Requirements
Must have:
- Proven experience operating within a security risk role or frameworks such as NIST RMF or CSF - Thorough understanding of defence policies, standards, and risk management processes - Excellent stakeholder engagement skills - Experience in security risk management within the defence or government sector - Familiarity with JSP 440, JSP 453, and MOD cyber security policies - Ability to produce Security Management Plans, Security Instructions, and related policy documentation - Strong understanding of risk reduction strategies like Incident Response, Vulnerability Management, and Patch Management - Experience leading risk assessments, risk treatment planning, and managing IT health check activities - Effective stakeholder communication skills within MOD or similar environments - Current SC security clearance (minimum) - Professional registration such as CISSP, CISM, CGRC, or equivalent (desirable) - Chartered status or membership in a recognised cyber security or engineering body (desirable)
Responsibilities:
- Establish and maintain robust security activities across the project lifecycle - Implement continuous assurance strategies aligned with Secure by Design (SbD) guidance - Ensure compliance with MOD policies such as JSP 440 and JSP 453 - Provide expert advice on risk management - Oversee security controls and facilitate stakeholder engagement across multiple Defence and governmental teams - Provide expertise on cyber risk mitigation, identifying threats, and managing security risks throughout the system lifecycle - Develop and maintain security artefacts and manage compliance with relevant standards and policies - Represent the project in security forums and working groups - Ensure clear communication of cyber risks to all stakeholders - Oversee all assurance activities, including audits, vulnerability assessments, and remediation plans - Balance business needs with security requirements to find pragmatic, effective solutions
Company:
At Evodia Limited, we are seeking a highly experienced SC cleared Project Security Lead for our Defence client. This is a fantastic opportunity to contribute to key security initiatives within a complex, high-security environment, helping to safeguard critical systems and information. The role offers a flexible working pattern, with the choice of being based in Corsham, Wiltshire, or Portsmouth, Hampshire, with hybrid working of 2 to 3 days onsite per week. We provide a collaborative, supportive environment where your expertise will help shape vital security strategies for the MOD, with a 2-year contract, inside IR35, and a negotiable day rate.