Please note that the NCA is advertising this role on behalf of the National Cyber Security Centre (NCSC). The successful candidate will be on direct secondment to the NCSC for the duration of their appointment.

Grade & Role Title:

Senior Incident Coordinator, Incident Management, National Cyber Security Centre (NCSC).

Graded at Superintendent/NCA G2 this is a two year secondment opportunity to the NCSC on a lateral or temporary promotion basis.

Location:

Based in London with occasional trips to Cheltenham.

Closing Date: 1st May 2017 at 12 midday

Salary: Within Superintendent pay scale

Role summary:

The NCSC’s mission is to understand and reduce the harm caused by cyber threats against the UK, particularly against systems of national significance. The focus of the Incident Management team is on identifying where cyber threats have manifested as incidents and then responding appropriately to better understand what has happened and mitigate the impact of those incidents.

The Senior Incident Coordinator is key in managing NCSC’s holistic response to significant incidents and is directly responsible to the Deputy Director Incident Management. Significantly this role is also the senior liaison between the NCSC and the law enforcement community.

The Senior Incident Coordinator is responsible for:                                                                                                                                                                                                                                      

• Ensuring that NCSC’s response to significant incidents (C1, C2 and high end C3) is holistic, effective and commensurate with the identified threat or impact.

• Developing incident management plans for those incidents. These should clearly define the intended objectives of NCSC engagement, and address requirements around victim engagement, wider mitigation (including international collaboration), investigative and intelligence gain requirements, including those of law enforcement, active response capabilities, cross government coordination, and media handling. 

• Overseeing implementation of those plans, including coordination of a virtual team to deliver against the objectives and ensuring effective communication of progress to stakeholders. Liaise with NCSC Incident Management team leads around allocation of resource to support high priority incidents and provide a challenge function to ensure that NCSC is doing all that it can, proportionate to the priority of the incident, to meet the stated incident management objectives.

• Leading efforts to internally assess and evaluate to identify good practice, areas for improvement and clarifications required around process and policy. Identify opportunities where the NCSC can add value, for example around the public disclosure of threat intelligence, alerts or advisories, or other formal products. Make recommendations to the national policing lead regarding the adequacy and effectiveness of the national, regional and local cyber crime capabilities.

• Maintaining and strengthening relationships with NCSC teams, SIA and LE to develop, implement and improve cyber crime delivery functions at national, regional and local level by identifying and delivering projects arising from the NCSC incident response and referrals, to increase mainstream capability in relation to cyber crime, and deliver the objectives of the national cyber security strategy, serious organised crime strategy and the strategic policing requirement.

• Leading/coordinating the LE & NCSC engagement at senior stakeholder level providing business support and governance to operations, national networked service functions, and contributing towards the achievement of the strategic objectives of the Team UK cyber capability.

• Engaging in professional development to maintain continual growth in professional skills including ongoing awareness of technical analytical techniques, SIA and law enforcement operational capabilities, ongoing intelligence investigations, real world events and their potential cyber implications, and threat actor TTPs, capabilities and targeting. Additionally the post holder will perform a pastoral care function for those law enforcement officers based within the NCSC.

• Contributing to and supporting wider NCSC activities by overseeing and co-ordinating the preparation and delivery of training events, briefings and presentations to a range of key stakeholders to educate on NCSC good practice, cyber crime issues and promote the LE capability.

Candidates are required to provide evidence against the following criteria:

• Experience of leading cyber crime operations including an understanding of state sponsored cybercrime, knowledge of technical threats, practical challenges and legislation affecting policing activity nationally and internationally.

• Extensive experience of the theory and practical application of incident management and response, including victim engagement. Good stakeholder management, planning and resource allocation skills.

• Excellent written and verbal communication and ability to influence and negotiate complex cybercrime methodology, including briefing senior stakeholders, working on the delivery of government policy and submissions to ministers and dealing with national and local media.

• An understanding of SIA and LE operational capabilities and priorities together with knowledge of the priorities and a knowledge of the mechanisms for engaging with the government departments responsible for UK cyber security.

• Experience of working within an Intelligence environment including information sharing across law enforcement, intelligence agencies and industry preferably with direct experience of cyber threat intelligence.

Essential Entry Criteria:

• UK National
• DV security clearance or be willing to undergo and obtain this if not already held
• Policing or other law enforcement experience