copfs application pack head of cybersecurity and resilience · 2018. 2. 9. · 3 | p a g e...
TRANSCRIPT
1 | P a g e www.copfs.gov.uk
COPFS Application Pack
Head of Cybersecurity and Resilience
2 | P a g e www.copfs.gov.uk
Contents
Introduction 3
Vacancy Information 4-8
Competencies 9-15
3 | P a g e www.copfs.gov.uk
Introduction
This pack is to guide you through the recruitment process for the role of Head of Cybersecurity and Resilience. It is vital that you read
this carefully as hints and tips are contained.
If you have any further questions or require the application pack in an alternative format, you can contact:
Email - [email protected]
Telephone – 0300 020 3218
For further information about COPFS please visit our website - http://www.copfs.gov.uk/about-us/about-us
4 | P a g e www.copfs.gov.uk
Vacancy Information
Job Title Head of Cybersecurity and Resilience
Function & Unit Business Services, Information Systems Division - Enterprise Solutions
Location Crown Office, 25 Chambers Street, Edinburgh, EH1 1LA
Grade Band F
Eligibility All candidates who meet the essential criteria are eligible to apply
No of Vacancies 1
Contract Terms Full time, Permanent
Salary: £48,692 - £55,542 per annum + £4,000 IT allowance + COPFS benefits package
The IT allowance is payable immediately to candidates possessing the necessary IT skills and experience.
Please note that any application for the post will be expected to meet the standard working requirements of the
vacancy unless approval has been sought by the applicant through the HR Resourcing Team in advance of
application.
Job Description:
Main Duties
Information Systems Division (ISD) delivers and supports an enterprise portfolio of efficient, resilient, innovative
and secure IT services to meet COPFS’ business needs. ISD will play a crucial role in implementing COPFS’ digital
strategy by developing sustainable digital and information solutions that modernise, innovate and transform the
delivery of user focused services and to improve the way our organisation works.
This post, part of a number of targeted posts being advertised to enhance ISD’s operational and strategic delivery
capabilities, offers an exciting opportunity to manage and lead the ISD Cybersecurity and Resilience team
responsible for providing secure IT infrastructure and enterprise digital services to COPFS’ internal and external
customers and stakeholders. Reporting directly to the Director of IT, the post-holder will have responsibility for
the successful delivery of threat and vulnerability management solutions, security controls and policies, technical
security risk assessments, IT security operating systems and for developing responsive and coordinated
cybersecurity incident management processes. The post-holder will also play an important part in providing
5 | P a g e www.copfs.gov.uk
expert technical security advice and knowledge to influence the design and operation of COPFS’ IT systems and to
put in place cross-ranging cyber resilience planning and processes.
The duties of the post will include:
Leading and developing a new and focused team providing professional IT cybersecurity and resilience
functions, services and expert advice.
Defining and developing IT security and information assurance policies and procedures, information sharing
agreements and supplier/vendor security working practices.
Maintain appropriate security measures and mechanisms to guard against unauthorised access to
electronically stored and/or transmitted secure information and protect against anticipated threats and
vulnerabilities.
Lead responsibility for the management and timely submission of COPFS’ PSN, PSNP and Cyber Essentials
Framework accreditations.
Writing and presenting RMADS to lead managers and to the Director of IT/Accreditor.
Providing effective leadership, relationship-building, interpersonal and stakeholder management skills to
engage effectively with wide ranging internal and external customers and stakeholders, government security
agencies/contacts and service suppliers.
Responsibility for assuring the technical design and configurations of COPFS’ enterprise IT infrastructure and
information systems operate securely and reflects industry best-practice and compliance standards.
Evangelist for IT cybersecurity and resilience planning and for ensuring COPFS’ policies, practices and IT
systems keep pace with latest cyber threat protection guidance and changing technology developments and
innovation.
Manage IT and cyber security related incidents and problems throughout their lifecycle and act as an
interface for executive management into operational security related matters.
Working in close partnership with COPFS’ Departmental Security Officer (DSO) to coordinate, manage and
deliver COPFS’ security policies and procedures and to provide key metrics and management reports on
security matters.
Member of COPFS’ IT Security Group and other relevant project boards and corporate committees.
Member of ISD’s senior leadership team, providing senior management functions and accountability for
delivering and developing ISD’s business activities.
Information about ISD provides wide ranging IT infrastructure, information systems and digital services to 1,600+ COPFS users
located in offices throughout Scotland and to external customers and stakeholders. ISD is involved in a number
6 | P a g e www.copfs.gov.uk
the Office/Unit/Team
of innovative and continuous improvement projects to support business needs and to deliver COPFS’ digital
strategy aims. Headed by the Director of IT, ISD is organised in four main groups: Enterprise Solutions;
Enterprise Technologies; Enterprise Applications; Cybersecurity and Resilience. ISD has around 50 permanent
team members plus additional contractor staff based in its offices in Edinburgh and Glasgow.
The post-holder, reporting directly to the Director of IT, will lead the ISD Cybersecurity and Resilience team. The
IT Security Officer (ITSO) will report to the post-holder.
Person Specification The efficient and secure processing, transmission and storage of information is core to COPFS’ business
operations. COPFS is also embarking on the implementation of a major digital strategy transformation
programme. This role is central in providing the technical skills, expertise and knowledge to continuously develop
COPFS’ cybersecurity systems, policies and resilience measures and to apply sustainable cyber security planning
that underpins the design and delivery of COPFS’ digital services to its customers and stakeholders.
All competencies, as indicated within the Competency Framework, are relevant to the role and illustrate the level
of competence expected of an employee in this grade. However for the purposes of assessment the following
competencies will apply:
Changing and Improving;
Making effective decisions;
Collaborating and Partnering;
Managing a quality service.
Please refer to the COPFS Competency Framework for full guidance.
The board may decide in advance of the interviews that they require further evidence to assess candidates for
specialist or senior positions in the Service. Further assessment may include presentation on a relevant topic at
interview, the submission of a piece of written work prior to the interview, or completion of an online/technical
assessment.
Candidates will be informed if further selection methods will be implemented.
Essential Criteria This Head of Cybersecurity and Reliance role will require the post-holder to provide expert and trusted strategic,
operational risk mitigation and technical advice, guidance and support on COPFS’ cyber security, both for its
operational IT systems and to contribute to ISD’s delivery of projects and implementation of the Digital Strategy.
They will be conversant with all facets of cyber security, including the formulation and implementation of policies,
7 | P a g e www.copfs.gov.uk
practices and monitoring of systems and be able to manage and drive security related projects and improvement
initiatives. They will understand the full extent of the integration of complex and integrated information systems
and applications technologies and how they must fit with the organisations enterprise IT infrastructure.
The essential criteria for this post are outlined below. Candidates will be required to fully demonstrate their
technical competencies at interview.
Proven track-record and broad experience in the management and delivery of compliant IT and
cybersecurity policies and protection solutions in a government or enterprise level organisation.
Experience of evaluation, certification and accreditation of IT and information systems to HMG or other
regulated security scheme requirements.
Demonstrable experience in reviewing and developing security policies, including Risk Management
Accreditation Document Set (RMADS) and other associated security accreditation and compliance
documentation.
Comprehensive technical understanding of a broad range of enterprise security technologies and
architecture, including but not exclusively, intrusion detection, anti-virus, firewalls, DMZ, secure
information architecture, patch management and encryption systems.
Proven track record in working closely with IT infrastructure and digital solutions architects to ensure that
security and accreditation design and operational aspects are adequately addressed.
Experience in overseeing and supporting IT health checks, including defining the scope, interpretation of
results and providing guidance on implementation of remedial actions.
Excellent communications and interpersonal skills, with proven experience of effective relationship-building
and ability to present and communicate written and verbal communications with internal and external
stakeholders and accreditors at all levels.
Desirable Criteria The desirable criteria is set out below:
Appropriate BCS information security management or other cyber security management related
qualifications such as CISSP, CISM, and ISO.
Experience of ISO 27001 information security management.
Experience of assessment and accreditation to the HMG PSN or PSNP schemes.
Detailed understanding of information security standards, good practice frameworks and other relevant
8 | P a g e www.copfs.gov.uk
documentation and guidance issued by CESG.
Experience of successfully managing and developing a team of IT professionals, contractors or external
suppliers.
Special conditions of
post
The post-holder will be based in our Crown Office at 25 Chambers Street, Edinburgh. The post-holder is,
however, required to work regularly from our Edinburgh and Glasgow offices and travel is therefore required for
business and meeting purposes, as is some occasional travel to other COPFS or stakeholder office locations.
There is an expectation that the successful candidate will, from time-to-time, consider working overtime during
weekday evenings and at weekends to meet business needs. This is not mandatory. As an ISD IT professional,
you will participate in the British Computer Society’s Professional Development Scheme.
The successful candidate will be subject to the appropriate UK national security vetting processes to obtain the
necessary security clearances required for this role in COPFS.
Other conditions of
post
Successful candidates will be expected to remain within their new post for a minimum of two years unless they
are successful in obtaining a post in a higher grade or moved to address a business need.
Additional
Information can be
obtained from
Keith Dargie
0300 020 3613
Please return completed application forms to [email protected] no later than 5pm on the closing
date.
Job Advert Published 9th February 2018
Closing Date 23rd February 2018 at 5pm
9 | P a g e www.copfs.gov.uk
Competencies
Competency Framework for Recruitment & Selection
Selected Competencies – Head of Cybersecurity and Resilience
COPFS Competency Framework
The COPFS Competency Framework applies to all staff. The Competency Framework has been developed to recognise the general range
of skills and behaviours expected across all job roles within COPFS. It is based on the same competency framework used by nearly all
other Civil Service organisations. The COPFS Competency Framework is central in understanding how best to use the considerable
resources available in Civil Service Learning. This includes access to National Occupational Standards (NOS), recognised nationally in
industry and Government as indicators of how professionals should be performing. COPFS Learning & Development can provide advice
about management development in particular to a level 7 of the Chartered Management Institute standard.
Competencies: Recruitment and Selection
The Competency Framework enables COPFS to recruit and select staff by considering evidence on how an individual achieved an objective
or completed a task. It further allows selection based on specific past occurrences which can be indicators of future behaviours or
performance.
The Competency Framework should give all candidates an equal opportunity to describe their behaviours when working towards an
objective or performing a task.
All candidates should refer to the document “A Candidates Guide to Competency Based Selection” which is part of your recruitment pack
for a fuller explanation of Competency based selection. Office and Procurator Fiscal Service Com
Competency Levels
Competency levels determine the level that someone would be expected to demonstrate indicative behaviours in their day to day work
and interaction with others, these differ by grade. The levels go from level one up to level six. It would be assumed that someone
performing at level six would be aware of and routinely performing at levels one to five.
10 | P a g e www.copfs.gov.uk
COPFS Core Competency Levels
Co
mp
ete
ncy L
evels
by G
rad
e
Level 1
Band B
Level 2
Band C
Level 3
Band D
& E, PFD,
SPFD
Level 4
Band F,
PPFD & G
Level 5
SCS 1
&1A
Level 6
SCS 2 &
3
Leading and Communicating
1 2 3 4 5 6
Collaborating and Partnering
1 2 3 4 5 6
Managing a Quality
Service
1 2 3 4 5 6
Delivering at Pace 1 2 3 4 5 6
Making Effective Decisions
2 3 4 5 6
Building Capability for All 3 4 5 6
11 | P a g e www.copfs.gov.uk
Changing and Improving 3 4 5 6
Delivering Value for Money
5 6
Achieving Commercial
Outcomes
5 6
Seeing the Big Picture 5 6
For the purposes of this role, only
the behavioural indicators for the
competencies required have been
provided below (level 4)
12 | P a g e www.copfs.gov.uk
SETTING DIRECTION – Changing and Improving
Description People who are effective in this area are responsive, innovative and seek out opportunities to create effective change.
For all staff, it’s about being open to change, suggesting ideas for improvements to the way things are done, and
working in ‘smarter’, more focused ways. At senior levels, this is about creating and contributing to a culture of
innovation and allowing people to consider and take managed risks. Doing this well means continuously seeking out
ways to improve policy implementation and build a leaner, more flexible and responsive Civil Service. It also means
making use of alternative delivery models including digital and shared service approaches wherever possible
Effective Behaviour People who are effective are likely
to…
Ineffective Behaviour People who are less effective
are likely to…
Level Four Understand and identify the role of technology in
public service delivery and policy implementation
Encourage a culture of innovation focused on adding
value – give people space to think creatively
Effectively capture, utilise and share customer insight
and views from a diverse range of stakeholders to
ensure better policy and delivery
Spot warning signs of things going wrong and provide
a decisive response to significant delivery challenges
Provide constructive challenge to senior management
on change proposals which will affect own business
area
Consider the cumulative impact on own business area
of implementing change (culture, structure, service
and morale)
Ignore developments in technology that could
benefit public service delivery and policy
implementation
Take a narrow and risk averse approach to
proposed new approaches by not taking or
following up on ideas seriously
Fail to effectively capture, utilise and share
customer insight appropriately in the development
of policies and services
Remain wedded to the course that they have set
and unresponsive to the changing demands of the
situation
Spend limited time on engaging experts and
relevant individuals in developing and testing
proposals, failing to pass on relevant staff
feedback
Give limited time to acknowledging anxieties and
overcoming cynicism
13 | P a g e www.copfs.gov.uk
SETTING DIRECTION – Making Effective Decisions
Description Effectiveness in this area is about being objective; using sound judgement, evidence and knowledge to provide accurate,
expert and professional advice. For all staff, it means showing clarity of thought, setting priorities, analysing and using
evidence to evaluate options before arriving at well-reasoned justifiable decisions. At senior levels, leaders will be
creating evidence based strategies, evaluating options, impacts, risks and solutions. They will aim to maximise return
while minimising risk and balancing social, political, financial, economic and environmental considerations to provide
sustainable outcomes.
Effective Behaviour People who are effective are
likely to…
Ineffective Behaviour People who are less effective are
likely to…
Level Four
Push decision making to the right level within
their teams, not allow unnecessary bureaucracy
and structure to suppress innovation and delivery
Weigh up data from various sources, recognising
when to bring in experts/researchers to add to
available information
Analyse and evaluate pros and cons and identify
risks in order to make decisions that take account
of the wider context, including diversity and
sustainability
Draw together and present reasonable
conclusions from a wide range of incomplete and
complex evidence and data – able to act or decide
even when details are not clear
Identify the main issues in complex problems,
clarify understanding or stakeholder expectations,
to seek best option
Make difficult decisions by pragmatically weighing
the complexities involved against the need to act
Involve only those in their peer group or direct
reporting line in decision making
Underestimate the work required to consider all the
evidence needed and do not involve experts
sufficiently early
Take decisions without regard for the context,
organisation risk, alignment with wider agendas or
impacts (economic, social and environmental)
Get confused by complexity and ambiguity and
consider only simple or straightforward evidence
Rely too heavily on gut instinct and provide unclear,
incoherent or illogical analysis of core issues
Make expedient decisions that offer less resistance or
risk to themselves rather than decisions that are best
for the business
ENGAGING PEOPLE – Collaborating and Partnering
Description People skilled in this area create and maintain positive, professional and trusting working relationships with a wide range of
people within and outside the Civil Service to help get business done. At all levels, it requires working collaboratively,
sharing information and building supportive, responsive relationships with colleagues and stakeholders, whilst having the
14 | P a g e www.copfs.gov.uk
confidence to challenge assumptions. At senior levels, it’s about delivering business objectives through creating an inclusive
environment, encouraging collaboration and building effective partnerships including relationships with Ministers.
Effective Behaviour People who are effective are likely
to…
Ineffective Behaviour People who are less effective
are likely to…
Level Four Actively build and maintain a network of colleagues
and contacts to achieve progress on objectives and
shared interests
Demonstrate genuine care for staff and others – build
strong interpersonal relationships
Encourage contributions and involvement from a
broad and diverse range of staff by being visible and
accessible
Effectively manage team dynamics when working
across Departmental and other boundaries
Actively involve partners to deliver a business
outcome through collaboration that achieves better
results for citizens
Seek constructive outcomes in discussions, challenge
assumptions but remain willing to compromise when
it is beneficial to progress
Only seek to build contacts in immediate work group,
neglect to create a wider network beyond this
Neglect to maintain relationships during difficult
times
Operate within a narrow frame of reference and avoid
adopting a fuller perspective with associated
complexity
Be overly protective of own initiatives and miss
opportunities to network across boundaries
Struggle to manage, or actively ignore other parties’
agendas
Push forward initiatives on basis of personal agenda
or advantage and refuse to compromise; stay
wedded to one outcome
DELIVERING RESULTS – Managing a Quality Service
Description Effectiveness in this area is about being organised to deliver service objectives and striving to improve the quality of
service, taking account of diverse customer needs and requirements. People, who are effective plan, organise and manage
their time and activities to deliver a high quality and efficient service, applying programme and project management
approaches to support service delivery. At senior levels, it is about creating an environment to deliver operational
excellence and creating the most appropriate and cost effective delivery models for public services
Effective Behaviour People who are effective are
likely to…
Ineffective Behaviour People who are less effective
are likely to…
15 | P a g e www.copfs.gov.uk
Level Four Exemplify positive customer service behaviours and
promote a culture focused on ensuring customer
needs are met
Establish how the business area compares to
customer service expectations and industry best
practice and identify necessary improvements in
plans
Make clear, pragmatic and manageable plans for
service delivery using programme and project
management disciplines
Create regular opportunities for staff and customers
to help improve service quality and demonstrate a
visible involvement
Ensure the service offer thoroughly considers
customers’ needs and a broad range of available
methods to meet this, including new technology
where relevant
Ensure adherence to legal and regulatory
requirements in service delivery and build diversity
and equality considerations into plans
Take little action when customer needs are not being
met
Ignore external trends that impact on the business
area
Allow programmes or service delivery to lose
momentum and focus and have no contingencies in
place
Make changes to service delivery with minimal
involvement from others
Maintain a limited or out-dated view of how to
respond to customers’ needs
Disregard non–compliance with policies, rules and
legal requirements and allow unfair or discriminatory
practices