Senior IT Security Risk Manager

On behalf of DWP we are looking for a Senior IT Security Risk Manager for a 12 month (Inside IR35) contract. Hybrid working with 2 days per week in London, Leeds, Manchester or Newcastle.

The Department for Work and Pensions (DWP) is responsible for welfare, pensions, and child maintenance policy. As the UK's biggest public service department, it administers the State Pension and a range of working age, disability and ill health benefits to around 20 million claimants and customers. As such, we operate on a scale that is almost unmatched anywhere in Europe and most people in Britain come into contact with us at some point in their lives.

Working with DWP, you will be helping us to drive our priorities to:

. Run an effective welfare system that enables people to achieve financial independence by providing assistance and guidance into employment
. Increase saving for, and security in later life
. Create a fair and affordable welfare system which improves the life chances of children
. Deliver outstanding services to our customers and claimants
. Deliver efficiently: transform the way we deliver our services to reduce costs and increase productivity

This is a critical role coordinating and delivering the Digital Security/Fraud Risk management programme of work, with risk driving security, enabling a clear and realistic view of Security/Fraud Risk information. The role forms a vital first line capability within the HMG three line defence model.

You will work within the Digital Group's Working Age Services to help deliver 1st line risk identification, assessment, remediation and treatment of risks. You will identify controls and make recommendations to address security vulnerabilities and control weaknesses in projects and programmes, whilst leading and influencing the management of tactical and strategic risks.

As a Senior IT Security Risk Manager your main responsibilities will be to:

. Identify physical, personnel and information Security Risks and vulnerabilities, issues, and that incidents are triaged, prioritised and actioned.
. Ensure the implementation of the Governance Risk and Compliance methodology and day to day utilisation of the risk management toolsets.
. Supporting and ensuring consistency in approach for the delivery of risk-informed decisions regarding current and future security investments required to protect assets and transform the security architecture.
. Identify, assess and report on systemic information Security/Fraud Risks, and on the strengths and weaknesses of Security/Fraud Risk controls across the Department.
. Manage and/or lead the identification, assessment and remediation of Security/Fraud Risks, and the risk management life cycle.
. Identify, capture or contextualise risks, enabling risk owners and risk managers to take responsibility for the management and maintenance of their Security/Fraud Risks.
. Lead the research/evaluation of business processes aligned to known/emerging fraud/security risks.
. Develop the business case for security remediation initiatives, and/or advise on remedial actions, and on the development of remediation plans from a Security Risk perspective.
. Manage or oversee circumventions to existing security policies and procedures assessing the risk.
. Work with business and technology stakeholders to develop, update or review Security/Fraud Risk assessments and Security/Fraud Risk management plans, providing a holistic and strategic view of delivery as required.
. Work closely with security and other internal and external stakeholders, to ensure threats, vulnerabilities and opportunities with the potential to impact or improve resilience of Digital IT Infrastructure are identified, and/or reported appropriately.
. Work closely with Security/Fraud stakeholders contributing to the delivery of common goals.
. Work closely with delivery to design out fraud/minimise security risks at every level of design.
. Identify, assess and measure emerging Security/Fraud Risks, or report to programme and senior stakeholders based on current trends and issues

Essential:

. An active SC Clearance is an essential requirement for this role.
. Knowledge and experience in the design, implementation, and operation of enterprise scale GRC programmes and IT Security/Fraud Risk management frameworks or capabilities, ideally within a large government or complex large multi-supplier organisation.
. Practical experience of negotiating with stakeholders at senior levels, and translating business and strategic risk requirements into secure solutions through improvements in information systems, data management, practices and procedures.
. Experience of working on complex IT infrastructures and across a multi-supplier model, deploying best practice IT controls and GRC (Governance, Risk Management and Compliance) tools, ideally across a complex large scale organisation.
. Experience identifying, assessing, and documenting potential risks and their impact on the business, and or performing business continuity or Security/Fraud Risk and vulnerability assessments, and or business impact analysis, on complex information systems.
. Experience and understanding Security strategies and principles.
. Experience of contributing to the development of organisational strategies that address information control requirements, providing authoritative advice and guidance on the requirements for security controls to reduce design risk, and to drive the adoption of security policy and standards.
. Experience and understanding of working with digital projects and of Agile project methodology.

Please be aware that this role can only be worked within the UK and not Overseas.

Disability Confident

As a member of the Disability Confident Scheme, DWP guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. This scheme encourages candidates with a disability and/or neurodivergence to apply.

In applying for this role, you acknowledge the following "this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different".