Vulnerability Manager

Job description

As a Vulnerability Manager in the Domains team you will work with the other members of the Monitoring and Sharing service, and the Problem Managers, and be responsible for:

• understanding vulnerabilities in the infrastructure, tools and services that Public Sector bodies commonly use in the development and delivery of their digital services
• understanding how to prioritise these vulnerabilities based on risk
• developing guidance to help Public Sector bodies fix these vulnerabilities
• delivering this guidance and providing direct support to help Public Sector bodies fix these vulnerabilities
• helping Public Sector bodies understand, assess and act on the vulnerability information they receive
• leading a small team of specialist Problem Managers and a Campaign Manager, ensuring that they have the tools and skills they need to contribute to the delivery of the service, and they understand how to prioritise problems based on value at risk
• ensuring that your team delivers the relevant guidance effectively to all levels of seniority and technical competence  
• identifying improvements to be made, specifically, and generally, identifying common problems and solutions across multiple organisations
• working closely with the Government Cyber Coordination Centre (GC3), the UK government’s focal point for cross government collaboration on operational cyber security
• working with the service owner to improve the quality of the data we share with public sector bodies
• developing a supportive environment for staff, promoting a learning culture of constructive feedback and continuous professional development

Person specification

This role aligns to the following in the Government Digital and Data Profession Capability Framework

Security Architect

• Communication (security architect).
• Enabling and informing risk-based decisions. 
• Analysis. 

Specialist skills required

You will also have expert-level skill of the following:

• how domains are used to support internet services and their security 
• maintaining good relationships with senior technical and business stakeholders at scale across the UK Public Sector to influence action
• capturing and presenting quantitative, business-relevant Key Performance Indicators from large data sets to show delivery of value and service improvements 
• embedding pragmatic and repeatable processes and tools, and embedding these across a small team
• reviewing, prioritising and addressing cyber vulnerability issues at scale and at speed across multiple organisations in several sectors

Benefits

The benefits of working at CDDO

There are many benefits including:

• flexible hybrid working with flexi-time and the option to work part-time or condensed hours
• a Civil Service Pension with an employer contribution of 28.97%
• 25 days of annual leave, increasing by a day each year up to a maximum of 30 days 
• an extra day off for The King’s birthday
• an in-year bonus scheme to recognise high performance
• career progression and coaching, including a training budget for personal development
• paid volunteering leave 
• a focus on wellbeing with access to an employee assistance programme
• job satisfaction from making government services easier to use and more inclusive for people across the UK
• advances on pay, including for travel season tickets
• death in service benefits
• cycle to work scheme and facilities
• access to children's holiday play schemes across different locations in central London
• access to an employee discounts scheme
• 10 learning days per year
• volunteering opportunities (5 special leave days per year)
• access to a suite of learning activities through Civil Service learning

CDDO offers hybrid working for all employees. This means that everyone does some working from home and also spends some time in their local office. You’ll agree to your hybrid working arrangement with your line manager in line with your preferences and business needs.

Any move to the Central Digital and Data Office from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk

Things you need to know

Selection process details

The standard selection process for roles at CDDO consists of:

• a simple application screening process - We only ask for a CV and cover letter of up to 750 words. Important tip - please ensure that your cover letter includes how you meet the skills and experience listed in the “person specification” section above
• a 60 minute video interview

Whilst we value the use of AI technology to enhance our daily work, we also value the personal touch and urge applicants to write responses without the use of AI to emphasise their own unique experiences.

Depending on how many applications we get, there might also be an extra stage before the video interview, for example a phone interview or a technical exercise.

In the event we receive a high volume of applications, we will conduct the initial sift against the lead criteria which is:

• communication (security architect)

Please note that this role requires SC clearance, which would normally need 5 years’ UK residency in the past 5 years. This is not an absolute requirement, but supplementary checks may be needed where individuals have not lived in the UK for that period. This may mean your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible.

In the Civil Service, we use Success Profiles to evaluate your skills and ability. This gives us the best possible chance of finding the right person for the job, increases performance and improves diversity and inclusivity. We’ll be assessing your technical abilities, skills, experience and behaviours that are relevant to this role.

For this role we’ll be assessing you against the following Civil Service Behaviours:

• Managing a Quality Service
• Communicating and Influencing 
• Working Together

We’ll also be assessing your experience and specialist technical skills against the following skills defined in the Government Digital and Data Profession Capability Framework for the (equivalent) Security Architect role:

• Communication (security architect).
• Enabling and informing risk-based decisions. 
• Analysis.

Recruitment Timeline

Role Closes: Tuesday 12th November 2024

Sift Completion: Tuesday 19th November 2024

Panel Interviews: Tuesday 26th November 2024

Candidates that do not pass the interview but have demonstrated an acceptable standard may be considered for similar roles at a lower grade.

A reserve list will be held for a period of 12 months, from which further appointments can be made.

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service D&I Strategy.

You may be aware that there are plans for the Government Digital Service (GDS) & the Central Digital & Data Office (CDDO) to move into the Department of Science, Innovation & Technology (DSIT). This move is to bring together the digital transformation of public services into one core department. The move itself will offer huge opportunities whilst allowing DSIT to lead the way and drive forward the new Government's digital agenda. 

As the announcement is relatively new, we are awaiting more detailed information. Therefore, we encourage you to apply for this role, and will keep you informed with updated information throughout the application process.

Feedback will only be provided if you attend an interview or assessment.