- Be the point of contact for the CTO and SIRO about Cyber Security Risk
- Provide tailored advice to a range of stakeholders on how to mitigate identified risks by proportionately applying security good practice, ensuring credible advice that is aligned to published guidance and standards and drawing on the breadth of expert support available
- Supporting Cyber compliance and audit activities
- Work across the Cyber team and other professions to provide practical expert advice that enables risk-based decision making at all levels within the department