To coordinate and direct the production, delivery and dissemination of threat intelligence, to inform the overall security risk management process, whilst developing our intelligence capabilities for the future.
To provide expert security incident response, determining the risk and level of impact day to day business, including its customers and staff, and coordinating the appropriate response.
Develop the threat intelligence picture to provide operational situational understanding to senior leadership and the security risk management process.
Develop intelligence sharing relationships, present our intelligence capability across the wider government security network and connect into external intelligence and data sharing networks.
Ensure that the intelligence gathering and threat assessment procedures evolve in line with the government Professional Head of Intelligence Analysis (PHIA), incorporating industry best practice where practical.
Provide security related advice and guidance on the threat environment.
Lead and coordinate the response to major security incidents rated very high risk.
Ensure security incidents and breaches are managed effectively.
Develop and maintain security incident response policies, procedures and playbooks.
Develop incident response capabilities, including ensuring that incident response technology capabilities are sufficient for security requirements.
Lead the threat intelligence contribution to active security risk management, and the development of security counter measures to enable business operations.
Take the lead for identifying improvements to the Security Incident Response Plan.
Conduct and evaluate the outputs of security incident impact assessments, and where necessary, ensure security issues are addressed across the full range of security functions.
Align the incident response plans with Her Majesty’s Government (HMG) standards.
Lead on the development of threat intelligence processes across Security & Resilience business areas to the benefit of business operations.
Establish and maintain supplier security incident response plans and procedures.
Ensure the production and continuous review of security incident response plans, procedures and processes for SIRT (Security Incident Response Team).
Ensure timely and accurate Security Incident Response or Intelligence or Threat briefings and communications are issued to the Head of Cyber Resilience Centre, Chief Security Officer, and Department’s Senior Information Risk Owner, relevant stakeholders, delivery partners and other government departments, where appropriate, such as the Cabinet Office and GCHQ.
Provide expert stakeholder management to ensure remediation activities are focused on responding to security incidents in an effective and timely manner.
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensic Analyst (GCFA)
GIAC Certified Intrusion Analyst (GCIA)
CREST Certified Incident Manager (CCIM)
CREST Certified Threat Intelligence Manager (CCTIM), or equivalent qualification or equivalent experience in intelligence or incident management
BCS Certified Information Security Manager (CISM), or degree equivalent in Intelligence related studies, or equivalent industry experience.
Deep knowledge of the concepts of information security, and of current and emerging IT security, data protection and information risk principles and technologies.
Deep knowledge of ICT spanning a range of cyber security technologies, such as firewalls, intrusion detection and protection systems (IDS/IPS), and security information and event management (SIEM).
Experience of applying risk-based security controls in decision-making.
Deep understanding of the principal threat actors and vectors across the security discipline, including the cyber and physical environments.
Deep understanding of best practice in security incident management.
Highly developed analytical skills, with practical experience analysing threat intelligence and determining actions to take in a timely manner.
Deep understanding of Her Majesty’s Government (HMG) policies and standards.
Deep understanding, practical application and management of all aspects of the intelligence cycle.
Considerable experience of working in intelligence in an operational environment.
Awareness of software development languages.
Awareness of Agile project methodology (Agile ITIL), project (PRINCE2) or IT Management qualifications.
Well-developed leadership, communications, stakeholder management and interpersonal skills, with an ability to articulate complex issues in accessible language and influence senior management at board level and above.
Experience of managing suppliers to deliver a secure service in a complex environment with multiple service providers.
Planning and management skills.