Location: UK based - South West, East or London offices Salary: up to £70k Contract Type: Permanent Cyber Security and Information Assurance Senior Consultant Company Overview A defense company focused on transforming commercial innovation into solutions for the toughest challenges in national security. Leveraging deep mission expertise, it delivers effects-as-a-service across domains such as Air & Space, Electromagnetic & Cyber, and Synthetic environments. The company supports eleven global capability units with central services across Operations, Solutions, Strategy, Legal, and Finance. Capability Unit As part of a larger group, this company functions as the global shared service hub, providing critical support in People, Finance, Legal, Strategy, and Information Technology for its Capability Units (CUs). Position Summary This role requires a skilled consultant to deliver cybersecurity and information assurance services to both internal and external customers. Key responsibilities include conducting cybersecurity risk assessments, identifying mitigation strategies, and producing documentation for security assurance, with specific expertise in the MOD Secure by Design methodology. The role also involves providing mentorship and leadership to junior consultants on the team. Role And Responsibilities We are looking for an experienced Information Assurance professional who can fulfil a role providing both internal and external consultancy in cyber security and information assurance, primarily within the UK Government and UK MOD. This individual shall be capable of undertaking internal information assurance activities, responsible for the management of accreditation, developing and maintaining accreditation information, familiarity with the MOD DART, contribute to Technical Information Security planning, and provide technical Information Assurance input to a range of other IA and project tasks. The individual will also be familiar with the Secure By Design methodology currently being implemented within the MOD. Responsibilities Undertake risk assessment against likely threats to define the security mitigations; Contribute to the development of the security architecture aligned to the security requirements; Develop Risk Management and Accreditation Documentation Set (RMADS), Security Management Plans (SMP) and Security Operating Procedures (SyOPs) in accordance with MOD Accreditation requirements; Maintain system security risk registers, managing issues affecting the delivery and operation of network systems; Ensure that Governance processes including through life management plans and security working groups are implemented to retain MOD Accreditation for the life of the system; Assess information security threats, IT vulnerabilities and obsolescence issues to advise on update requirements through life; Engage with Cyber Defence and Risk (CyDR) assessors for system-specific issues; Perform or oversee vulnerability assessment and penetration testing; Provide guidance on MOD and HMG System and Information Security requirements; Review and advise on security within the Supply Chain; Able to apply knowledge and experience to external customers as consultancy services; Provide leadership for junior member of the Cyber&IA team. Skills And Experience HMG Information Security Standards and technical knowledge. HMG / MOD SbD policy and practices. Experience designing infrastructure, system, and software security controls. Experience of JSP 440 and JSP 604 Network Joining Rules compliance Be familiar with MOD Secure By Design principles. Experience developing RMADs / SMP and SyOPs. Experience of managing risk at programme and project level. Experience at applying different risk models. Lead in Security Working Groups. Proven management of compliance with standards and frameworks. Strong verbal and written communication skills. Ability to engage and influence internal and external stakeholders. Experience specifying ITHC activities and requirements. Professional membership of CIISec, BCS or similar. Must be Security Cleared or prepared to undergo SC process. Qualifications Essential: Degree level ICT / CIS Education or equivalent qualification Technical knowledge of IT systems and IT system security including networks and Windows Experience of MOD security processes and Accreditation ISO27001 Lead Implementer / Lead Auditor CISM or CISSP A desire for continuous professional improvement Professional membership of CIISec or BCS Desirable Cyber Essential Plus Assessor CRISC NIST Cloud Security Knowledge LINUX Benefits Discretionary Bonus 25 Days Annual Leave Private Medical Insurance Company Pension Group life insurance Disability protection EAP Business Travel Insurance Cycle to Work Scheme Gympass Electric Car Scheme Pay: DOE £60-70k Work Authorization / Security Clearance Employee must be a UK National. Employee must be able to have and maintain a UK SC Clearance. Position Type and Expected Hours of Work This is a full-time position with typical working hours of Monday through Friday, 9:00 a.m. to 6:00 p.m. Hours and work shifts may change in accordance with department and business needs. Exempt Employees must have the ability to be on-call and available, as business needs require. Non-Exempt employees may be required to work over 40 hours per week with approval from the department manager. Work Location UK, Lincoln, London