About the Role
NPL is currently seeking an Information Security GRC & Assurance Manager to join the team dedicated to the development of new products related to PNT. This role provides guidance and oversight to governance, risk, compliance, and assurance with the appropriate standards and regulations. Focused on ensuring the NCSC Cyber Assessment Framework (CAF) is applied to projects throughout their development and program lifecycle.
This specialist position will be supported by NPL's Cyber Security Team and CIO division with day-to-day information risk consultancy, advice, and guidance. It will also support with the prioritisation of risk mitigation activities, tracking of risk tolerance, and reporting while supporting the design and implementation of the assurance framework.
We are now working in a hybrid way, with a mix of remote and office working. We strive to offer a great work-life balance - if you are looking for part-time or flexible options, we will try to make this work where business possible. This will be dependent on the kind of role you do and part of the business you work in.
About You
Key Requirements:
1. One of the following certifications:
* Certified Information Security Systems Professional (CISSP)
* Certified Information Security Manager (CISM)
* Certified Information Systems Auditor (CISA)
1. Two or more of the following certifications:
* CompTIA Security+
* Certified Cloud Security Professional (CCSP)
* Systems Security Certified Practitioner (SSCP)
* GIAC Security Essentials Certification (GSEC)
* Certified in Risk and Information Systems Control (CRISC)
* ISO 27001 Lead Auditor
* ISO 27001 Lead Implementer
Other Requirements:
* Experience of NCSC's Cyber Assurance Framework (CAF), NIST Cyber Security Framework (CSF), NIST SP 800-53, ISO 27001 and HMG regulations and other departmental IT in defence and security.
* Ability to work in small teams, highly specialised technology areas across diverse projects.
* Experience of cross-security domain approaches and solutions.
* Experience of operating in Critical National Infrastructure (CNI) and the requirements around cyber security and operational resilience.
* Understanding of threats in a government, mission, and critical national infrastructure environments.
* A working knowledge of IT Security risk assessment processes and ability to identify a proportionate set of IT Security controls aligned with business objectives.
* In-depth assessment of IT systems, cloud offerings (IaaS, PaaS and SaaS), services and IT Security controls to provide an independent view of their compliance and effectiveness with Security Policy, IT Security standards and external regulatory requirements.
* Assessing architectural designs to determine whether the relevant IT Security controls have been identified in line with business objectives and risk mitigation.
* Analysis, creation and compilation of relevant documentation determining the compliance level of systems and services, technical security controls with applicable certification, accreditation, and internal policy requirements.
* Stakeholder engagement; promoting a mind-set of developing secure systems, transferring knowledge of security standards/processes and acting as a subject matter expert (SME).
Please note: Applications will be reviewed, and interviews conducted throughout the duration of this advert therefore we may at any time bring the closing date forward. We encourage all interested applicants to apply as soon as practical.
We actively recruit citizens of all backgrounds, but the nature of our work in this specific area means that nationality, residency, and security requirements are more tightly defined than others. You will be asked about this throughout the recruitment process. To work at NPL, you will need to obtain BPSS security clearance. However, to work in this role, you will need to have an SC clearance with no restrictions, or you must have the ability to obtain an SC clearance.
About Us
The National Physical Laboratory (NPL) is a world-leading centre of excellence that provides cutting-edge measurement science, engineering, and technology to underpin prosperity and quality of life in the UK.
NPL and DSIT have strong commitments to diversity and equality of opportunity, and welcome applications from candidates irrespective of their background, gender, race, sexual orientation, religion, or age, providing they meet the required criteria. Applications from women, disabled and black, Asian and minority ethnic candidates in particular are encouraged. All disabled candidates (as defined by the Equality Act 2010) who satisfy the minimum criteria for the role will be guaranteed an interview under the Disability Confident Scheme.
At NPL, we believe our success is a result of the diversity and talent of our people. We strive to nurture and respect individuals to ensure everyone feels valued by treating everyone on the basis of their own individual merits and abilities regardless of their own or perceived identity. As part of our commitment to diversity & inclusion, we hold memberships and accreditations to ensure we're creating an environment where all our colleagues feel supported and welcome, please see our Diversity & Inclusion page.
We are committed to the health and well-being of our employees. Flexible working and social activities are embedded in our culture to create a positive work-life balance, along with a broad range of benefits. Our values are at the heart of what we do, and they shape the way we interact, develop our people and celebrate success.
To ensure everyone has an equal chance, we're always willing to make reasonable adjustments to the recruitment process. If you would like to discuss, please contact us.
#J-18808-Ljbffr