Title: Cyber Security and Information Assurance Senior Consultant Work Arrangement: Hybrid Company Overview Metrea is a defense company dedicated to translating commercial innovation into solutions for the hardest problems in national security. With deep mission expertise, Metrea focuses on delivering effects as-a-service across a spectrum of domains including Air & Space, Electromagnetic & Cyber, and Synthetic. Metrea Management provides central services to eleven (11) global capability units via Operations, Solutions, Strategy, Legal, and Finance teams. Capability Unit Metrea Management is our global shared service providing support for the Capability Units (CU) in areas such as People, Finance, Legal, Strategy and Information Technology. Position Summary The individual shall have the skills, knowledge, and capability to provide internal or external customer facing cybersecurity and information assurance consultancy services. The role will require someone capable of undertaking cybersecurity risk assessments, identify risk mitigations and produce appropriate documentation to provide security assurance. This role will require specific knowledge and experience of the MOD Secure by Design methodology. The individual shall also be required to provide some leadership for junior consultants within the team. Role And Responsibilities We are looking for an experienced Information Assurance professional who can fulfil a role providing both internal and external consultancy in cyber security and information assurance, primarily within the UK Government and UK MOD. This individual shall be capable of undertaking internal information assurance activities, responsible for the management of accreditation, developing and maintaining accreditation information, familiarity with the MOD DART, contribute to Technical Information Security planning, and provide technical Information Assurance input to a range of other IA and project tasks. The individual will also be familiar with the Secure By Design methodology currently being implemented within the MOD. Responsibilities Undertake risk assessment against likely threats to define the security mitigations; Contribute to the development of the security architecture aligned to the security requirements; Develop Risk Management and Accreditation Documentation Set (RMADS), Security Management Plans (SMP) and Security Operating Procedures (SyOPs) in accordance with MOD Accreditation requirements; Maintain system security risk registers, managing issues affecting the delivery and operation of network systems; Ensure that Governance processes including through life management plans and security working groups are implemented to retain MOD Accreditation for the life of the system; Assess information security threats, IT vulnerabilities and obsolescence issues to advise on update requirements through life; Engage with Cyber Defence and Risk (CyDR) assessors for system-specific issues; Perform or oversee vulnerability assessment and penetration testing; Provide guidance on MOD and HMG System and Information Security requirements; Review and advise on security within the Supply Chain; Able to apply knowledge and experience to external customers as consultancy services; Provide leadership for junior member of the Cyber&IA team. Skills And Experience HMG Information Security Standards and technical knowledge. HMG / MOD SbD policy and practices. Experience designing infrastructure, system, and software security controls. Experience of JSP 440 and JSP 604 Network Joining Rules compliance Be familiar with MOD Secure By Design principles. Experience developing RMADs / SMP and SyOPs. Experience of managing risk at programme and project level. Experience at applying different risk models. Lead in Security Working Groups. Proven management of compliance with standards and frameworks. Strong verbal and written communication skills. Ability to engage and influence internal and external stakeholders. Experience specifying ITHC activities and requirements. Professional membership of CIISec, BCS or similar. Must be Security Cleared or prepared to undergo SC process. Qualifications Essential: Degree level ICT / CIS Education or equivalent qualification Technical knowledge of IT systems and IT system security including networks and Windows Experience of MOD security processes and Accreditation ISO27001 Lead Implementer / Lead Auditor CISM or CISSP A desire for continuous professional improvement Professional membership of CIISec or BCS Desirable Cyber Essential Plus Assessor CRISC NIST Cloud Security Knowledge LINUX Our Culture Metrea’s single core value “rooted in humility” is supported by four key attributes; entrepreneurial, systematic, discerning & over-deliver which combined; form our Teammate Firmware, our culture. These attributes are explored during the hiring process, when we grow our teams and to continually support the growth of our culture. We are a hyper-collaborative, dynamically hierarchical organization united by a passion for what we do, and how we do it, who we do it with, and who we do it for Benefits Discretionary Bonus 25 Days Annual Leave Private Medical Insurance Company Pension Group life insurance Disability protection EAP Business Travel Insurance Cycle to Work Scheme Gympass Electric Car Scheme Work Authorization / Security Clearance Employee must be a UK National. Employee must be able to have and maintain a UK SC Clearance. AAP/EEO Statement Metrea Special Management LLC (MAM) is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status or other characteristics protected by law. Position Type and Expected Hours of Work This is a full-time position with typical working hours of Monday through Friday, 9:00 a.m. to 6:00 p.m. Hours and work shifts may change in accordance with department and business needs. Exempt Employees must have the ability to be on-call and available, as business needs require. Non-Exempt employees may be required to work over 40 hours per week with approval from the department manager. Travel As Required Work Location UK, Lincoln, London Work Environment This job operates in an office setting Physical Demands This is a largely sedentary role; however, some physical abilities may be required Other Duties Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. The role, responsibilities and activities may change at any time with or without notice.