Cyber Product / Supply Chain Assurance Lead

The United Kingdom Health Security Agency (UKHSA) is a system leader for health security; taking action internationally to strengthen global health security, providing trusted advice to government and the public and reducing inequalities in the way different communities experience and are impacted by infectious disease, environmental hazards, and other threats to health.
UKHSA's remit, as an agency with a global-to-local reach, is to protect the health of the nation from infectious diseases and other external threats to health. As the nation's expert national health security agency UKHSA will:
+ Prevent: anticipate threats to health and help build the nation's readiness, defences and health security
+ Detect: use cutting edge environmental and biological surveillance to proactively detect and monitor infectious diseases and threats to health
+ Analyse: use world-class science and data analytics to assess and continually monitor threats to health, identifying how best to control and mitigate the risks
+ Respond: take rapid, collaborative and effective actions nationally and locally to mitigate threats to health when they materialise
+ Lead: lead strong and sustainable global, national, regional and local partnerships designed to save lives, protect the nation from public health threats and reduce inequalities., As part of its development and governance UKHSA is expanding the Cyber Security Division, building on its capability to provide a critical function in the protection of the UKHSAs digital assets, working closely with wider UKHSA security teams and stakeholders (Government Security Group, NCSC, Cabinet Office etc.) to build a resilient infrastructure, supporting the organisation in reaching its ambition to become a global leader for health security and becomes a critical component of our national security architecture.
This is an exciting opportunity to join the division in a specialist cyber assurance role. Reporting to the Head of Cyber Risk & Assurance, you will be responsible for the day-to-day management of cyber assurance activities, whilst reporting the cyber risk posture of the organisation to the Cyber Senior Leadership Team and internal stakeholders., This is a challenging role where you will be expected to:
+ Manage a team of cyber assurance professionals.
+ Continually develop and improve processes to provide assurance as to the cyber security of the UKHSA supply chain and associated products/services.
+ Provide pragmatic and balanced reporting, with an emphasis on identifying risks to the organisation posed by potential and current suppliers, their products and services.
+ Integrate into the cyber security area of business, and wider organisation, to identify opportunities, add value and promote the necessity of a robust and secure supply chain.
+ Engage colleagues in the wider cyber security team to ensure a consistent and joined up approach to delivery of services.
+ Manage the coordination of scheduled and reactive penetration testing.
+ On occasion, deputise for the Head of Cyber Risk and Assurance.

Working for our organisation
We pride ourselves as being an employer of choice, where Everyone Matters promoting equality of opportunity to actively encourage applications from everyone, including groups currently underrepresented in our workforce.
UKHSA ethos is to be an inclusive organisation for all our staff and stakeholders. To create, nurture and sustain an inclusive culture, where differences drive innovative solutions to meet the needs of our workforce and wider communities. We do this through celebrating and protecting differences by removing barriers and promoting equity and equality of opportunity for all., You will be required to complete an application form. You will be assessed on the above listed 4 essential criteria, and this will be in the form of a:
+ CV/ Application form ('Employer/ Activity history' section on the application)
+ 750 word Statement of Suitability.
This should outline how your skills, experience, and knowledge, provide evidence of your suitability for the role, with reference to the essential criteria.
The CV / Application form and Statement of Suitability will be marked together .
If you are successful at this stage, you will progress to interview and assessment.
Please do not exceed 750 words. We will not consider any words over and above this number.
Feedback will not be provided at this stage.
Stage 2: Interview (success profiles)
You will be invited to a (single) remote interview.
Behaviours, technical and experience will be tested at interview.
There will be a Presentation.
The Behaviours tested during the interview stage will be:
+ Making Effective Decisions
+ Seeing the Big Picture
+ Communicating and Influencing
+ Leadership
+ Working Together
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.
Eligibility Criteria
Open to all external applicants (anyone) from outside the Civil Service (including by definition internal applicants).
Security Clearance Level Requirement
Successful candidates must pass a disclosure and barring security check.
The successful candidate once in post will be required to obtain Security Check (SC) clearance.
For meaningful National Security Vetting checks to be carried out individuals need to have lived in the UK for a sufficient period of time. You should normally have been resident in the United Kingdom for the last 5 years as the role requires Security Check (SC) clearance. UK residency less than the outlined periods may not necessarily bar you from gaining national security vetting and applicants should contact the Vacancy Holder / Recruiting Manager listed in the advert for further advice.
IMPORTANT - PLEASE READ
Your application may be rejected and/or you may be subject to disciplinary action if evidence of plagiarism is detected. Examples of plagiarism can include presenting the ideas and experience of others, or generated by artificial intelligence (AI), as your own.
This is a Non-Reserved post under the Civil Service Nationality Rules. To be eligible for employment in the UK Civil Service applicants must meet the Civil Service Nationality Rules (CSNRs) which operate independently of and additionally to the Immigration Rules. Applicants must also meet necessary security and vetting requirements, along with any other relevant pre-employment checks.
This job is broadly open to the following groups:
+ UK nationals
+ nationals of the Republic of Ireland
+ nationals of Commonwealth countries who have the right to work in the UK
+ nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
+ nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
+ individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
+ Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
For more information on job nationality requirements and the right to work in the UK, see the Civil Service Nationality rules (opens in a new window) and the UK Visas and Immigration rules (opens in a new window)
For posts on UKHSA Civil Service terms and conditions, new entrants to the Civil Service are expected to start on the minimum of the pay band. For existing Civil Servants and roles advertised across government, the rules of transfer apply, i.e., level transfers move on current salary or the pay range minimum, transfers on promotion move to new pay range minimum or receive a 10% increase. Either case is determined by whichever is the highest.
The Civil Service pay structure and progression is different from NHS Agenda for Change (AfC), most local authority pay grades and other systems that have annual pay increments. For further details, please refer to the Information Sheet- Starting Salaries & Benefits attachment.
For AfC or Medical/Dental posts, you must have the correct professional registration to be appointed. The pay will follow the AfC or Medical & Dental terms & conditions. You may be asked to provide evidence of previous service whilst we are conducting pre-employment checks to determine your starting salary.
For Temporary Appointments, if you are not currently a civil servant, you will take up the post on a Fixed Term appointment. If you are an existing Civil Servant, based outside of the UKHSA, you will take up the post as a loan which you will need your department to agree. You can not take the post up as a fixed term. If you are an existing UKHSA member of staff, you will take up the post as either a level transfer or a temporary promotion as per the UKHSA's Pay policy.
Given the nature of the work of the UKHSA, as a Category 1 responder under the Civil Contingencies Act, you may be required in an emergency, if deemed a necessity, to redeploy to another role at short notice. You may also be required to work at any other location, within reasonable travelling distance of your permanent home address, in line with the provisions set out in your contract of employment.
Late Applications will unfortunately not be considered.

Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equality of opportunity. The law requires that selection for appointment to the Civil Service is on merit on the basis of fair and open competition, as outlined in the Civil Service Commission's Recruitment Principles.
If you feel your application has not been treated in accordance with the Recruitment Principles, and you wish to make a complaint, in the first instance, you should contact UKHSA Public Accountability Unit via email: [email protected] If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission: Visit the Civil Service Commission website here.
Reserve List - If more than the required number of suitable candidates pass the interview criteria, you may be kept on a reserve list for 12 months subject to your agreement. You may be contacted, in merit-order, if similar roles with closely matching essential criteria become available and the department choose to appoint from a reserve list.
Interview expenses will not be reimbursed.
UKHSA is required to check employment and/or education history covering three consecutive years. Please ensure you give details of at least two different referees, even if you were employed in one company for three years or more.
If you are offered a job, information will also be transferred into the national NHS Electronic Staff Records system. Please note, all communication regarding your application will be made via email, please ensure you check your junk/spam folders as emails are sometimes filtered there.
Any move to UKHSA from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/.
Benefits of working at UKHSA include

The candidate must be comfortable to work flexibly and operate in a highly ambiguous environment while the Agency continues its transformation journey and defines its organisational culture. The ability to identify and understand challenges to find creative solutions will be critical as will strength in managing and building relationships across the organisation, undertaking effective collaboration at fast pace, both internally and externally to UKHSA. They will be expected to work on their own initiative but know when to seek direction or decision.
The candidate will be expected to engage various stakeholders across UKHSA to establish and manage cyber risk. In doing so, you will need to be analytical, pragmatic and innovative in developing and delivering effective cyber assurance activities across the organisation.
The successful candidate will understand the requirements of corporate governance, the relationships between enabling functions and how they contribute to the wider organisational mission., + Knowledge and experience of SAAS security principles.
+ Proven cyber risk management and/or cyber security experience across broad range of areas in large complex organisations. This experience could have been gained from the public or private sectors.
+ An understanding of risk management methodologies.
+ A good understanding of cyber security and information security management systems.
Selection Process Details:
This vacancy is using Success Profiles and will assess your Behaviours/Ability/ Experience/Technical skills.

Plus public holidays and one privilege day for the King's birthday
+ Access to a generous Defined Benefit pension scheme with employer contributions.
+ Access to a cycle-to-work salary sacrifice scheme, season ticket advances and payroll giving.
+ Access to a retail discounts and cashback site.
+ We also promote flexible working patterns (part-time, job-share, condensed hours). UKHSA views flexible working as essential in enabling us to recruit and retain talented people, ensuring that they are able to enjoy a long-lasting career with us. All employees have the right to apply for flexible working and there are a range of options available including working from home, compressed hours and job sharing.
+ We also offer a generous maternity/ paternity and adoption leave package.
Hybrid Working
UKHSA operates a hybrid working model where business needs allow. This provides us with greater flexibility about how and where we work, to get the best from our workforce.
As a hybrid worker, you will usually spend a minimum of 60% of your contracted hours (averaged over a month) working at one of UKHSA's locations (approximately 3 days a week pro rata) and the rest of your time working from home.
Disability Confident Scheme
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme for candidates with disabilities who meet the minimum selection criteria at sift to ensure these candidates are invited to interview. If you wish to be included in this scheme please tick the box on your application form.
Reasonable Adjustments
The Civil Service is committed to making sure that our selection methods are fair to everyone.
To help you during the recruitment process, we will take into account any reasonable adjustments that could help you.
An adjustment is a change to the recruitment process or an adjustment at work.
This is separate to the Disability Confident Scheme.
If you need an adjustment to be made at any point during the recruitment process you should:
Contact the recruitment team in confidence as soon as possible to discuss your needs.
You can find out more information about reasonable adjustments across the Civil Service here: https://www.civil-service-careers.gov.uk/reasonable-adjustments/
International Police Check
If you have spent more than 6 months abroad over the last 3 years you may need an International Police Check. This would not necessarily have to be in a single block, and could be time accrued over that period.