At a Glance
- Tasks: Lead Secure by Design initiatives and conduct cyber risk assessments across digital services.
- Company: Join a leading organisation focused on security in the MOD and Public Sector.
- Benefits: Competitive salary, professional development, and opportunities for impactful work.
- Other info: Mentorship opportunities and a culture of continuous improvement await you.
- Why this job: Make a difference in cybersecurity while working with innovative teams.
- Qualifications: Experience in cybersecurity frameworks and strong stakeholder management skills.
The predicted salary is between 55000 - 65000 £ per year.
Key Responsibilities
- Secure by Design Leadership
- Lead Secure by Design discovery and assessment activities across digital services and portfolios.
- Provide Secure by Design risk and security assurance functions within MOD/Public Sector accounts.
- Define pragmatic security control expectations aligned to service context and business risk appetite.
- Coach delivery teams to adopt secure working practices in Agile and iterative environments without impeding delivery speed.
- Risk Assessment & Threat Modelling
- Conduct cyber risk assessments using NIST 800-30/37 (rev.5), ISO 27005, and NIST Cyber Security Framework (CSF).
- Perform threat modelling using STRIDE, attack trees, and other contemporary analytical methods.
- Identify vulnerabilities, threats, impacts, and control gaps to inform risk treatment decisions.
- Carry out technical and control-based risk assessments, incorporating outcomes of architecture reviews and testing activities.
- Risk Treatment & Remediation Planning
- Develop actionable, prioritised risk remediation plans, including responsibilities, timelines, and mitigation steps.
- Provide pragmatic and business-aligned risk remediation guidance, balancing operational needs with security obligations.
- Work closely with risk owners and technical leads to negotiate and agree treatment strategies.
- Governance, Assurance & Reporting
- Support governance and assurance forums by articulating risk, mitigation options, and residual exposure.
- Produce concise, informative documentation including risk assessment reports, threat modelling outputs, vulnerability and control analysis, and residual risk statements.
- Validate that required control patterns, assurance activities, and security testing have been completed.
- Stakeholder Collaboration & Workshops
- Facilitate security, risk, and threat modelling workshops with multi-disciplinary teams and Authority stakeholders.
- Engage with business and technical stakeholders to ensure alignment with broader transformation goals and regulatory requirements.
- Work with MOD/Public Sector teams to ensure security expectations and compliance obligations are met.
- Compliance & Evidence Production
- Identify, collect, and review evidence demonstrating compliance with Secure by Design principles.
- Produce documentation including risk assessments, security testing results, evidence packs for Secure by Design compliance, and residual risk reports.
- Leadership, Coaching & Knowledge Sharing
- Mentor junior consultants, technical specialists, stakeholders and program across multiple business units.
- Produce and deliver awareness sessions on Secure by Design, secure development, governance, and best practice.
- Promote a culture of continuous security improvement.
Skills & Experience Required
- Eligibility for UK security clearance.
- Proven experience leading Secure by Design across portfolios or multiple digital services.
- Strong experience supporting MOD, Defence, or UK Public Sector clients.
- Deep expertise in cybersecurity risk frameworks including NIST 800-30/37, ISO 27005, and NIST CSF.
- Demonstrated ability to facilitate structured threat modelling (STRIDE, attack trees).
- Highly skilled in producing clear, concise, decision-focused reporting for senior stakeholders.
- Strong capability in running governance, risk, and assurance activities.
- Experience working with Agile, DevOps, and multi-disciplinary delivery teams.
- Excellent stakeholder management and communication skills.
- Experience in Secure by Design frameworks used within Defence and Government.
- Knowledge of MOD security governance, assurance, and accreditation processes.
- Background in risk consultancy or security assurance.
- Certifications such as CISM, CRISC, CISSP, SABSA, CCP, or equivalent.
What You Will Deliver
- Secure by Design discovery assessments and control expectations.
- Threat models, risk assessments, vulnerability analyses.
- Risk remediation action plans with clear owners and timelines.
- Concise assurance documentation and residual risk reports.
- Secure by Design compliance evidence aligned to programme and Authority requirements.
- Clear risk recommendations supporting decision-making and governance.
Secure by Design Lead: Governance, Risk & Threat Modelling in Newcastle upon Tyne employer: 慨正橡扯
As a Secure by Design Lead within our dynamic team, you will thrive in an environment that champions innovation and security excellence. We offer a collaborative work culture that prioritises professional growth, with opportunities to mentor and lead while engaging with key stakeholders in the MOD and Public Sector. Our commitment to continuous improvement and adherence to best practices ensures that you will be part of a meaningful mission, making a tangible impact on national security.
StudySmarter Expert Advice🤫
We think this is how you could land Secure by Design Lead: Governance, Risk & Threat Modelling in Newcastle upon Tyne
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the industry. Attend meetups, webinars, or even local events related to cybersecurity and risk management. You never know who might have the inside scoop on job openings or can put in a good word for you!
✨Tip Number 2
Show off your skills! Create a portfolio that highlights your experience with Secure by Design, risk assessments, and threat modelling. Use real examples from your past work to demonstrate how you've tackled challenges and delivered results. This will make you stand out when chatting with potential employers.
✨Tip Number 3
Don’t just apply anywhere—apply through our website! We’re always on the lookout for talent that aligns with our mission. Tailor your application to showcase how your experience fits the role of Secure by Design Lead, and let us see your passion for cybersecurity shine through.
✨Tip Number 4
Prepare for interviews like a champ! Research common questions related to governance, risk, and threat modelling. Practice articulating your thought process on risk assessments and remediation plans. The more confident you are in discussing your expertise, the better your chances of landing that dream job!
We think you need these skills to ace Secure by Design Lead: Governance, Risk & Threat Modelling in Newcastle upon Tyne
Some tips for your application 🫡
Tailor Your Application:Make sure to customise your CV and cover letter to highlight your experience with Secure by Design and risk frameworks. We want to see how your skills align with the job description, so don’t hold back on showcasing your relevant achievements!
Showcase Your Technical Skills:When detailing your experience, be specific about the cybersecurity frameworks you've worked with, like NIST or ISO. We love seeing concrete examples of how you've applied these in real-world scenarios, especially in MOD or public sector contexts.
Keep It Clear and Concise:Your application should be easy to read and straight to the point. Use bullet points for key achievements and avoid jargon unless it’s necessary. We appreciate clarity, especially when it comes to decision-focused reporting!
Apply Through Our Website:Don’t forget to submit your application through our website! It’s the best way for us to receive your details and ensures you’re considered for the role. Plus, it shows you’re keen on joining the StudySmarter team!
How to prepare for a job interview at 慨正橡扯
✨Know Your Frameworks
Make sure you’re well-versed in the cybersecurity risk frameworks mentioned in the job description, like NIST 800-30/37 and ISO 27005. Brush up on how these frameworks apply to real-world scenarios, as you might be asked to discuss your experience with them during the interview.
✨Showcase Your Leadership Skills
Since the role involves leading Secure by Design initiatives, prepare examples of how you've successfully led teams or projects in the past. Think about specific challenges you faced and how you coached others to adopt secure practices without slowing down delivery.
✨Prepare for Technical Questions
Expect technical questions around threat modelling techniques like STRIDE and attack trees. Be ready to explain how you’ve used these methods in previous roles, and consider bringing along a case study or two to illustrate your points.
✨Engage with Stakeholders
The role requires strong stakeholder management skills, so think about how you’ve collaborated with various teams in the past. Prepare to discuss how you’ve facilitated workshops or engaged with stakeholders to align security expectations with business goals.
