Technical Staffing Resources (TSR) are the in-house agency and master vendor for KBR who are a leading global engineering, construction, and services company.
KBR support the hydrocarbon and government services markets on six continents. Serving their customers through diverse business units, KBR offer challenging assignments on some of the world's largest and most complex projects.
KBR are looking to recruit a Senior Information Risk Advisor (SIRA)on a 12 month contract based in Warrington / Cumbria
On Offer:
1. Competitive hourly pay rate
2. Outside IR35, highly likely so engagement through a LLC is permitted
3. Hybrid working - 3 days in the office, 2 days from home
Role Overview
The role has a broad scope spanning technical and process risk across the cyber security, information security and privacy space and will necessitate engagement with SL CS&IA (Cyber Operations, Assurance, Risk, Data Protection), SL ISO (Architecture, Service and Knowledge Management), SL Cyber Programme and PPP Partners.
The output will include (but is not limited to) the production of formal risk assessments conducted to the standards acceptable to SL, including but not limited to HMG IS1, IRAM 2 or other ISO27005 assessments as agreed. The output will be used to determine the exposure to risks and likelihood of materialisation, required mitigations and support to PPP CS&IA planning necessary to support correctness of posture, satisfy Regulatory matters.
Responsibilities
• Formal risk assessment of the PPP O365/Azure security configuration and other systems.
• Recommendations around mitigations necessary to minimise the materialisation of identified risks in line with the SL risk framework.
• Production of risk reports to support the PPP ITSO with the PPP CS&IA Plan.
• Represents PPP cyber risk exposure in any security related working groups within SL, Regulatory or internal PPP environs.
• Analysis of system configurations and in cognisance of NCSC guidance, determination of associated risk in relation to systems or solutions developed or implemented by PPP Partners for SL.
• Assists with input to the risk tracking of PPP related cyber risks and the management of a PPP Cyber and Information security/privacy risks by the PPP ITSO for the PPP ICT Manager.
• Formal determination of cyber and information security/privacy related risks and issues.
Skills / ESSENTIAL
• Qualification or membership of a professional body in Information Security.
• Qualification as an NCSC Cyber Certified Practitioner (CCP) at SIRA level, or a former GCHQ CESG CLAS consultant.
• Significant experience in applying Cyber Security Standards.
• Experience in applying technical information technology and information assurance controls to business information models.
• A good understanding of:
o Cyber Security threats and exploitation.
o ICT (both IT and OT) architecture.
o NCSC architectural approach.
• Ability to interpret business requirements and technical ICT documents into Cyber Security requirements.
• Good understanding and knowledge of ICT systems (software, hardware and networks) and applications both legacy and current.
• Good communication skills across all levels of the business and able to talk to non-specialists, specialists, and senior stakeholders.
• Ability to work independently and unsupervised.
• Excellent problem-solving skills.
• Methodical and logical approach.
• Self-motivated and can demonstrate high levels of resilience, honesty, and integrity.
• Hold or be capable of obtaining government clearance (SC/SL – Nuclear).
Skills / DESIRABLE
• Ideally qualified at a minimum of degree level in an IT, Cyber Security, or associated technical or engineering studies.
• CISSP or equivalent.
• Experience of working with operational cyber security teams.
• Experience of working with Regulators/in a Regulated environment.
NB - To be considered for this position you must have the right to live and work in the UK. be able to complete BPSS Security Clearance.