Senior Cyber Security Risk Advisor

About the job


The Office for National Statistics (ONS) is the UK’s largest producer of official statistics, covering a range of key economic, social and demographic topics. These include measuring changes in the value of the UK economy, estimating the size, geographic distribution and characteristics of the population, and providing indicators of price inflation, employment, earnings, crime and migration.

The Senior Cyber Security Risk Advisor role forms part of the Advisory Security team within the Security and Information Management Division at ONS. The role reports to the Security - Advisor Lead Practitioner.

The primary focus of the role is to provide the ONS business with security advice in the development of new integrated data system which will transform analysis and the delivery of public services across Government. By enabling access to linked data, it will be possible to support better policymaking and evaluation, and delivery of Government priorities for all.

The role will focus on best practice to develop ‘Secure by Design’ protections for organisational assets and embed the ONS Security Framework - principles; policies; processes; threat model; security risk management into the ONS.


Job description

Key outcomes from the role are the identification of security risk within the business context, the identification of appropriate mitigation approaches for business selection and the management of these options through to implementation within the live service. The security advice provided will be informed by threat, vulnerability and risk analysis for business and third parties.

The successful candidate will:

• Work with multi-disciplinary internal and supplier teams to identify security risk to ONS products and operations and oversee the management of mitigation options to business stakeholders;
• Compile and maintain security risk identification and mitigation progress, report progress on reducing security risks to senior business stakeholders;
• Deliver high-quality security risk advice and support to security and business stakeholders working on digital product development and operations to achieve the best security outcomes that support business needs;
• Be a point of challenge to security and business ideas for resolving risk and suggesting changes to existing approaches where security is not being considered as fully as expected or security is potentially too burdensome for the risk identified;
• Have broad knowledge of managing security risk for common enterprise application, infrastructure and network technologies, including within cloud environments;
• Be someone who can help with digital technology and business operations design who will liaise regularly with internal ONS security colleagues;
• Be a self-directing and proactive to ensure security risk advice is communicated across the appropriate project teams and to convey technical security messages clearly across ONS business areas;
• Be capable for presenting complex security issues to business stakeholders in ways that convey understanding.



• Supporting the development of business-focused security solutions for digital products and business operations that cover data collection, storage and processing, deployed both internally and externally;
• Identifying security threat and risk to ONS digital products and business operations being developed through Agile methodologies and Supplier processes;
• Advising on appropriate security controls and mechanisms that could be used to mitigate identified security risk;
• Ensuring that security risk identified, recorded, tracked and presented in understandable forms for senior business stakeholders;
• Consulting with internal ONS security stakeholders to ensure that the solutions deployed are secure and fit for purpose;
• Liaising with ONS business, technology and security colleagues to ensure various business needs are understood and applied, including providing general security architecture, guidance and advice to the stakeholders;
• Advising on opportunities for using secure and open source products and any implications of such an approach.


Person Specification

Essential criteria:

• Knowledge of government and international security standards and experience of applying these in a business context across people process, technology and physical implementations
• Sound knowledge of modern enterprise architectures including data transmission, storage and processing, virtualisation and cloud technologies
• Changing and improving: Ability to input and work closely with internal and Supplier development project teams to ensure security is considered at all development stages of web applications and architecture
• Communicating and influencing: Excellent communicator and stakeholder manager with experience of working within multi-disciplinary delivery teams
• Experienced security risk advisor or security architect with recognised qualifications.


We'll assess you against these behaviours during the selection process:

  • Seeing the Big Picture

  • Changing and Improving

  • Working Together

  • Delivering at Pace

  • Making Effective Decisions


The Office for National Statistics is part of the Civil Service, and as such we share a number of key benefits with other departments, whilst also having our own unique offerings to support our 5000+ valued employees across the business.

Whether you are hearing about us for the first time or already know a bit about our organisation, we hope that the benefits pack attached (bottom of page) will give you a great insight into the benefits and facilities available to our employees, and our fantastic working culture.

We are an organisation that takes the well-being of its employees seriously and lives and breathes the desire to modernise the workplace of the future. Everyone, from our office-based staff in Newport, London and Titchfield, to our field interviewers and airports and ports passenger survey staff, are part of a diverse and inclusive family.


Inclusion & Accessibility

At ONS we're always looking to attract the very best people from the widest possible talent pool, and we are proud to be an inclusive, equal opportunities employer. As a member of the Business Disability Forum and a Disability Confident Leader we’re committed to ensuring that all candidates are treated fairly throughout the recruitment process.

As part of our application process, you will be prompted to provide details of any reasonable adjustments to our recruitment process that you need. If you would like to discuss any reasonable adjustments before applying, please contact the recruitment team in the first instance.

If you would like an accessible version of any of the attachments or recruitment documents below or linked to in this advert, please contact the recruitment team who will be happy to assist.


Things you need to know


Successful candidates must pass a disclosure and barring security check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check.

People working with government assets must complete basic personnel security standard checks.

Selection process details

This vacancy is using Success Profiles, and will assess your Behaviours and Experience.

Assessment at application stage will be based on your personal statement.

Your personal statement should be no longer than 1250 words. You should use this space to provide evidence for each essential criteria within the person specification. As the criteria are scored, we would recommend that you give clear examples for each including the impact of your actions. Success Profiles Behaviour examples are not required at this stage.

In cases where there is a high number of applications the sift pass mark may be adjusted and candidates will be invited to interview in merit order, i.e. those scoring the highest.

Should you be invited to interview, you will be assessed using various assessment techniques aligned to the new Civil Service Success Profiles, where you'll be assessed against all the behaviours outlined in the advert.

In certain circumstances, interviews may be conducted by Video Conference.

A reserve list may be held for a period up to 12 months from which further appointments may be made.

The Sift will be conducted from 05/10/2020
Interviews will be conducted from 13/10/2020