Director Cyber Defence and Risk - MoD

OverviewThe Director Cyber Defence and Risk is the Ministry of Defence lead for cyber security, providing leadership across Defence to ensure threats are understood and explicit cyber and information security risks are identified and translated into appropriate mitigations. Coheres cyber security and resilience across the Whole of Defence and with the Defence industry. Leaders on wider Strategic IT risk processes.

Responsibilities

To manage, oversee, monitor and report on overall Cyber Security risk including the Defence Board level risk and lead on the creation of appropriate response plans.

Drive cyber security transformation across Defence including partnership working with the new Defensive Cyber and EM Force.

Provide cyber, information, crypt key security and digital resilience policy direction across Defence and monitor compliance including delivery of specialist assurance services.

Define enterprise and solution cyber security architecture and act as the crypt key design authority.

Ensure all of defence is cyber security aware and educated and set functional skills standards.

Define Defence wide cyber resilience strategy and act as Portfolio owner for the defensive cyber security and crypt key programme portfolio.

Provide expert guidance and assurance to Defence equipment programmes to ensure they are secure and resilient by design and assure compliance against Defence policies.

Ensure MOD cyber security response is integrated with, and supportive of, other cyber domain activity in Defence and government.

Lead implementation of Cyber Resilience strategy.

Propose and set relevant cyber security policies and architecture standards.

Own the defence end to end cyber risk process and assure the effectiveness of mitigations working across Defence.

Create effective interventions when the risk profile exceeds tolerance and escalate.

Assure capability programmes against relevant security and resilience standards to ensure mitigating threat and risk and being secure and resilient by design.

Set the behavioural and cyber awareness expectations for Defence.

Set the professional standards for cyber skills.

Location and TravelLocation can be flexible within reason; for example, working or being based at other Defence sites within the UK (subject to line manager agreement and site availability / capacity). The MOD supports hybrid working with regular attendance expected in the office. All work-related travel and subsistence costs will be reimbursed except when travelling to your base location, in line with departmental policy.

About the jobThe Director Cyber Defence and Risk is the Ministry of Defence lead for cyber security, providing leadership across Defence to ensure threats are understood and explicit cyber and information security risks are identified and translated into appropriate mitigations. Coheres cyber security and resilience across the Whole of Defence and with the Defence industry. Leaders on wider Strategic IT risk processes.

Qualifications and Experience (examples)

A leader with a track record of successful and inclusive team management.

Prior experience of influencing corporate Board-level stakeholders. As the Departmental CISO, the post holder will brief members of the Defence Board on cyber and information security issues.

Significant change management experience in an IT security and information risk management environment and a successful track record of leading large technology transformation and delivery.

Taking a strategic perspective - keeping overall objectives and strategies in mind and not being unduly preoccupied by matters of detail.

Decision making - making decisions at the appropriate time, considering the needs of the situation, priorities, constraints, known risks, and the availability of necessary information and resources.

Cross-functional / inter-disciplinary awareness - understanding the needs, objectives, and constraints of those in other Defence professions.

Resilience, including the ability to take a robust stance under pressure where necessary and provide clear and unambiguous advice when called ..... full job details .....