Cyber Security Operational Assurance Practitioner
Location: Preston or Frimley (1 day p/w in office)
Salary: £42,000 + excellent bens. + 2.5% bonus
The Cyber Assurance Team with Shared Services are part of Enterprise IT (EIT) with responsibility for assuring all enterprise managed systems and services, spanning UK/Row. The team ensure systems / services are built and configured in-line with applicable Cyber Security Standards.
What you’ll be doing:
* Deliver the Cyber through life Assurance capabilities to assure the compliance and effectiveness of applicable Cyber security controls to meet NIST (DFARS), DEFSTAN, HMG Secure by Design requirements and / or Group Cyber Security Standards (GCSS)
* Assist in the delivery of Cyber Essentials and Cyber Essentials plus certification across applicable EIT enterprise managed networks (UK and International) to meet MoD DEFCON contractual requirements
* Support other Information Security certifications such as ISO/IEC 27001 / FAR to underpin international networks and differing overseas requirements
* Support the delivery of an intelligence led and risk-based compliance programme across Sectors, UK Business Groups and Service Providers to underpin HMG Secure by Design requirements
* Report the Performance / Health of applicable security controls to assure compliance and effectiveness aligned with NIST (DFARS), DEFSTAN, HMG Secure by Design requirements and / or Group Cyber Security Standards (GCSS) to highlight key issues to senior stakeholders
Your skills and experiences:
* Strong track records of assuring/auditing the security of services in the Government sector (or commercial organisations bound by HMG standards)
* Strong analytical background with the ability to analyse and interpret large and complex data sets and articulate observations, conclusions, and recommendations to senior audiences
* Knowledge of HMG and industry standard security policy, standards and good practice guidance and their application to a variety of IT solutions processing protectively marked information
* Wide ranging knowledge of application, infrastructure and security technologies and knowledge of implementing them in a secure configuration
* Previous exposure to gap analysis reporting
* ISO/IEC 27001 knowledge
* CISM-P IT Security qualification
Desirable:
* NSCP Practitioner Certificate