Up to £76.00 per hour
9 days ago
Title - Information Security Consultant
Location - Bristol
Duration - 18 months
Rate - £76.00 per hour
Due to continued business growth there is an opportunity to join a multi-skilled security team that delivers all aspects of protective security, including information security and assurance, personnel security, business continuity and counter threat support and risk advice.
Seeking an Information Security Consultant to work alongside other Security Advisors to deliver the security aspects bringing a new aircraft platform into service. The role will be expected to: design and produce a Risk Management and Accreditation Document Set (RMADS) and other supporting security artefacts for an aircraft platform made up of numerous interlinked systems work with system engineers to prepare for the accreditation organise security testing of the systems, and liaise with the accreditor to enable programme execution.
* Identifying security risks within complex air/ground computer and information systems and developing for implementation, effective and risk balanced security measures.
* Providing security documentation and evidence to meet HMG security accreditation requirements.
* Liaison with customers, accreditors and technical authorities, including attendance at security working groups.
* Performing security analysis of operational environments, threats, vulnerabilities and internal interfaces to define and assess compliance to accepted industry and government standards
* Contributing to the development of information governance and risk management structures and processes.
* Assisting in the integration of information assurance activities with the system engineering, design and manufacturing elements of new business ventures and programmes.
* Engaging with stakeholders, the engineering team and sub-contractors to provide direction, guidance and support on acceptable and balanced information security solutions.
* Developing business and user focused security policies, procedures, processes and operational guidance for the compliant delivery of customer information security requirements.
* Maintaining knowledge of technology development (both hardware and software), threat actors, tools and techniques and the risk implications for information security.
* Preferably qualified to degree level (or equivalent) or with substantial relevant information security experience, particularly within a similar role in UK Government or Defence.
* Relevant industry security certifications would be advantageous (e.g. CCP (Ex-CLAS), CISSP, CISM).
* Knowledge and understanding of MOD and Government information security policy, standards and guidance.
* Understanding of systems and security verification, validation, testing and evaluation approaches, including HMG Information Assurance schemes and processes.
* Knowledge and understanding of CESG CAPS and CPA processes and evaluations.
* Experience in generation of information security Risk Assessments, Risk Treatment Plans and Risk Management and Accreditation Documents.
* Experience in the specification and development of effective and balanced information assurance solutions or approaches.
* Ability to analyse the security aspects of business risks
* Pragmatic approach to the recommendation of security controls.
* Experience of working with and accrediting an aircraft platform.
* Experience of assuring IT systems in a secure government environment (MOD) would be a distinct advantage.
* Information assurance experience across the Systems Engineering, Development Lifecycle would be preferred.
* Experience of participating in developing security solutions in response to customer requirements.
* Detailed understanding of data protection controls and practices.
* Knowledge of computer security audit and investigative techniques is desirable.
The successful applicant must have an active, or be eligible to obtain, Developed Vetting level (DV) UK Security Clearance.