Online since 1999 | 12,770 IT Jobs Live NOW

Senior Security & Information Risk Advisor (SIRA)

Premium Job From Airbus
Recruiter: Airbus
Listed on: 21st April
Location: Newport
Salary Notes: Competitive
Type: Permanent
Start Date: ASAP

This job has now expired please search on the home page to find live IT Jobs.

Airbus pioneers sustainable aerospace for a safe and united world. The Company constantly innovates to provide efficient and technologically-advanced solutions in aerospace, defence, and connected services. In commercial aircraft, Airbus offers modern and fuel-efficient airliners and associated services. Airbus is also a European leader in defence and security and one of the world's leading space businesses. In helicopters, Airbus provides the most efficient civil and military rotorcraft solutions and services worldwide.

Job Description:

Senior Security & Information Risk Advisor (SIRA)

An exciting opportunity has arisen within Airbus Cyber Security in Newport, South Wales and involves working within the UK Defence industry, requiring the applicants to be UK Nationals Only (No Dual Nationals) and able to be security cleared to a UK SC level.

Role Overview

The Senior SIRA enables provision of the Security and Information Risk Advisor service across the UK Cyber business unit & customer deliverable projects.

You will be responsible for supporting the successful accreditation of both customer and internal Cyber projects the following activities:

- Selects appropriate risk assessment techniques for use across the client programme

- Identifies information risks which are systemic across the programme or business

- Understands and provides guidance on the threat environment

- Recommends implementation of new IA controls across the programme or enterprise to provide more cost effective risk mitigation in the long term and ensures these are traceable

- Contributes to the development of IA strategies, policies, guidance and awareness and aligns these with local risk management practices

- Integrates information risk management into programme risk management

- Manages security incidents escalated from a Security and Information Risk Advisor in accordance with applicable policies and standards

- Provides specialist information security advice

- Plans and manages delivery of a security work programme

In this role, you will be positioned as the lead SIRA on projects where you will liaise closely with the project team and engineering team to advise and direct the evolution of the system delivery towards compliance to the applicable security requirements, relevant security policies & standards in order to achieve the necessary system accreditation.

You will have a firm understanding of the overall system accreditation process with knowledge of the key accreditation artefacts that must be produced, accreditation milestones, risk assessment methodologies and risk treatment techniques, and supporting evaluation/certification standards (e.g. ISO 27001, CAPS, CTAS, CHECK).

You will own the delivery of accreditation artefacts and tasks including but not limited to:

- Accreditation & Assurance Management Plan

- Risk Assessment

- Risk Treatment Plan

- RMADS

- Security Management Plan

- Development Security Management Plan

- Manufacturing Security Plan

The Senior SIRA will foster a professional working relationship with the relevant accreditation authorities (e.g. NCSC, MoD ISS DAIS, NSAB) and third party security bodies (CHECK, CTAS, CAPS) where he/she will attend Security Working Groups (SWGs) where he/she will be a key Airbus representative and provide valuable IA contribution.

The Senior SIRA will be involved in customer contracts at all phases of the lifecycle from bid stage to delivery ensuring:

- security requirements to achieve accreditation is fully captured and communicated to all stakeholders

- The accreditation strategy is established and agreed with the authority

The Senior SIRA will support continual improvement in the Cyber business by undertaking the following:

- Working closely with relevant stakeholders (Government Security Officer, IM Security, Cyber leads, MoD/NCSC Accreditation teams) to agree and approve IA enhancements

- Driving improvements in the Development Security Management Plan (DSMP) and Manufacturing Security Plan (MSP), ensuring security governance is appropriately managed through the supply chain and compliant to relevant standards (e.g. DefStan 05-138), and being a key decision maker in the approval of new suppliers

- Producing and owning Security Management Plans (SMPs) for Cyber business areas/frameworks

- Contributing to the evolution of the security of internal development environments

- Driving improvements in IA process efficiency and quality

Responsibilities:

- Own accreditation deliverables (artefacts & tasks) for both customer and internal Cyber business projects

- Identifies and advises stakeholders of information assurance risks and assesses potential countermeasures (Procedural, Physical & Technical)

- Establishes the accreditation strategy approach

- Applies standard risk assessment and treatment techniques/methodologies

- Keep up to date on security policies, standards, accreditation/evaluation/certification processes (e.g. ISO 27001, MOD JSPs, NCSC guidelines, NATO directives/guidelines)

Knowledge/Skills:

- MoD/NCSC Accreditation methodologies and security standards (e.g. HMG IS1&2, JSP 440, JSP 604)

- ISO 27001

- Technical/procedural countermeasure solutions and mitigation techniques proportionate to the risk

- Desirable:NATO Accreditation methodologies and security standards

- Knowledge of latest security technologies

Qualifications:

- STEM related Degree

- Desirable:Masters Degree in Information Security or equivalent

- NCSC CCP Senior SIRA

- CISMP

- ISO 27001 Implementer/Auditor

In return we can offer a competitive salary with annual profit share; an ever growing list of company benefits including enhanced pay for maternity, adoption and shared parental leave and strong career development options across our transnational, market leading company.

Many of our staff work flexibly in many different ways, including part-time. Please talk to us at interview about the flexibility you need. We can't promise to give you exactly what you want, but we do promise not to judge you for asking.

Please let us know if you need us to make any reasonable adjustments for the selection process - you can share this with the Recruitment Business Partner who gets in touch if you are invited to interview. Examples of this may include (but is not exclusive to) accessible facilities; auxiliary aids; room layout etc. Any information disclosed will be treated in the strictest confidence.

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company's success, reputation and sustainable growth.

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.

Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.

Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process