London - Hybrid
12-18 months
£600 - £750 per day inside IR35 - umbrella only
Active SC clearance required
Responsibilities
Oversee and guide a team of consultants from the UK business who are fulfilling our cloud security assurance process for non-core cloud systems
Maintain and implement our overall Secure Networks Security Assurance framework, including creation of protocols and processes as required.
Maintain our secure network approvals including risk assessments, security arguments, and compliance statements against the DCPP Cyber Security Model (plus against other standards and control sets as required)
Carry out and maintain security assessments for core Secure Networks cloud systems such as Microsoft 365
Oversee Secure Networks elements of broader company certification to the Defence Cyber Certification
Carry out compliance audits to ensure that the Secure Networks Team, local security contacts, and project teams are carrying out required assurance activities, both in our secure networks and for cloud systems
Stay up to date with MOD and other regulatory guidance, and relevant commercial standards such as Microsoft 365 guidance, and incorporate the results into our Secure Networks security assurance approaches
Provide security assurance guidance to the Secure Networks Team to review and influence the design and operation of our secure networks
Periodically update the risk assessments for our secure networks, communicate implications to relevant stakeholders, and track progress against action items
Stay up to date with the threat landscape affecting our secure networks, using a range of sources such as the corporate Threat Intelligence team
Track progress made by a range of parties against security action plans
Collaborate with, learn from and advise relevant internal stakeholders such as Global Security, Security Points of Contact, the Secure Networks Team, the UK business security managers, Security Controllers, corporate and UK project procurement, HR Vetting, project teams, and individual staff members seeking guidance eg for overseas working
Liaise with relevant external stakeholders such as MOD CyDR
Annually revise and reissue Security Operating Procedures for our secure networks and core Secure Networks cloud systems
Support external security-related audits such as ISO27001 and by clients including MOD
Oversee authorisations of third parties who will handle information from our secure networks or connect in to them, including both initial approval and ongoing maintenance
Assess devices that require connection to our secure networks, for example point cloud scanners
Maintain a co-ordinated programme for all security assurance activities to ensure they are delivered in a timely manner
Arrange, report to, and provide advice and recommendations to Secure Networks Governance Committee meetings
Report into the Office of the Chief Information Security Officer to provide confidence to them that our UK Secure Networks have adequate security assurance
Carry out security assurance for key elements of the Secure Networks supply chain (hardware, software, services)
Create and maintain infrastructure required to move the Security Assurance function from being an individual contact to a comprehensive standalone function, for example a group mailbox, a Team, communications methods, and site(s) for publication of Security Assurance policies, trackers, etc.
Required Skills & Qualifications
A 'completer finisher', with an eye for detail.
Demonstrable experience of working in cyber security in a UK MOD-related environment
Strong familiarity with UK MOD security standards such as Def Stan 05-138 versions 3 and 4, the Cyber Security Model, Secure By Design, Industry Security Notices
Strong familiarity with UK Government security standards such as 007/SPF, NCSC Cloud Security Principles, NCSC Principles for Using Software as a Service (SaaS) securely, Cyber Essentials, and the CHECK penetration testing scheme
Broad familiarity with UK Government physical and personnel security such as NPSA and UKSV
Risk assessment using recognised standards such as IS1 and NIST SP800-30
Able to express yourself effectively, with a high degree of clarity, in English, especially when justifying and explaining required security measures
Able to liaise effectively with a wide range of stakeholders, from senior leaders to technical IT staff
Able to prioritise and manage your time to achieve multiple different tasks
(Desirable) Familiarity with broader international security standards such as ISO27001, CMMC, and the NIST Cyber Security Framework (especially SP800-30 and SP800-53)
(Desirable) Familiarity with UK nuclear regulations such as the ONR SyAPs
(Desirable) Familiarity with the AtkinsRéalis corporate security standards and approaches
Competent with Microsoft Word, Excel and PowerPoint
Join a dynamic team supporting vital national security projects. Apply now to be part of a forward-thinking organisation committed to safeguarding critical infrastructure.