Location: Hybrid (Corsham – approx. 2 days per week)
Clearance Required: SC with a willingness to obtain / or DV Clearance, UK Nationals Only
Contract Length: ASAP – 31/03/2026
Rate: Up to £760/day (Inside IR35, via an umbrella company)
Application Deadline: 16/04/2025, 14:00
About the Role
We are seeking a Security Assurance Coordinator (SAC) to support the delivery of the NSoIT(D) Programme security governance, risk and compliance service through business as usual and any future capability enhancements. This service is specially focused on the OpNet Blue v1 system, the OpNET Security Operations Centre (SOC) function, and NSoIT(D) Cyber and Information Security Risk Management. The SAC will report to the NSoIT(D) Chief Information Security Officer (CISO) and is also required to support the other programme Security Assurance Coordinators (SACs).
The position is hybrid, requiring approximately two days per week at MOD Corsham. Candidates must hold SC with a willingness to obtain / or DV Clearance and be sole UK nationals.
Key Responsibilities
* Being accountable for all aspects of physical, procedural and personnel security related to OpNet Blue v1 operation.
* Identifying risks associated with business processes, operations, information security programmes and technology projects.
* Developing solutions that balance business requirements with information and cyber security requirements.
* Production of Security Management Plan, and Risk Assessments as required.
* Management, maintaining and evidencing Secure by Design (SbD) compliance.
* Providing subject matter expertise, advice, and guidance on security matters relating to accreditation of MoD systems, End User Device, password policy, protective marking, safe and secure disposal of classified equipment and material.
* Producing and delivering security awareness material and briefings.
* Security reporting for OpNet Blue v1.
* Managing all aspects of 3rd party vulnerability assessments and penetration testing, and associated remediation activities.
* Identifying and communicating current and emerging security threats
* Routine assurance of Live Service Security (LSS) delivery
* Security governance, risk and compliance direction to Network Operations and Service Management functions
* Acting as lead for Paxcroft building security
* Lead for NSoIT(D) Cyber and Information Security Risk Management
* Implementation and management of operational cyber and information security risk in STREAM across all elements of the NSoIT(D) Programme
* Conducting and managing NIST 800 based Risk Assessments (SbD)) across systems within the NSoIT(D) Programme
* SbD focused management of cyber and information security controls/architecture within STREAM across the NSoIT(D) Programme
* Integration and coordination of NSoIT(D) Programme Cyber and Information Security risks within ARM
* Routine cyber and information security risk reporting
* Acting as secretary to the main programme Security Working Group.
* Providing sound strategic advice, input, support, challenge, and knowledge transfer as required across the programme team, particularly in the areas of Information and Cyber Security.
* Managing relationships with key stakeholder groups including Project Teams within NSoIT(D) and Defence Digital Information Security and Assurance teams.
* Assisting with the delivery of security artefacts across the main delivery programme workstreams to tight timescales.
Essential Experience & Skills
* At least 5 years demonstrable experience operating in a Security Assurance Coordinator type role and gaining Accreditation for novel system/network architectures.
* Detailed knowledge and understanding of defence policy and standards, particularly JSP 440, 453 and over-arching HMG policy.
* Experience of producing RMADS, Security Instructions and other security policy related documentation to a high standard.
* Knowledge of Security Incident Management policies, processes, and procedures.
* Delivery of Risk Assessments, Risk Treatment plans, scoping and managing IT health checks and associated remediation activities.
* Experience and understanding of the Software Defined Data Centre (SDDC) model including large scale virtualisation of servers, desktops, infrastructure and storage technologies.
* Comprehensive knowledge of UK Defence deployed network architectures, federations with coalition partners, security enforcing gateways and modern techniques for enforcement of security principles including micro-segmentation, VPN, VDI, hardware encryption and information flow handling.
* Excellent communication skills, both written and verbal, with a proven ability to explain technical issues to a non-technical audience.
* Strong critical thinking and analytical skills to solve problems and propose new ideas.
* Hold a current SC clearance and be prepared to undergo DV clearance if necessary.
* Competency in MS Office Suite.
Desirable Experience & Skills
* Delivering in Agile and Waterfall project management environments and understanding the complexities of delivering accreditation evidence in these environments.
* Working within the public sector, preferably Defence, and ideally with Defence Digital (formerly ISS).
* Knowledge of Cloud and/or Datacentre based Security Architectures.
* Certified Information Systems Security Professional (CISSP),
* Certified Information Systems Auditor (CISA),
* CCP SIRA Certification at Practitioner or above,
* ISO27001 Auditor related qualification.
* Audit tooling knowledge (ideally ELASTIC and SolarWinds).
Security & Nationality Requirements
Due to the sensitive nature of this role, only sole UK nationals are eligible. Candidates must hold active SC with a willingness to obtain / or DV Clearance prior to commencing the role.