|Â£400 to Â£450 per day|
* You will join a successful and established Cyber Security team on the Programme.
* You will be required to manage and consolidate the accreditation portfolio, whilst driving the modernisation of our accreditation and assurance capability as part of the wider Cyber Security and Information Assurance strategy.
* This role will have considerable input in developing and refining our assurance and accreditation capability, a crucial part of the cyber security and assurance strategy, and as such will assist key stakeholders in developing the assurance framework and associated security policies for the organisation, ensuring solutions are innovative yet robust from a security perspective.
* Enhances security team accomplishments and competence by planning delivery of solutions; answering procedural questions for less experienced team members and teaching improved processes.
* Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
* It is therefore essential that the candidate has not only a wide range of security knowledge, but is experienced in the application of such knowledge in driving the development and adoption of modern, flexible and credible assurance models, in order to provide the consultancy and governance required.
General Skills and Experience:
* To provide a focal point for resolution of security and information risk and to drive the modernisation of the assurance or accreditation capability and its establishment as a valued part of the business.
* Provide representation on assurance or accreditation matters and manage the accreditation portfolio.
* To identify, analyse, evaluate and communicate information risks at the system, portfolio and strategic level providing expert advice to the Security Workstream, Key Stakeholders, Senior Responsible Officers and Senior Information Risk Owners on how they may be treated.
* To explain to risk owners and other stakeholders the causes, likelihood and potential business impacts of information risks throughout the information system lifecycle.
* To assist checking compliance with applicable regulations, standards, policies and guidance on information risk management.
* To support the development of the new assurance process and models, reflecting the best emerging principles from industry.
* To promote security awareness and the benefits of assured services across the business.
* Selects appropriate risk assessment techniques for use across the programme.
* Identifies information risks which are systemic across the programme and recommends effective treatment.
* Supports the development of the wider cyber security and assurance strategy and the organisations overarching security strategies, including the development of IA strategies, policies, guidance and awareness.
* Assists key stakeholders in the development of new ITHC testing strategies that take account of modern trends and increase effectiveness while reducing the testing burden on the business.
* Oversee the vulnerability remediation process ensuring that relevant vulnerabilities are rectified through formal change processes.
* Shall be aware of a wide range of vulnerabilities/exploits and knows where to find the latest information on vulnerabilities or exploits and will assist key stakeholders in developing strategies to identify them.
* Understanding contractual requirements and balancing functionality, risk and cost.
* Understands risk and has demonstrable experience of applying pragmatic and appropriate controls as part of the holistic assurance process.
* Demonstrable experience of using the latest CESG Cloud Principles, recognised Industry Best Practice, HMG SPF, ISO27001, Cloud Security Alliance, PSN Compliance and COTS products to manage business requirements and risk across the OFFICIAL tier.
* Is fully cognisant of New and Developing technologies - remains abreast of all current and future ICT and Security technologies and can demonstrate how they can benefit the development of a modern, effective risk management approach.
This position may require involvement in Security Working Groups and also with external suppliers.
Specific Technical Skills and Experience:
* Qualification in an IS security related area such as former CLAS, CISSP, CCP [or plan to obtain Analyst or SIRA], CISM, Information or demonstrable equivalent experience.
* Preferable; National School of Government HMG IA standard IS2 and IS1
* Preferable; ISO27001 Lead Auditor; Strong awareness of ISO27001 controls related to all security areas
* SC clearance
* Ability to manage own time and act as main POC for providing Information Assurance capability into a project.
* Produced Security Risk assessments at business, technical architecture and process level.
* Worked with delivery teams to develop/support a suitable system security architecture which can be implemented and meets the requirements and budget constraints
* Presented your security approach and designs to senior management, clients and accreditor/SIRO
* Development and presentation of HMG security related documentation, including risk assessments, within specified timescales and effort estimates.
* Experience with transitioning services between outsourced managed services suppliers is desirable
Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment which can take up to a minimum 10 weeks.
LA International Computer Consultants Ltd is an HMG Approved Consultancy and operates as an IT & Engineering Consultancy or as an Employment Business & Agency, depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, we welcome applications from all sections of the community and from people with diverse experience and backgrounds. Award Winning LA International Computer Consultants Ltd [Recruiter Awards for Excellence - Best IT, Best Public Sector & Gold Awards] and the most prestigious award that any business can receive The Queens Award for Enterprise: International Trade 2015.
If you are interested in this vacancy, you can either apply using the link above or contact them directly using the following details:
|Email A Friend
|If you know anyone who may be interested in this vacancy, please click here to email details to them.