My client is looking for a Cyber Assurance Consultant / Information Assurance Consultant who has a wide awareness of Cyber Security across Government and Industry to include; HMG Information, Assurance Policies, Standards and Guidelines, including the Security Policy Framework, the CESG IA Portfolio.
This role is working within the Defence environment and will be working from home with some travel to customer sites around England. Current SC security clearance is required for this role.
Key Responsibilities
1. Conduct and manage security assurance activities of Defence systems, ensuring compliance with Defence, corporate or regulatory requirements and secure use in operational environments.
2. Provide Cyber Security advice and guidance for clients in ‘business as usual’, technical refresh and new project environments.
3. Apply technical security knowledge, with creative and innovative thinking in a broad range of complex and non-routine contexts.
4. Identify and establish good security governance to meet client business requirements.
5. Use knowledge of Defence security policy and process to enable successful security outcomes of managed systems.
6. Perform Cyber Security risk assessments, determining the most cost-effective deployment of security controls and solutions in line with business risk appetite, protecting information assets from loss misuse, leakage, or corruption.
7. Create, update or review security-related artefacts and policies, such as RMADS, Security Cases, Security Aspects Letters, SyOPs etc.
8. Build successful working relationships with team members, key customers and stakeholders that improves the value of the security services we deliver.
9. Mentor others within the security team in a technical and consultancy capacity.
10. Assist in identifying new information security service business opportunities.
11. Identify obstacles to delivery and develop new processes or innovative ways to resolve.
Essential Requirements
1. A wide awareness of Cyber Security across Government and Industry to include; HMG Information, Assurance Policies, Standards and Guidelines, including the Security Policy Framework, the CESG IA Portfolio.
2. Experience of delivering technical Cyber Security consultancy in multi-disciplined environments.
3. Experience of Information Assurance, and developing Information Security Management Systems (ISMS), including risk assessments/management and the deployment of appropriate controls.
4. An excellent communicator, verbal (active listener) and written (able to write concisely).
5. JSP440 and Secure by Design (SBD) experience.
6. Flexibility to travel to customer sites.
Desirable
1. Certified Information Systems Security Professional (CISSP)/ Certified Information Security Manager (CISM) or equivalent.
2. Associate/Full Membership of recognised security professional body such as the Institute of Information Security Professionals (IISP), IS2, BCS.
3. Certifications such as ISO27000, NIST Cyber Security Professional, CISMP etc.
4. NCSC Certified Cyber Professional/ CESG CCP (Security and Information Risk Advisor or Security Architect).
5. Understanding of ‘Secure by Design’ methodology and NIST 800-37 Risk Management Framework.
6. A keen interest in the latest technology with a focus on security technologies.
7. Ambition to work in a challenging and rewarding role that provides real benefit to clients.
8. An interest in maintaining and enhancing technical and consultancy skills.
9. Experience within programme and project environments.
#J-18808-Ljbffr