Job Description
Position Title: Senior Information Systems Security Specialist
Location: Aldermaston – 3 days/week onsite (9 day fortnight) 12 Month Contract
Our client is a leading organisation focused on ensuring the security, safety, and efficiency of its information systems through robust risk management and adherence to industry standards. They are seeking a Senior Information Systems Security Specialist to join their team, bringing expertise in security assurance and risk analysis to protect critical systems.
Role Responsibilities:
As a Senior Information Systems Security Specialist, you will provide comprehensive security analysis and guidance to project managers and risk owners, contributing to key decisions and promoting a culture of security excellence. Reporting to the Chief Information Security Officer (CISO), you will work across departments to ensure that all technical security requirements align with the organisation's overarching architecture and strategic goals. Your responsibilities will include:
* Conducting in-depth analysis of risks to information systems to enable effective decision-making for project managers and risk owners.
* Participating in Chief Engineer Management Arrangements to define and uphold additional responsibilities within the company’s Design and Technical Authorities.
* Collaborating with functions, projects, and supply chains to assess sources of Information Risk and recommend management solutions.
* Leading efforts to maintain awareness of HMG, MoD, and industry best practices in Information Assurance and Information Risk Management.
* Facilitating the formal accreditation of systems through MoD and other designated systems.
* Serving as a point of contact with the National Technical Authority (NCSC) for all security matters.
* Advising managers on risk tolerance levels and providing technical risk assessment analyses.
What will you bring?
* MoD/Public sector current experience required.
* Strong security assurance background, ideally with public sector experience.
* Working knowledge of accreditation/assurances, particularly with industry standards.
* In-depth understanding of security frameworks and certifications such as CISM, XCCP, or ISO 27001.
* Proven experience in stakeholder management with the ability to convey complex security concepts effectively.
* Background in public sector security protocols is highly desirable.