Security Culture Associate

The Office for National Statistics (ONS) is the UK’s largest producer of official statistics, covering a range of key economic, social and demographic topics. These include measuring changes in the value of the UK economy, estimating the size, geographic distribution and characteristics of the population, and providing indicators of price inflation, employment, earnings, crime and migration.

Security and the management of information used for corporate and statistical activities is critical to business operations and the trust that citizens place in us. ONS has a strong commitment to protecting this information.  

The last few years has seen an extensive overhaul of security and information management to meet the challenges of corporate and statistics transformation in technology, methods and practice, the Digital Economy Act and organisational risk appetite. The capability is evolving and expanding to address changes in threat and business direction.   

The Security and Information Management (SaIM) directorate operates five key services across ONS: Security Risk Advice and Management; Knowledge and Information Management (KIM); Physical Security and Business Continuity; Security Compliance and Audit; and Cyber Security, including our Security Culture Services.

This Security Culture Associate role is in the Security Culture division within SaIM, reporting to the deputy Chief Security Officer.

Job description

This Security Culture Associate role works closely with colleagues across all divisions in SaIM, and with other business enabling functions, to deliver activities aligned to building the organisation’s security culture. These roles advocate security-positive behaviour to all ONS colleagues across various mediums.

An example of a typical assignment the role holder may carry out is this:

Triage and co-ordinate bespoke training sessions. To include liaising with business areas and SaIM teams, updating training trackers, identify relevant learning outcomes and co-ordinating a PowerPoint pack which communicates security concepts in accessible and contextualised format. Facilitation of the event, collection of questions and engagement data, and reporting outcomes to SEOs.

Responsibilities

Effectively support the delivery of security education and awareness. To include:

• Mandatory security education for the whole organisation; rolling out training, tracking and encouraging compliance (to include problem solving customer service issues).

• Phishing simulation campaigns; collaborating with Cyber Security to ensure the smooth operation of these exercises. Tracking staff performance of exercises and gathering key metrics for analysis.

• The triage and co-ordination of bespoke security training sessions. Collate feedback and engagement data and share with SEOs.

• Engaging with key stakeholders to support creation and release of security communication pieces, taking the lead on specific releases as deemed appropriate.

• Optional security awareness activity, such as (but not limited to) annual Cyber Security Awareness Month engagements, taking the lead on specific activities as deemed appropriate.

• Effectively manage the user-facing mailbox, to include providing strong customer service, confidently problem-solving issues, and signposting to appropriate resources and subject matter experts. Be a key point of contact for the workforce for security queries.

• Contribute to a successful programme which actively promotes a positive security culture and positive security behaviours, and effectively role modelling these behaviours.

• Knowledge of the UK Government approach to security, including the Government National Security Strategy and Cyber Security Strategy. Awareness of information assurance standards (for example, ISO 27001) and information legislation (for example, GDPR) and how principles within standards and legislation are applied in an organisational context.

This vacancy is aligned to Government Security Profession Career Framework.

Person specification

Essential Criteria:

• Experience in participating in a multi-disciplinary team, ideally within a large organisation and/or within the public sector, demonstrating ability to build and foster collaborative relationships with a diverse range of stakeholders within both the business and the wider organisation.

• Demonstrates an understanding of common people-related security threats, security-positive behaviours, and insider-risk awareness.

• Ability to practically apply acquired knowledge and experience appropriately to different scenarios.

• Excellent written and verbal communication skills, with the ability to effectively communicate complex topics to non-specialist audiences.

• Experience of being organised with well-developed planning skills, strong attention to detail, and the ability to co-ordinate several activities in the same timeframe to tight deadlines.

Behaviours

We'll assess you against these behaviours during the selection process:

• Managing a Quality Service

• Communicating and Influencing

• Working Together

Technical skills

We'll assess you against these technical skills during the selection process:

• Applied Security Capability (Working)

• Protective Security (Working)

Benefits

Alongside your salary of £34,587, Office for National Statistics contributes £10,019 towards you being a member of the Civil Service Defined Benefit Pension scheme.

The Office for National Statistics is part of the Civil Service, and as such we share a number of key benefits with other departments, whilst also having our own unique offerings to support our valued colleagues across the organisation.

Whether you are hearing about us for the first time or already know a bit about our organisation, we hope that our careers site will give you a great insight into the benefits and facilities available to our colleagues, and our fantastic working culture.