Cloud Cyber Security Risk Manager

UK Research and Innovation

UKRI convenes, catalyses and invests in close collaboration with others to build a thriving, inclusive research and innovation system.

Cloud Cyber Security Risk Manager-(2400012Z)

Description

Salary: £56,745 to £72,509 per annum dependent on skills and experience (this may include allowances)
Hours: Full time
Contract Type: Open ended
Location: Polaris House, Swindon or Keyworth, Nottingham (Hybrid working available)

Closing Date: Sunday 12th January 2025

About us

The UKRI CIO Group plays a pivotal role in managing and optimising the organisations critical enterprise technical services that underpin and enable UKRI’s business capabilities. Within the group a team of Information Security Professionals support the delivery of modern, secure, resilient and scalable services across a larger federated team of Digital, Data and Technology professionals to deliver impact across the organisation and the wider UK research and innovation system.

Purpose

This post provides a rare opportunity for an experienced information security professional to step into a lead planning and operations role in an organisation at the heart of research and innovation in the UK. Working as part of a team of technical specialists, and reporting directly to the deputy head of information security, your broad remit is to provide the Organisation with security advice and best practice whilst developing ‘Secure by Design’ protections for organisational assets across our cloud environment and embed a culture that considers security and everybody’s responsibility.

Main outputs and activities

• Supporting the development of business-focused security solutions for digital products.
• Ensure compliance with industry standards and regulatory requirements.
• Ensure that security policies and controls remain appropriate and proportionate to the assessed risks, are responsive and adaptable to the changing threat environment and business requirements.
• Oversee daily operations of cloud security infrastructure.
• Monitor cloud environments for unusual activities and potential threats.
• Lead incident response efforts in the event of a security breach.
• Identify and mitigate security risks associated with cloud environments.
• Perform regular risk assessments and implement corrective actions.
• Provide guidance and training to employees on cloud security best practices.
• Work closely with other IT teams to integrate security measures into all cloud-based solutions.

Shortlisting criteria

(S) – Assessed at shortlisting
(I) – Assessed at interview
(S&I) – Assessed at both shortlisting and interview

Applicants will be able to demonstrate skills in line with the Cyber Security Risk Manager role using the Government Security Profession career framework.

Essential:

• Proven ability to work effectively with cross-functional teams, including developers, operations and business units, to integrate security into all aspects of the organisation (S).
• Expert knowledge of cloud application, infrastructure and networking security controls, particularly in relation to data management (I).
• Experienced in providing detailed security advice and technical security solutions (I).
• Good knowledge of cyber security and information assurance standards, e.g. ISO 27001, DPA and experience (S).
• Proven track record of leading security initiatives and projects, demonstrating the ability to manage resources and drive security initiatives (S&I).
• Experience in handling security incidents, including detection, response, and recovery (S&I).
• Experience in ensuring compliance with industry standards and regulations and developing policies to maintain compliance (S).
• Able to shape leadership decision-making through:
  • Reporting and communication regarding the effectiveness of security processes across an organisation (S).
  • Providing recommendations to highly complex problems (I).
  • Act as an SME for complex cyber risk management concerns, issues and problems (I).

Desirable: (optional)

• Experience in managing or participating in cloud migration projects, ensuring security is maintained throughout the transition (S).
• Conducting comprehensive security audits and assessments to evaluate the effectiveness of security measures and identify areas for improvement (I).
• Experience in managing relationships with cloud service providers and security vendors to ensure they meet the organisation's security requirements (S).
• Ability to conduct training sessions and presentations to educate employees and stakeholders about cloud security best practices (I).
• Experience in a public sector organisation (S).

Qualifications

• A professional certification (e.g., CISM, CISSP, CCSP or AWS certification) (S).
• Degree in a related subject or relevant comparable education (S).

Security

As a minimum, due to the nature of this role, candidates must be eligible for clearance in line with UK National vetting guidelines and willing to undertake the process. The level of clearance required is security check.

Behaviours

We'll assess you against these behaviours during the selection process at Grade 7:

• Seeing the Big Picture
• Changing and improving
• Making effective decisions
• Delivering at Pace
• Communication and Influencing

How to apply

Online applications only preferred for this role. Please submit a CV and covering letter which clearly outlines how you fulfil the criteria specified along with your motivation for UKRI and the role. Ensure that the job reference number is included in the filename description of each document uploaded. Note that failure to address the above criteria or submit an application without a covering letter may result in the application not being considered. Assessment will only be based upon the content of your submitted covering letter and CV and not the ‘experience’ section of the application.

UKRI seeks to ensure it creates and maintains a system of openness, fairness and inclusion – a collaborative, trusted environment, which is attractive to and accessible to everyone who is interested in developing their career with us.