The Head of Digital Security will rapidly scale the Digital Security Programme to ensure support for the full implementation and scalability of all online offerings. It will include other digital services and focus on minimising the risk of financial fraud and error. The Digital Security Agenda must include the integration of all information, network, end point, infrastructure, transaction and data analytics domains. The digital security strategic roadmap must include Architecture, Risk and the incorporation of cutting-edge tools, techniques and capabilities.
This role is for a highly specialised and technical senior leader who will report into the Chief Security Officer (CSO). As head of digital security, a wide range of skills and techniques are needed to mitigate and manage online financial transaction risks across all business areas. The post holder must have a working knowledge of digital security architecture, data security and analytics, as well as an appreciation of industry solutions and their application to the field of digital and online financial services.
• Create, own, deliver and maintain a strategic digital security plan for online financial transactions within a cyber-security environment. The plan will form part of the overall CSO strategic roadmap.
• Develop new technologies such as advanced analytics to be applied to user behaviours, at end points, networks and applications (user and entity behaviour analytics – UEBA). Working with the Department’s cyber resilience centre (CRC) must incorporate the work from UEBA into existing Security Information and Event Management (SIEM) and Big Data Analytics currently being applied across all services.
• Drive tactical and strategic security tooling improvements for the Department’s digital services. This will require knowledge of the design and deployment of next-generation Identity and Access Management (IAM) with a pragmatic approach to supporting business needs.
• Manage and maintain relationships with key strategic security suppliers in the digital arena including areas such as Cloud/SaaS based services.
• Design and implement the digital transaction analytics platform to protect and assure digital services; and implement real-time analytics to detect unusual patterns identifying fraud, error and security incidents which feed directly into the security risk management process.
• Define, design and implement appropriate controls to mitigate against the risks of cyber-attacks and mitigate vulnerabilities across the digital services and enterprise applications - integrating ISO/IEC 27001 and 27002 principles and controls.
• Understanding of agile development, scrum (or similar methodologies) and DevOps environment and the application of security within these environments.
• Ability to translate strategic priorities into clear outcome-focused objectives for managers and provide the energy and drive in achievement of these objectives.
• Knowledge of application layer security, transaction analytics and data security. This should incorporate knowledge of data, data protection, encryption techniques and encryption key management.
• Technical understanding of new technologies such as block chain.
• Strong leadership and team management skills. Ability to lead from the front, ensuring visibility and communicating in a straightforward, truthful and candid way.
• Understanding of how to work in collaboration with a security risk framework. Encourages and establishes principles of working effectively across boundaries to support the business.
• A thorough understanding of IAM, and associated policy and controls to manage and address new vulnerabilities as they become known.
• Knowledge and hands-on background of software development, software coding, programming and team management.
• Technical background, with previous hands-on experience of Java and SQL. Technical knowledge of security solutions which incorporate areas such as encryption, multifaceted, and multifactor authentication.
• Full understanding of the SDLC including testing.
• Ability to communicate across the organization and at all levels; approachable, delivering business objectives through creating an inclusive environment, welcoming challenge however uncomfortable.
• Ability to translate the technical into business relevant communication inspiring staff and delivery partners to engage fully with long-term vision and purpose of the Department, supporting them to make sense of change.
• Strong team player, able to work collaboratively, share information appropriately and build supportive, trusting and professional relationships with colleagues and a wide range of people inside and outside the Civil Service, whilst having the confidence to challenge assumptions.
• Ability to lead change turning ambiguity into opportunity. Communicate with conviction and clarity in the face of tough negotiations or challenges, surface tensions and resolve ambiguities.
• CISSP (ISC2) Certified Information Systems Security Professional
• CCSP (ISC2) Certified Cloud Security Professional
• TOGAF architectural framework
• CRISC Certified Risk and Information Systems Control (ISACA)
• Leading and Communicating
• Collaborating and Partnering
• Delivering at Pace
• Making Effective Decisions