Security and Resilience Exercise Manager

Job description

We all get better through practice, and as the Security and Resilience Exercise Lead at GDS you will help us validate our plans by developing, managing, coordinating and delivering an exercise programme. You’ll help us to build our security confidence as we practise and evaluate our skills, test our systems and validate the effectiveness of our business continuity programme and our cyber resilience.

You will help us to run table top scenarios, incident response drills and test our playbooks. You’ll write red and blue team scenarios, testing policies and standards and design tests of our security awareness. You’ll also be involved in identifying and writing up post-exercise analysis reports, engaging with external suppliers for testing and reviewing details of previous attacks. Based on what we learn, you’ll help us to find the lessons we need to implement to improve our resilience with a demonstrable capability to respond to and recover from an incident or crisis.

As our Security and Resilience Exercise Lead you’ll:

• Have a good knowledge of agile project management processes and  understanding the importance of continuous improvements by running tabletop simulations of cyber events to help us to learn and respond together.
• Understand the organisational culture and how to influence it by developing innovative solutions for exercising our playbooks and plans.
• Coordinate external assurance audit programmes such as GovAssure so that we can measure and report on improvements to our security.
• Oversee and coordinate system-wide penetration and other tests for digital services so that we can safely check our security controls and improve them. 
• Work with purple teams to experiment with the creation of new technical controls.
• Find creative, proportionate ways to measure our adherence to the Government Cyber Security Standard.
• Describe and report the results of our exercises clearly so that we can turn our lessons learned into better controls and processes.

Person specification

We’re interested in people who:

• have experience managing and delivering exercises for government departments or similar organisations. This could include developing scenarios, identifying potential threats and vulnerabilities, and coordinating response efforts.
• have a strong understanding of government security policies and procedures, including those related to cybersecurity, data protection, and risk management.
• are familiar with the latest trends and best practices in security exercise design and delivery, including the use of simulation tools and techniques.
• have excellent negotiating, influencing, communication and interpersonal skills, with the ability to work effectively with a wide range of stakeholders, including senior officials, technical experts, and non-technical decision-makers.
• are able to think strategically and critically, with the ability to identify potential gaps in security and develop innovative solutions to address them.
• translate the outcomes of exercises into effective incident playbooks and ensure routine maintenance of these.
• have experience working in a fast-paced and dynamic environment, with the ability to adapt quickly to changing circumstances and priorities.
• have facilitation skills to guide and direct workshops, planning sessions, meetings, training, and exercises to achieve productive outcomes.
• an understanding of wider industry practices and solutions for effective security exercises such as NCSC and OWASP table top.

Benefits

The benefits of working at GDS

There are many benefits of working at GDS, including:

• flexible hybrid working with flexi-time and the option to work part-time or condensed hours
• a Civil Service Pension with an average employer contribution of 27%
• 25 days of annual leave, increasing by a day each year up to a maximum of 30 days
• an extra day off for The King’s birthday
• an in-year bonus scheme to recognise high performance
• career progression and coaching, including a training budget for personal development
• paid volunteering leave
• a focus on wellbeing with access to an employee assistance programme
• job satisfaction from making government services easier to use and more inclusive for people across the UK
• advances on pay, including for travel season tickets
• death in service benefits
• cycle to work scheme and facilities
• access to children's holiday play schemes across different locations in central London
• access to an employee discounts scheme
• 10 learning days per year
• volunteering opportunities (5 special leave days per year)
• access to a suite of learning activities through Civil Service learning

GDS offers hybrid working for all employees. This means that everyone does some working from home and also spends some time in their local office. You’ll agree to your hybrid working arrangement with your line manager in line with your preferences and business needs.

Any move to Government Digital Service from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk

Things you need to know

Selection process details

The standard selection process for roles at GDS consists of:

• Application stage - CV and two application questions 

  As part of your application, you’ll be asked to submit an anonymised CV demonstrating your previous work history. It is essential that your CV meets the skills and experience listed in the person specification above. 

  You will also need to answer two application questions based on the person's specifications and one security question.

  Failure to submit your CV and complete the application questions may result in your application being unsuccessful.

• Video Interview stage - Give a 15-minute presentation during your interview. More details will be provided if you are successful at the sift stage. The video Interview will be no more than 60 minutes. 

In the event we receive a high volume of applications, we will conduct the initial sift against the lead criteria which is:

Have a good knowledge of agile project management processes and  understanding the importance of continuous improvements by running tabletop simulations of cyber events to help us to learn and respond together.

Depending on how many applications we get, there might also be an extra stage before the video interview, for example a phone interview or a technical exercise.

Whilst we value the use of AI technology to enhance our daily work, we also value the personal touch and urge applicants to write responses without the use of AI to emphasise their own unique experiences.

Please note that this role requires SC clearance, which would normally need 5 years’ UK residency in the past 5 years. This is not an absolute requirement, but supplementary checks may be needed where individuals have not lived in the UK for that period. This may mean your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible.

In the Civil Service, we use Success Profiles to evaluate your skills and ability. This gives us the best possible chance of finding the right person for the job, increases performance and improves diversity and inclusivity. We’ll be assessing your technical abilities, skills, experience and behaviours that are relevant to this role.

For this role we’ll be assessing you against the following Civil Service Behaviours: 

• working together
• changing and improving
• managing a quality service
• communicating and influencing
• delivering at pace 

Candidates that do not pass the interview but have demonstrated an acceptable standard may be considered for similar roles at a lower grade..

A reserve list will be held for a period of 12 months, from which further appointments can be made.

Recruitment Timeline ;

Every effort will be made to keep to the timeline but where this is not possible dates are subject to change

Role closes - Sunday, 10th November 2024

Sift will be commencing from Monday, 11th November 2024

Panel Interview - Week commencing Monday, 25th November 2024

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service D&I Strategy.

Other information:

Occasionally, business pressures, priorities or critical delivery may mean that we move you into a different team or work area within GDS. This will always be within the same grade and discipline within which you were hired, but does mean that your focus or objectives may shift in order to deliver GDS business.

You may be aware that there are plans for the Government Digital Service (GDS) & the Central Digital & Data Office (CDDO) to move into the Department of Science, Innovation & Technology (DSIT). This move is to bring together the digital transformation of public services into one core department. The move itself will offer huge opportunities whilst allowing DSIT to lead the way and drive forward the new Government's digital agenda. 

As the announcement is relatively new, we are awaiting more detailed information. Therefore, we encourage you to apply for this role, and will keep you informed with updated information throughout the application process.

Feedback will only be provided if you attend an interview or assessment.