Up to £80.00 per hour
3 months ago
* Provide guidance and advice on IA and Risk Management matters to stakeholders, Engineering Managers and the Supply Chain as part of a multi-disciplinary engineering team.
* Ensure that Product Security analysis of a project, system or equipment, is delivered and is managed using recognised risk analysis techniques.
* Ensure that Product Security analysis work is fully documented, enabling maintenance of the security status through life including the definition of security architecture and requirements.
* Present risks and proposed controls to internal and external stakeholders, to achieve agreement and buy-in.
* Represent the Product Security group at Design Reviews, to ensure that Product Security is appropriately considered at each stage of the design lifecycle
* Provide technical guidance and supervision to other Product Security engineers and support the management and planning of specialist activities
* Support the delivery of IA activities and documentation from Suppliers through the provision of technical guidance, constructive feedback and engagement.
* Produce IA documentation, to include full Risk Management and Accreditation Document Sets (RMADS) as necessary
* Remain current on relevant HMG and NCSC security policy and guidance
* A sound knowledge of HMG Documentation including SPF and JSP 440
* Excellent communication skills and the ability to interact with stakeholders
* The ability to write accurately, concisely and logically
* The ability to influence others in a challenging environment.
* Desirable skills include industrial control system architects/technologies such as SCADA.
* Desirable experience includes Technical Testing such as Penetration Testing.
* Recognised security qualifications e.g CESG Certified Professional (CCP) CISSP or similar, or a comprehensive number of years of experience.
* Knowledge of Product Security / Information Assurance activities within the defence sector, engineering or a closely linked domain and have a comprehensive understanding of the impact of information risk management activities on system architectures and the development of risk mitigations.
* Recent experience in the conduct of IA activities in line with JSP 440 and the SPF.
* Recent experience of the production of RMADS
* Knowledge of the conduct and management of Penetration Testing.
* Knowledge of the complete engineering lifecycle with some experience of operating in a number of phases.
* Have a strong awareness of Product Safety and SHE
* Good communication skills and ability to interact with stakeholders
* Provides technical leadership and is able to coach and mentor others.