Security Strategy
Role summary
The Security Strategy role plays a critical role in protecting vital services to the public, by developing and implementing and maintaining a security strategy and operating model, that embeds a common security language and structure.
People in this role will work across all the different security specialisms to develop and deliver a security strategy and operating model for their organisation, ensuring adherence to applicable regulation and that security contributes optimally towards the delivery of their organisation’s objectives .
Typical role level expectations
Demonstrate sound understanding of the intended outcomes of security strategy and what successful end-to-end delivery looks like
Understanding the current, and identifying the future, drivers that affect the security strategy and operating model.
Developing and implementing a security strategy that uses our resources to greatest effect to support the department’s business objectives.
Collaborating with colleagues to develop an operating model that enables the implementation of the security strategy to support the department’s business objectives.
Support the establishment of an appropriate protective security organisational posture to encourage an effective risk-based approach to security across the estate, taking into account political, economic, social, technological, legal and environmental considerations
Support the development of mechanisms to drive continuous improvement within wider government and across national and international standards, enforce sanctions and encourage the sharing of best practice
Assess quantitative and qualitative data to support the creation of evidence-based policy/strategy, evaluating and presenting evidence within the appropriate tooling
Engaging with the stakeholders across your organisation to understand your current posture, your security aim, and identify pragmatic solutions to support business objectives.
Typical role level expectations
Developing and implementing a security strategy that uses organisation’s resources to greatest effect to support the organisation’s business objectives.
Collaborating with colleagues to develop an operating model that enables the implementation of the security strategy to support the department’s business objectives.
Engaging with the stakeholders across your own organisation and wider government to understand your current posture, your security aim, and identify pragmatic solutions to support business objectives.
Co-ordinating security strategies across cyber, physical and personnel security domains. Manage the establishment of an appropriate protective security organisational posture to encourage an effective risk-based approach to security across the estate, taking into account political, economic, social, technological, legal and environmental considerations
Communicate to both technical and non-technical senior audiences the intended outcomes of the policy/strategy and what successful end-to-end delivery looks like
Manage the development of mechanisms to drive continuous improvement within wider government and across national and international standards, enforce sanctions and encourage the sharing of best practice
Review quantitative and qualitative data to support the creation of evidence-based policy & strategy, evaluating and presenting evidence within the appropriate tooling
Typical role level expectations
Developing and implementing the organisational Security Strategy.
Collaborating with colleagues to develop and implement the security operating model.
Typical role level expectations
Leading engagement with the senior stakeholder network across organisation and wider Government.
Co-ordinating security strategies across cyber, physical and personnel security domains Lead the establishment of an appropriate protective security organisational posture and encourage an effective risk-based approach to security across the estate
Provide policy/strategy leadership and thought leadership to technical and non-technical stakeholders
Lead the development of mechanisms to drive continuous improvement within wider government and across national and international standards, enforce sanctions, and encourage the sharing of best practice
Shape strategic direction based on quantitative and qualitative data to support the creation of evidence-based policy & strategy
| Skill | Associate | Lead | Principal |
|---|---|---|---|
| Protective Security | Working | Practitioner | Expert |
| Threat Understanding | Working | Working | Working |
| Applied Security Capability | Working | Practitioner | Practitioner |
| Risk understanding | Working | Working | Working |
| Legal & Regulatory Compliance | Working | Working | Working |
| Applied research | Awareness | Working | Working |
| Security Strategy (new skill) | Working | Practitioner | Expert |
Core learning
Associate
NPSA – Introduction to Security
ISO/IEC 27001 Foundation
Risk management for non-risk professionals
Lead
NPSA – Introduction to Security
Certified ISO27001 Practitioner
NPSA – Security Culture Digital Learning
Principal
NPSA – Introduction to Security
Certified ISO27001 Practitioner
Risk in the boardroom