Security Strategy
Role overview
The Security Strategy role plays a critical role in protecting vital services to the public, by developing and implementing and maintaining a security strategy and operating model, that embeds a common security language and structure.
People in this role will work across all the different security specialisms to develop and deliver a security strategy and operating model for their organisation, ensuring adherence to applicable regulation and that security contributes optimally towards the delivery of their organisation’s objectives.
Role level
Typical role expectations
- Demonstrate sound understanding of the intended outcomes of security strategy and what successful end-to-end delivery looks like
- Understanding the current, and identifying the future, drivers that affect the security strategy and operating model.
- Developing and implementing a security strategy that uses our resources to greatest effect to support the department’s business objectives.
- Collaborating with colleagues to develop an operating model that enables the implementation of the security strategy to support the department’s business objectives.
- Support the establishment of an appropriate protective security organisational posture to encourage an effective risk-based approach to security across the estate, taking into account political, economic, social, technological, legal and environmental considerations.
- Support the development of mechanisms to drive continuous improvement within wider government and across national and international standards, enforce sanctions and encourage the sharing of best practice.
- Assess quantitative and qualitative data to support the creation of evidence-based policy/strategy, evaluating and presenting evidence within the appropriate tooling.
- Engaging with the stakeholders across your organisation to understand your current posture, your security aim, and identify pragmatic solutions to support business objectives.
Typical role expectations
- Developing and implementing a security strategy that uses organisation’s resources to greatest effect to support the organisation’s business objectives.
- Collaborating with colleagues to develop an operating model that enables the implementation of the security strategy to support the department’s business objectives.
- Engaging with the stakeholders across your own organisation and wider government to understand your current posture, your security aim, and identify pragmatic solutions to support business objectives.
- Co-ordinating security strategies across cyber, physical and personnel security domains. Manage the establishment of an appropriate protective security organisational posture to encourage an effective risk-based approach to security across the estate, taking into account political, economic, social, technological, legal and environmental considerations.
- Communicate to both technical and non-technical senior audiences the intended outcomes of the policy/strategy and what successful end-to-end delivery looks like.
- Manage the development of mechanisms to drive continuous improvement within wider government and across national and international standards, enforce sanctions and encourage the sharing of best practice.
- Review quantitative and qualitative data to support the creation of evidence-based policy & strategy, evaluating and presenting evidence within the appropriate tooling.
Typical role expectations
- Developing and implementing the organisational Security Strategy.
- Collaborating with colleagues to develop and implement the security operating model.
- Leading engagement with the senior stakeholder network across organisation and wider Government.
- Co-ordinating security strategies across cyber, physical and personnel security domains Lead the establishment of an appropriate protective security organisational posture and encourage an effective risk-based approach to security across the estate.
- Provide policy/strategy leadership and thought leadership to technical and non-technical stakeholders.
- Lead the development of mechanisms to drive continuous improvement within wider government and across national and international standards, enforce sanctions, and encourage the sharing of best practice.
- Shape strategic direction based on quantitative and qualitative data to support the creation of evidence-based policy & strategy.
Skills
| Skill | Associate | Lead | Principal |
|---|---|---|---|
| Protective Security | Working | Practitioner | Expert |
| Threat Understanding | Working | Working | Working |
| Applied Security Capability | Working | Practitioner | Practitioner |
| Risk understanding | Working | Working | Working |
| Legal & Regulatory Compliance | Working | Working | Working |
| Applied research | Awareness | Working | Working |
Core learning
Associate
Certified ISO27001 Practitioner
Risk Management for Non-Risk Professional
NPSA – Security Culture Digital Learning
Lead
Certified ISO27001 Practitioner
NPSA – Security Culture Digital Learning
NPSA – Responding to Terrorist Incidents – Security Control Room Operators Course
Principal
Certified ISO27001 Practitioner
NPSA – Responding to Terrorist Incidents – Security Control Room Operators Course
NPSA – Security Culture Digital Learning