** Please note this is a 12 Month Fixed Term Contract (Permanent would also be considered for the perfect candidate) **
We are searching for a Security Standards & Assurance Manager who will play a vital role in delivering high-quality security assurance across our client's organisation. This role involves providing expert specialist advice across sites, programmes, and projects, acting as the key liaison between stakeholders to ensure that information security management standards remain effective, compliant, and robust.
Responsibilities
* Foster and develop a robust security culture to meet MoD, Government, and Company standards across the business.
* Establish and maintain security procedures, ensuring their effectiveness through timely audits.
* Design, maintain, and amend security policies in response to infrastructure changes or updates to Security Legislation or Standards.
* Manage defence contract obligations, including Security Aspects Letters (SAL), policy management, security reporting, and audits.
* Safeguard crypto information held on charge by Crypto Holders in the role of Crypto Custodian.
* Work with IT and Systems Managers to ensure compliance and security procedures for company IT systems.
* Support HR with security vetting for new staff and deliver security briefings.
* Promote security awareness and training to ensure employee engagement across the business.
* Plan and execute NPSA-compliant security measures for buildings, facilities, projects, and programmes.
* Maintain relationships with external commercial and government security advisors.
* Liaise with stakeholders to maintain required security compliance accreditations.
* Maintain Security SLAs, the Company Security Manual, and associated documentation.
* Forge strong working relationships with Police, CTSA, MoD, NPSA, DE&S, and other relevant security agencies.
* Stay informed on legislative changes, technological developments, and best practice in security management.
Essential Skills
* Ability to navigate NPSA standards, with good working knowledge of GOVS007 and JSP 440.
* Good understanding of the Surreptitious Threat Mitigation Process (STaMP).
* Proven experience in a security role within Government or Industry, handling government assets.
* Knowledge of the Government Security Policy Framework and relevant government security policies (e.g., GOVS007, DEFSTAN 05-138, SBD, JSP 440, JSP 490).
* Knowledge of security standards such as ISO 27001, ISO 28000, NIST, and GDPR.
* Strong understanding of UK law relevant to the role.
* Strong stakeholder-management skills with the ability to communicate security concepts to non-technical audiences.
* Ideally already UK SC Cleared, or able to obtain this mandatory clearance.
* DISA accreditation (Security Controller, Document Information Security, Security Vetting).