Information Assurance Technical Security Specialist
In fast‑changing markets, customers worldwide rely on Thales. We bring brilliant minds together to design innovative solutions in aerospace, transportation, defence, security and space, making tomorrow’s possibilities a reality. At Thales UK we research, develop and supply technology that improves lives while keeping people safe. We value flexibility, offering part‑time hours, job sharing, home working and flexible start and finish times to help you balance work and life.
Thales is looking to hire an Information Assurance/Technical Security Specialist to provide technical security advice and guidance on the efficient and effective secure through‑life management of systems that handle Thales information or data.
Location & Employment
Location: Crawley / Doncaster (other Thales sites considered). Employment: part‑time. Seniority: mid‑senior level.
What We Offer
* Performance‑Related Bonus
* Half‑day every Friday, usually finishing around 13:00 pm
* Hybrid working
* Pension scheme
* 28 days annual leave (plus bank holidays)
* Life cover
* 24/7 Employee Assistance Program and access to mental wellbeing app
* Employee discount shopping schemes on major brands and retailers
* Gym membership discounts
Deliverables
* Support Thales UK in ensuring all IS/IT technical security measures are implemented, enhanced and developed where necessary, to deliver successful and timely security assurance via through‑life assurance and compliance programmes.
* Provide a central PoC for all IS/IT technical security matters and concerns, supporting delivery teams and businesses throughout project lifecycles.
* Conduct security reviews of internal and external platform‑related changes, ensuring risks, impacts and mitigations are managed appropriately.
* Provide security guidance around secure deployment and usage of public cloud infrastructure (e.g., Azure) and SaaS services in compliance with government security guidelines.
* Ensure Thales on‑premises and cloud environments comply with governmental policies such as Cyber Essentials, DefStan 05‑138, UK GDPR, NCSC guidelines and other regulatory frameworks.
* Create, maintain and review all IS/IT technical security documentation, policy and procedures for Thales IS/IT networks, systems and applications, following customer and group policy.
* Report, investigate and analyse security incidents and potential breaches within classified environments, working with the incident management team to resolve issues quickly.
* Engage stakeholders in security requirements, epics and stories, providing guidance to squads to embed data protection and security in new and existing IS/IT activities.
* Work collaboratively to ensure proposed solutions provide the required level of security assurance in line with data processing requirements and Thales and customer risk appetites.
* Coordinate formal technical risk and compliance assessments, recommending remedial action where required.
* Provide assurance for Code of Connections (CoCos), cryptographic products, key material and required documentation.
* Engage in continuous learning and development for yourself and other Thales UK staff.
Required Qualifications
* Demonstrable experience applying security principles within an agile delivery framework.
* Subject‑matter expertise in the evaluation and implementation of technical security products for public or private sector organisations.
* Experience identifying, assessing and managing technical security risks, developing mitigation strategies and tracking residual risk.
* Experience managing assurance and compliance activities in accordance with ISO 27001, Def‑Stan 05‑138, NIST SP 800‑*, or NIST CSF.
* Experience developing security assurance frameworks and governance models.
* Experience conducting formal risk assessments and producing security reporting artefacts for on‑premises and cloud environments.
* Expertise with MS Office 365 and Azure cloud for public or private sector organisations.
* Effective communication of highly technical security concepts to all levels of staff.
* Ability to interpret system design documentation, identify risks and recommend mitigations appropriate to risk levels.
* Ability to translate security standards into solution‑specific requirements and assess solutions against those standards.
* Experience providing technical security advice to business areas and contributing to security risk registers.
* Understanding of security across the full stack of information systems (network, infrastructure, applications), both on‑premises and cloud‑hosted (MS Azure, Oracle, AWS).
* Knowledge of MOD/UK Government security governance frameworks (e.g., Def Stan 05‑138, DEFCON, NCSC cloud security principles).
* Minimum of MSc (InfoSec) / CISSP / CISM or equivalent certification.
Desirable
* Understanding of Azure Stack security products.
* Current cloud security qualification (CCSK, CCSP).
* Understanding of Office 365 Stack security risks, threats and countermeasures.
* Knowledge of emerging security technologies.
* Relevant certifications: AZ‑500, CCSP, CISSP, SABSA.
Security Clearance
Requires SC clearance. Candidates must currently hold or be able to obtain SC clearance and meet UK residence requirements (typically a minimum of five years of residence in the UK). Additional evidence for baseline and security clearance will be requested during the recruitment process.
#J-18808-Ljbffr