Job Description
Role: Security Assurance Coordinator
Location: MoD Corsham - Hybrid - 3 Days Onsite
Duration: 31/03/2025
Rate: £775 - £825 P/Day - UMB - Inside IR35
Overview
The Security Governance, Risk & Compliance capability is required to deliver OpNET security risk management, implement security control measures, and documented evidence to meet OpNET assurance and compliance requirements as set by the MOD. Specifically, this means producing documentation and evidence to support:
* Cyber Defence and risk (CyDR) Secure by Design (SbD) iaw JSP 440.
* Network Operating Authority (NOA) JSP 604 Rules:
* Rule 10 - Information based capabilities shall be assured in accordance with current policy in JSP 440 Part 2 Leaflet 5C.
* Rule 11 - Defensive cyber operations assurance and cyber network defence compliance.
* Rule 16 - ICT capabilities and services shall be designed to provide a high-quality product.
Within existing NSoIT(D) governance and management structures, and following extant OpNET processes and ways of working, the following are to be delivered:
* Subject matter expertise, advice and guidance on security matters relating to CyDR Secure by Design (SbD )of MoD systems to the DC2E/SERAPHIM project staff.
* Security awareness material, briefings and Security Operating Procedures (SyOPs) as required to system users and maintainers.
* Conduct and routinely manage DC2E/SERAPHIM security risk assessments (and associated security controls using NIST 800 methodologies) and lead mitigation action.
* Integration of DC2E/SERAPHIM security controls, functions and tools with wider DD enterprise strategic security approach and solutions.
* Organise and chair a LAD(T) project Security Working Group.
* Implement security controls or all aspects of physical, procedural and personnel security related to the development and delivery of DC2E/SERAPHIM.
* Manage all aspects of 3rd party routine and annual CHECK IT health checks, Penetration Tests and vulnerability assessments, and associated remediation activities.
* Identify and communicate current and emerging security threats to the DC2E/SERAPHIM project.
* Provide solutions that balance business and operational requirements with information and cyber security requirements.
* Identify risks associated with business processes, operations, information security programs and technology projects.
* Conduct security evaluations of technical design and implementation documentation such a HLDs, LLDs and work instructions.
* Integrate and align DC2E/SERAPHIM security aspects with wider NSoIT(D) and OpNET security solutions and ways of working, including security operations functions.
* Support the LAD(T) Security Architect and LAD(T) Security Engineer to ensure that technology solutions meet SbD and risk tolerance requirements.
All Deliverables Are to Be:
* Tailored and aligned with existing OpNET Security, Risk and Compliance, and Security Operations functions.
* Agreed and coordinated with the OpNET Black/Red Security Assurance Coordinator (SAC).