Role Overview
Introduction
Safeguarding personnel, premises, resources, and digital systems is the core responsibility of this position, alongside maintaining essential security certifications required as a trusted UK Government partner.
As a CryptoCustodian, you will oversee multiple protective workstreams to secure client environments, infrastructure, confidential data, and assets. You’ll build and sustain relationships with stakeholders (including MoD), ensuring expectations are met through clear communication and confident engagement with business teams and security leadership.
Acting additionally as Deputy Security Controller, you’ll coordinate security programmes and controls to guarantee compliance with frameworks such as ISO 27001, Security Policy Framework, and contractual obligations like DEFCON and DEFSTAN.
This role reports to the Security Controller and offers a hybrid working pattern—typically 2–3 days on-site in Rugby and the remainder remote.
Ideal for professionals with prior experience managing government security requirements, contracts, and operational processes.
Key Responsibilities
* Manage MOD cryptographic materials and services, including tracking, ordering, and distribution.
* Confirm authorisation for cryptographic items and coordinate timely delivery.
* Brief users and technical staff on HMG and local policies governing classified assets.
* Issue cryptographic items on loan, ensuring compliance with handling procedures.
* Provide security briefings and maintain clearance requirements.
* Support audits and maintain accurate records of cryptographic holdings.
* Identify and report breaches of crypto or communication security policy.
* Advise on cryptographic material, secure processes, and manufacturing standards.
* Maintain and update Electronic Key (Ekey) procedures and documentation.
* Assist with Controlling Authority and Cryptonet Controller duties, completing mandatory training.
* Support interpretation and implementation of security controls for classified assets.
* Liaise with contracting authorities and internal teams on security compliance.
* Coordinate security vetting for new hires and contractors, including renewals.
* Investigate and report security breaches promptly, ensuring full documentation.
Essential Knowledge & Experience
* Strong understanding of government security policies and cryptographic asset management.
* Completion of UKNDA Crypto Custodian training and familiarity with JSP 490, JSP 491, JSP 608.
* Proven ability to develop and implement security policies effectively.
* Skilled in applying UK Government security frameworks and standards.
* Experience in incident response and leading investigations.
Desirable
* Awareness of Quality Management Systems.
* Cybersecurity certifications.
* Membership in Defence Industry Security Association (DISA).
* Existing security clearance (can be sponsored if needed).
Personal Attributes
* Confident communicator with internal and external stakeholders.
* Ability to work independently and collaboratively in a global security team.
* Strong organisational skills to prioritise tasks in a dynamic environment.
* Analytical mindset for solving complex issues and improving processes.
* High integrity and trustworthiness.
* Formal security qualifications or equivalent military/policing experience.
* Membership in a recognised security professional body.