Up to £55.75 per annum
about 1 month ago
- Identifying security risks within complex air/ground computer and information systems and developing for implementation, effective and risk balanced security measures.
- Providing security documentation and evidence to meet HMG (MOD, Police and OGDs) security accreditation requirements.
- Liaison with customers, accreditors and technical authorities, including attendance at security working groups.
- Performing security analysis of operational environments, threats, vulnerabilities and internal interfaces to define and assess compliance to accepted industry and government standards
- Conducting verification audits to maintain certifications which include ISO27001 and Cyber Essentials Scheme
- Contributing to the development of information governance and risk management structures and processes.
- Assisting in the integration of information assurance activities with the system engineering, design and manufacturing elements of new business ventures and programmes.
- Engaging with stakeholders, the engineering team and sub-contractors to provide direction, guidance and support on acceptable and balanced information security solutions.
- Developing business and user focused security policies, procedures, processes and operational guidance for the compliant delivery of customer and Enterprise information security requirements.
- Maintaining knowledge of technology development (both hardware and software), threat actors, tools and techniques and the risk implications for information security.
- Assisting in security investigations and incident response, and contributing to development of business resilience measures.
- Participating in and/or leading the development of information security training materials and processes as well as training general and privileged users on information security processes, policies and procedures.
- Typical Qualifications/Education
- Preferably qualified to degree level (or equivalent) or with substantial relevant information security experience, particularly within a similar role in UK Government or Defence.
- Relevant industry security certifications would be advantageous (e.g. CCP, CISSP, CISA, CISM or ISO27001 Lead Auditor).
- Knowledge and understanding of MOD and Government information security policy, standards and guidance.
- Understanding of systems and security verification, validation, testing and evaluation approaches, including HMG Information Assurance schemes and processes.
- Knowledge and understanding of CESG CAPS and CPA processes and evaluations.
- Experience in generation of information security Risk Assessments, Risk Treatment Plans and Risk Management and Accreditation Documents.
- Experience in the specification and development of effective and balanced information assurance solutions or approaches.
- Ability to analyse the security aspects of business risks
- Pragmatic approach to the recommendation of security controls
- Experience of assuring IT systems in a secure government environment (MOD OFFICIAL SENSITIVE) would be a distinct advantage.
- Information assurance experience across the Systems Engineering, Development Lifecycle would be preferred.
- Experience of participating in developing security solutions in response to Invitation to Tenders
- Detailed understanding of data protection controls and practices
- Knowledge of computer security audit and investigative techniques is desirable.
- Experience of working within a multinational matrix management environment / structure and a large-scale, complex international organization, but also within small teams, would be highly advantageous.
- Ability to plan, prioritise and manage own workload with limited day-to-day supervision, butt know when to seek assistance/escalate.
- Effective written and verbal communication skills with ability to adapt depending on audience; ability to explain technical issues in simple language to non-technical consumers is essential.
- Ability to contribute to cost, schedule adherence, and technical performance trade-offs.
- Clear task focus with ability to separate out and communicate key elements from extraneous detail.