Secure by Design Lead & Cyber Risk Advisor job opportunity at DXC Technology.

Home Jobs In United Kingdom Tag: Job Secure by Design Lead & Cyber Risk Advisor position at DXC Technology


DatePosted 16 Days Ago bot
DXC Technology Secure by Design Lead & Cyber Risk Advisor
Experience: General
Pattern: full-time
Country:
apply Apply Now
Salary:
Status:

Job

Copy Link Report
degreeOND
loacation GBR - NBL - NEWCASTLE UPON TYNE, United Kingdom
loacation GBR - NBL - NE..........United Kingdom

Job Description: We are seeking an experienced Secure by Design Lead & Cyber Risk Advisor to drive Secure by Design practices across a portfolio of MOD and Public Sector digital services. You will lead risk identification, mitigation, and assurance activities, ensuring that products and services are designed, built, and operated securely while aligned with organisational and Authority risk appetites. This role requires deep understanding of cyber risk methodologies, excellent communication skills, and the ability to guide multi‑disciplinary teams through Secure by Design processes at pace. You will act as the primary advisor on cyber risk and SbD compliance, producing concise, decision‑ready outputs and leading security assurance activities. Key Responsibilities Secure by Design Leadership Lead Secure by Design discovery and assessment activities across digital services and portfolios. Provide Secure by Design risk and security assurance functions within MOD/Public Sector accounts. Define pragmatic security control expectations aligned to service context and business risk appetite. Coach delivery teams to adopt secure working practices in Agile and iterative environments without impeding delivery speed. Risk Assessment & Threat Modelling Conduct cyber risk assessments using NIST 800‑30/37 (rev.5) , ISO 27005 , and NIST Cyber Security Framework (CSF) . Perform threat modelling using STRIDE , attack trees , and other contemporary analytical methods. Identify vulnerabilities, threats, impacts, and control gaps to inform risk treatment decisions. Carry out technical and control-based risk assessments, incorporating outcomes of architecture reviews and testing activities. Risk Treatment & Remediation Planning Develop actionable, prioritised risk remediation plans , including responsibilities, timelines, and mitigation steps. Provide pragmatic and business‑aligned risk remediation guidance , balancing operational needs with security obligations. Work closely with risk owners and technical leads to negotiate and agree treatment strategies. Governance, Assurance & Reporting Support governance and assurance forums by articulating risk, mitigation options, and residual exposure. Produce concise, informative documentation including: Risk assessment reports Threat modelling outputs Vulnerability and control analysis Residual risk statements Secure by Design compliance evidence Validate that required control patterns, assurance activities, and security testing have been completed. Stakeholder Collaboration & Workshops Facilitate security, risk, and threat modelling workshops with multi‑disciplinary teams and Authority stakeholders. Engage with business and technical stakeholders to ensure alignment with broader transformation goals and regulatory requirements. Work with MOD/Public Sector teams to ensure security expectations and compliance obligations are met. Compliance & Evidence Production Identify, collect, and review evidence demonstrating compliance with Secure by Design principles. Produce documentation including: Risk assessments Security testing results Evidence packs for Secure by Design compliance Residual risk reports Leadership, Coaching & Knowledge Sharing Mentor junior consultants, technical specialists, stakeholders and program across multiple business units. Produce and deliver awareness sessions on Secure by Design, secure development, governance, and best practice. Promote a culture of continuous security improvement. Skills & Experience Required Essential Eligibility for UK security clearance Proven experience leading Secure by Design across portfolios or multiple digital services. Strong experience supporting MOD , Defence, or UK Public Sector clients. Deep expertise in cybersecurity risk frameworks including: NIST 800‑30/37 ISO 27005 NIST CSF Demonstrated ability to facilitate structured threat modelling (STRIDE, attack trees). Highly skilled in producing clear, concise, decision‑focused reporting for senior stakeholders. Strong capability in running governance, risk, and assurance activities. Experience working with Agile, DevOps, and multi‑disciplinary delivery teams. Excellent stakeholder management and communication skills. Experience in Secure by Design frameworks used within Defence and Government. Knowledge of MOD security governance, assurance, and accreditation processes. Background risk consultancy, or security assurance. Certifications such as CISM , CRISC , CISSP , SABSA , CCP , or equivalent. What You Will Deliver Secure by Design discovery assessments and control expectations. Threat models, risk assessments, vulnerability analyses. Risk remediation action plans with clear owners and timelines. Concise assurance documentation and residual risk reports. Secure by Design compliance evidence aligned to programme and Authority requirements. Clear risk recommendations supporting decision‑making and governance. At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive. Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available  here .

Other Ai Matches

Associate Manager Software Engineering Applicants are expected to have a solid experience in handling Job related tasks
Microfocus Cobol Applicants are expected to have a solid experience in handling Job related tasks
Microsoft Dynamics CRM Tech Architect Applicants are expected to have a solid experience in handling Job related tasks
Applications Services Delivery Tech Lead Applicants are expected to have a solid experience in handling Job related tasks
Associate Manager Scrum Master Applicants are expected to have a solid experience in handling Job related tasks
SAP HCM Consultant – Time Management, PA, OM Applicants are expected to have a solid experience in handling PA, OM related tasks
Lead Storage Backup Engineer Applicants are expected to have a solid experience in handling Job related tasks
.Net and React Developer Applicants are expected to have a solid experience in handling Job related tasks
Cyberlife Analyst Applicants are expected to have a solid experience in handling Job related tasks
Snowflake Data Engineer Applicants are expected to have a solid experience in handling Job related tasks
Customer Community Manager - Insurance Applicants are expected to have a solid experience in handling Job related tasks
ServiceNow Consultant Applicants are expected to have a solid experience in handling Job related tasks
【Consulting】Microsoftコンサルタント Applicants are expected to have a solid experience in handling Job related tasks
Sales Professional - New Energy Industry accounts Applicants are expected to have a solid experience in handling Job related tasks
IT ANALISTA FUNCIONAL/Business Analyst sector asegurador Applicants are expected to have a solid experience in handling Job related tasks
Azure Cloud Engineer Applicants are expected to have a solid experience in handling Job related tasks
Collection Specialist with German Applicants are expected to have a solid experience in handling Job related tasks
Data Platform Lead Applicants are expected to have a solid experience in handling Job related tasks
ServiceNow Developers Applicants are expected to have a solid experience in handling Job related tasks
SAP SD项目经理 Applicants are expected to have a solid experience in handling Job related tasks
Associate Manager Software Engineering Applicants are expected to have a solid experience in handling Job related tasks
Kỹ Sư Phần Mềm (N3/N2 Tiếng Nhật) Applicants are expected to have a solid experience in handling Job related tasks
MML-wmA-UI-JL10-RR-0252282 Applicants are expected to have a solid experience in handling Job related tasks