INFORMATION SECURITY OFFICER
Until March 2021
My Client, a multinational defence technology company are seeking an experienced Information Security Officer, to join the team in Corsham until March 2021.
Responsibilities will include:
- Being accountable for all aspects of information security across the Programme, overseeing the physical, technical, procedural, and personnel security matters for the programme and all delivered ICS.
- Being accountable for the identification and mitigation of security risks, including the production of any resulting Risk Balance Cases.
- Providing mentoring and leadership to the Security Assurance Co-ordinators (SAC) and Security Architects.
- Providing technical subject matter expertise, advice and guidance on security matters relating to accreditation, assurance, and operation of ICS to all elements of the Programme.
- Defining the approach to Information Assurance and Accreditation
- Developing and driving the appropriate operating model to ensure Information Security is embedded within the Programme.
- Defining and driving the Information Security and Assurance framework aligning to the entire life cycle of the Programme.
- Reviewing and approving security policies, controls and cyber incident response planning.
- Maintaining a current understanding of the IT threat landscape
- Planning, coordinating, and overseeing the production and review of all security related documentary artefacts, ensuring they align to the policy and rules (eg JSPs 440 and 604) and the Programme's strategy and approach. This includes: Technical Security Architecture, Security Aspects Design, Cyber and Service Management Security Management Plans, Risk Assessments, Risk Management Plans, Security Operating Procedures, Codes of Connection, and Interconnection Security Measures Statements.
- Acting as the Programme's interface with DAIS and Accreditors, to raise and address security related matters and risks.
- Establishing and maintaining Programme-level relationships with national and international technical security authorities, agencies and units, eg: JCU, Defence Intelligence, NCSC, NCIA, SHAPE, US DoD CIO.
- Engaging with the relevant security points of contact of other UK national ICS programmes to deliver, and maintain, the security aspects required for interoperability and interaction between the ICS.
- Engaging with the relevant security points of contact of other of coalition partners' ICS programmes (eg US and NATO) to deliver, and maintain, the security aspects required for interoperability and interaction between the ICS.
- Engaging with the relevant security points of contact of commercial partners to deliver, and maintain, the accreditation required for the ICS NSoIT(D) delivers.
- Supporting the UK's security representatives at international working groups where necessary.
- Chairing and managing the NSoIT(D) Security Working Group.
Essential skills, qualifications, and experience:
In order to deliver this service, it is essential that individuals have:
- Extensive understanding and experience of DAIS Security Accreditation and HMG security policies.
- Proven demonstrable experience in similar roles,eg as anAccreditor or a SAC:
- Gaining accreditation for complex secure ICS and managing risks.
- Producing and assuring security documentation.
- Providing technical guidance and leadership to other security professionals (eg SACs and Security Architects).
- Detailed knowledge and understanding of relevant UK Government and Defence policies and standards, particularly JSPs 440 and 604.
- Security/Cyber Incident Management policies, processes, and procedures.
- UK Defence deployed network architectures, federations with coalition partners, and security enforcing gateways.
- NCSC CertifiedCyber Professional (CCP) Security and Information Risk Advisor (SIRA) Senior Practitioner and at least one of the following professional certifications:
- Certified Information Systems Security Professional (CISSP).
- Certified Information Security Manager (CISM).
- ISO27005 Certification in ISMS Risk Management (CISRM).
- Excellent communication skills, both written and verbal, with a proven ability to explain technical issues to a non-technical audience.
- Strong critical thinking and analytical skills to solve problems and propose new ideas.
- Competency in MS Office Suite.
Desirable skills, qualifications, and experience:
In order to deliver this service, it is desirable that individuals have:
- Delivering secure ICS in Agile and Waterfall project management environments and understanding the complexities of delivering accreditation evidence in these environments.
- Any of the followingISACA professional certifications:
- Certified Information Systems Auditor.
- Certified in the Governance of Enterprise IT.
- Certified in Risk and Information Systems Control.
- Certified Security Testing Professional/Associate.
- Member of the Institute of Information Security Professionals.
- Knowledge of novel techniques for enforcement of security principles on heavily virtualised ICS. Including: micro-segmentation, VPN, VDI, hardware encryption and information flow handling.
Due to the nature of the role, candidates must hold an active DV clearance or be eligible/willing to undergo the process.