W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9tb3jzb24vanbnl2jhbm5lci1kzwzhdwx0ltmuanbnil1d

Home

Information Security Adviser

  • Location

    Bristol, England

  • Sector:

    Aerospace and Defence

  • Job type:

    Contract

  • Salary:

    Up to £55.75 per annum

  • Contact:

    Harley Walkden

  • Contact email:

    Harley.Walkden@morson.com

  • Job ref:

    162527HWN_1558713358

  • Published:

    about 1 month ago

  • Duration:

    12 Months

  • Expiry date:

    2019-05-31

  • Start date:

    ASAP

  • Client:

    #

Role Activities

  • Identifying security risks within complex air/ground computer and information systems and developing for implementation, effective and risk balanced security measures.
  • Providing security documentation and evidence to meet HMG (MOD, Police and OGDs) security accreditation requirements.
  • Liaison with customers, accreditors and technical authorities, including attendance at security working groups.
  • Performing security analysis of operational environments, threats, vulnerabilities and internal interfaces to define and assess compliance to accepted industry and government standards
  • Conducting verification audits to maintain certifications which include ISO27001 and Cyber Essentials Scheme
  • Contributing to the development of information governance and risk management structures and processes.
  • Assisting in the integration of information assurance activities with the system engineering, design and manufacturing elements of new business ventures and programmes.
  • Engaging with stakeholders, the engineering team and sub-contractors to provide direction, guidance and support on acceptable and balanced information security solutions.
  • Developing business and user focused security policies, procedures, processes and operational guidance for the compliant delivery of customer and Enterprise information security requirements.
  • Maintaining knowledge of technology development (both hardware and software), threat actors, tools and techniques and the risk implications for information security.
  • Assisting in security investigations and incident response, and contributing to development of business resilience measures.
  • Participating in and/or leading the development of information security training materials and processes as well as training general and privileged users on information security processes, policies and procedures.
  • Typical Qualifications/Education
  • Preferably qualified to degree level (or equivalent) or with substantial relevant information security experience, particularly within a similar role in UK Government or Defence.
  • Relevant industry security certifications would be advantageous (e.g. CCP, CISSP, CISA, CISM or ISO27001 Lead Auditor).

Knowledge/Competences

Essential:

  • Knowledge and understanding of MOD and Government information security policy, standards and guidance.
  • Understanding of systems and security verification, validation, testing and evaluation approaches, including HMG Information Assurance schemes and processes.
  • Knowledge and understanding of CESG CAPS and CPA processes and evaluations.
  • Experience in generation of information security Risk Assessments, Risk Treatment Plans and Risk Management and Accreditation Documents.
  • Experience in the specification and development of effective and balanced information assurance solutions or approaches.
  • Ability to analyse the security aspects of business risks
  • Pragmatic approach to the recommendation of security controls

Preferred

  • Experience of assuring IT systems in a secure government environment (MOD OFFICIAL SENSITIVE) would be a distinct advantage.
  • Information assurance experience across the Systems Engineering, Development Lifecycle would be preferred.
  • Experience of participating in developing security solutions in response to Invitation to Tenders
  • Detailed understanding of data protection controls and practices
  • Knowledge of computer security audit and investigative techniques is desirable.

General:

  • Experience of working within a multinational matrix management environment / structure and a large-scale, complex international organization, but also within small teams, would be highly advantageous.
  • Ability to plan, prioritise and manage own workload with limited day-to-day supervision, butt know when to seek assistance/escalate.
  • Effective written and verbal communication skills with ability to adapt depending on audience; ability to explain technical issues in simple language to non-technical consumers is essential.
  • Ability to contribute to cost, schedule adherence, and technical performance trade-offs.
  • Clear task focus with ability to separate out and communicate key elements from extraneous detail.