About Police Digital Service
We exist to harness the power of digital, data and technology to enable UK policing to better protect the communities it serves. Ours is a team of experts in commercial services, technical assurance, data, digital transformation and innovation, with a unique experience in policing and national programme delivery.
Why Join us?
Balance is important and we want you to take time off to recharge - so we offer 28 days' annual leave plus bank holidays, rising to 30 days after 5 years of service.
We care about your well-being - we have an employee assistance programme that offers not just welfare benefits and counselling at the end of a telephone line but also discounts.
We want to help you plan for the future - so we offer an excellent pension scheme and life assurance cover.
We want you to be able to put your mind at rest regarding your health - offering remote GP, mental health and physiotherapy appointments via video consultation.
The Role and Responsibilities
The Cyber Compliance Specialist is responsible for monitoring compliance against national policing policy, standards, and security blueprints. It will offer an exciting opportunity to be involved in collaborative working with police data communities, key stakeholders, partners and suppliers. In particular, the duties of the role involve:
Advise and guide users on effective cyber risk management and compliance.
Identify cyber risks and advise on appropriate controls and mitigations, ensuring these are articulated in terms meaningful to the business.
Support the resolution of major compliance and risk issues and advise on cyber risk management decisions and remedial actions.
Advise where risks should not be tolerated and provide a point of escalation, using professional judgement and factoring in risk appetite.
Review, assess and assure cyber security documentation.
Advise on cyber risk management matters relating to the supply chain and managed service providers.
Contribute to the continuous improvement of agreed Cyber processes, policies and standards and advise on ongoing compliance.
Monitor technological, social and scientific trends that could influence PDS CS risk and compliance planning and management.
Contribute to the PDS Cyber Services Risk and Compliance monitoring plan.
Work with the Cyber Policies and Standards team to contribute to information security policies and standards.
Collaborate on the requirements, design, development and implementation of automated solutions.
Provide direction, oversight and guidance to security risk and compliance subcontractors.
Deliver the Police Assured Secure Facilities service and provide metrics to inform compliance and risk reporting.
Conduct Supplier Assurance for National Systems and services.
Work with Information Security and Risk training and education providers to uplift the skills, knowledge and capability of the UK Policing IS&R community.
Proven IT/Information security and risk experience in large organisations with complex security and compliance requirements.
Experience of conducting risk reviews in one or more of the following cloud service provider environments: Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP).
Experience in defining and/or implementing security controls across multiple layers of the IT architecture stack.
Strong knowledge and ability to demonstrate the use of the NIST Cyber Security Framework, mapping and translating NIST Cyber Security Controls to other frameworks such as ISO27001 and CIS Top 20 controls, including understanding of the Azure Cloud Adoption Framework.
Demonstrate a track record of developing strong working relationships with a wide number of stakeholders, particularly in managing expectations across a large number of disparate customer, supplier and stakeholder groups.
Experience delivering risk and issue remediation in large complex organisations.
Relevant knowledge and experience in one or more of the following areas: cloud security (security controls, assessments, privacy and regulatory risks, security frameworks), Security Operations, Infrastructure Security, Application Security and DevSecOps.
Good ability to undertake qualitative and quantitative risk analysis in support of business decision making and information risk management.
Analytical, literacy and numeracy skills sufficient to research, interpret, compile and write Risk and Compliance reports on PDS related issues.
Excellent understanding of both procedural & technical compliance monitoring capabilities.
Knowledge of supplier assurance frameworks and solutions.
Demonstrable knowledge of the latest IT thinking and risk modelling methods together with a proven ability to implement and incorporate such solutions into systems and services.
Ability to develop, with the aid of subject matter experts where appropriate, and implement appropriate risk mitigation actions for identified risks across the organisation.
The ability to produce clear, persuasive written and verbal communications which engage and influence colleagues and external stakeholders at a range of levels.
Good understanding of privacy requirements (including GDPR and DPA 2018).
Strong engagement focus and proactive style, that motivates, builds trust and inspires colleagues and other delivery partners to engage with PDS productively.
Experience implementing cyber risk management and compliance methodologies and processes.
Experience managing subcontractors providing technical risk consulting teams.
An industry recognised certification in Information Security and/or Risk Management
This is a fully remote contract