At a Glance
- Tasks: Lead Secure by Design initiatives and conduct risk assessments across digital services.
- Company: Join a leading firm focused on cybersecurity in the MOD and Public Sector.
- Benefits: Competitive salary, flexible working options, and opportunities for professional growth.
- Other info: Dynamic role with mentorship opportunities and a focus on continuous improvement.
- Why this job: Make a real impact on security practices while working with cutting-edge technology.
- Qualifications: Experience in cybersecurity frameworks and strong stakeholder management skills.
The predicted salary is between 60000 - 75000 £ per year.
Key Responsibilities
- Secure by Design Leadership
- Lead Secure by Design discovery and assessment activities across digital services and portfolios.
- Provide Secure by Design risk and security assurance functions within MOD/Public Sector accounts.
- Define pragmatic security control expectations aligned to service context and business risk appetite.
- Coach delivery teams to adopt secure working practices in Agile and iterative environments without impeding delivery speed.
- Risk Assessment & Threat Modelling
- Conduct cyber risk assessments using NIST 800-30/37 (rev.5), ISO 27005, and NIST Cyber Security Framework (CSF).
- Perform threat modelling using STRIDE, attack trees, and other contemporary analytical methods.
- Identify vulnerabilities, threats, impacts, and control gaps to inform risk treatment decisions.
- Carry out technical and control-based risk assessments, incorporating outcomes of architecture reviews and testing activities.
- Risk Treatment & Remediation Planning
- Develop actionable, prioritised risk remediation plans, including responsibilities, timelines, and mitigation steps.
- Provide pragmatic and business-aligned risk remediation guidance, balancing operational needs with security obligations.
- Work closely with risk owners and technical leads to negotiate and agree treatment strategies.
- Governance, Assurance & Reporting
- Support governance and assurance forums by articulating risk, mitigation options, and residual exposure.
- Produce concise, informative documentation including risk assessment reports, threat modelling outputs, vulnerability and control analysis, and residual risk statements.
- Validate that required control patterns, assurance activities, and security testing have been completed.
- Stakeholder Collaboration & Workshops
- Facilitate security, risk, and threat modelling workshops with multi-disciplinary teams and Authority stakeholders.
- Engage with business and technical stakeholders to ensure alignment with broader transformation goals and regulatory requirements.
- Work with MOD/Public Sector teams to ensure security expectations and compliance obligations are met.
- Compliance & Evidence Production
- Identify, collect, and review evidence demonstrating compliance with Secure by Design principles.
- Produce documentation including risk assessments, security testing results, evidence packs for Secure by Design compliance, and residual risk reports.
- Leadership, Coaching & Knowledge Sharing
- Mentor junior consultants, technical specialists, stakeholders and program across multiple business units.
- Produce and deliver awareness sessions on Secure by Design, secure development, governance, and best practice.
- Promote a culture of continuous security improvement.
Skills & Experience Required
- Eligibility for UK security clearance.
- Proven experience leading Secure by Design across portfolios or multiple digital services.
- Strong experience supporting MOD, Defence, or UK Public Sector clients.
- Deep expertise in cybersecurity risk frameworks including NIST 800-30/37, ISO 27005, and NIST CSF.
- Demonstrated ability to facilitate structured threat modelling (STRIDE, attack trees).
- Highly skilled in producing clear, concise, decision-focused reporting for senior stakeholders.
- Strong capability in running governance, risk, and assurance activities.
- Experience working with Agile, DevOps, and multi-disciplinary delivery teams.
- Excellent stakeholder management and communication skills.
- Experience in Secure by Design frameworks used within Defence and Government.
- Knowledge of MOD security governance, assurance, and accreditation processes.
- Background in risk consultancy or security assurance.
- Certifications such as CISM, CRISC, CISSP, SABSA, CCP, or equivalent.
What You Will Deliver
- Secure by Design discovery assessments and control expectations.
- Threat models, risk assessments, vulnerability analyses.
- Risk remediation action plans with clear owners and timelines.
- Concise assurance documentation and residual risk reports.
- Secure by Design compliance evidence aligned to programme and Authority requirements.
- Clear risk recommendations supporting decision-making and governance.
Secure by Design Lead in Newcastle upon Tyne employer: 慨正橡扯
As a Secure by Design Lead, you will thrive in a dynamic work environment that prioritises innovation and security within the MOD/Public Sector. Our company fosters a collaborative culture where your expertise in cybersecurity will be valued, and you'll have ample opportunities for professional growth through mentoring and knowledge sharing. With a commitment to continuous improvement and a focus on agile methodologies, we ensure that our employees are equipped to make meaningful contributions while enjoying a supportive and engaging workplace.
StudySmarter Expert Advice🤫
We think this is how you could land Secure by Design Lead in Newcastle upon Tyne
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the industry. Attend meetups, webinars, or even just grab a coffee with someone who’s already in the field. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Show off your skills! When you get the chance to chat with potential employers, don’t hold back on sharing your experiences and how you’ve tackled challenges in Secure by Design. Use real examples to demonstrate your expertise and make a lasting impression.
✨Tip Number 3
Be proactive! If you see a company you’re keen on, reach out directly. Send a friendly email expressing your interest and ask if they have any upcoming opportunities. It shows initiative and can set you apart from other candidates.
✨Tip Number 4
Don’t forget to apply through our website! We’ve got loads of exciting roles that might be perfect for you. Plus, applying directly can sometimes give you a better shot at getting noticed by hiring managers.
We think you need these skills to ace Secure by Design Lead in Newcastle upon Tyne
Some tips for your application 🫡
Tailor Your Application:Make sure to customise your CV and cover letter to highlight your experience with Secure by Design and the specific skills mentioned in the job description. We want to see how your background aligns with what we're looking for!
Showcase Your Expertise:When detailing your experience, focus on your knowledge of cybersecurity frameworks like NIST and ISO. We love seeing concrete examples of how you've applied these in past roles, especially in MOD or Public Sector contexts.
Be Clear and Concise:Your application should be easy to read and straight to the point. Use bullet points where possible to break down your achievements and responsibilities. We appreciate clarity, especially when it comes to risk assessments and reporting!
Apply Through Our Website:Don't forget to submit your application through our website! It’s the best way for us to receive your details and ensures you’re considered for the role. Plus, we love seeing applications come directly from our site!
How to prepare for a job interview at 慨正橡扯
✨Know Your Frameworks
Make sure you’re well-versed in the cybersecurity risk frameworks mentioned in the job description, like NIST 800-30/37 and ISO 27005. Brush up on how these frameworks apply to Secure by Design principles, as you’ll likely be asked to demonstrate your understanding during the interview.
✨Showcase Your Leadership Skills
Prepare examples of how you've led Secure by Design initiatives in the past. Think about specific projects where you coached teams or facilitated workshops. Highlight your ability to balance security with delivery speed, especially in Agile environments, as this is crucial for the role.
✨Be Ready for Technical Questions
Expect technical questions around risk assessments and threat modelling techniques like STRIDE and attack trees. Practise explaining these concepts clearly and concisely, as you’ll need to communicate complex ideas to senior stakeholders effectively.
✨Prepare Your Documentation Samples
Have examples of your previous work ready, such as risk assessment reports or compliance documentation. Being able to discuss these documents will show your practical experience and help you articulate your approach to governance and assurance activities.
