---

Job description

Join a team at the heart of the global economy!  We create digital services, data tools and technology for businesses to prosper around the world. Have a look at our video!  Our Digital, Data and Technology team develops and operates tools, services, and platforms that enable the UK government to provide world leading support to businesses in the UK and overseas.  You'll get to constantly push boundaries in an environment free of heavy legacy, driven by curiosity, social purpose, diversity of thought, entrepreneurship, and the aspiration to offer an incredible experience to all our users. Find out more on our blog, Digital Trade.  As a Risk Lead, you will be part of a team responsible for the Cyber Risk and Compliance aspect of Cyber Security within DIT.  Reporting to the Risk and Compliance Manager, the role will collaborate with the other teams in Cyber and the broader DDaT community. The team is responsible for cyber risk management, maintaining in-house system security assurance, running cyber security training throughout the department, managing, and complying with policies and standards, and audit management and response. You’ll need to possess integrity and the experiential authority to represent risks as an independent party and have strong collaboration skills to work with other cyber teams and internal and external stakeholders..

Responsibilities

• Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures.
• Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments as part of the IRAP (Information Risk Assurance Process).
• Conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation.
• Provide tailored advice to a range of stakeholders on how to mitigate identified risks by proportionately applying security capabilities, using published guidance and standards, and drawing on a range of experts as well as personal expertise.
• Provide expert security advice that highlights Cyber Security related risks, so risk or service owners can make well-informed and auditable decisions. 

Skills and Qualifications

Essential Skills

• Professional information security certification like CISSP or similar, or willingness to attain
• Experience in a risk assurance role.
• Solid knowledge of various information security frameworks
• Paying attention to detail.
• Effective verbal and written communication skills.
• Knowledge of agile methodologies and their application.

Desirable Skills

• Experience working within the UK government or similar organisations.
• Broad understanding of cloud-based technical environment.
• Problem-solving and analytical skills.

Further Information

Worktime: To be confirmed.