Information Assurance Technical Security Specialist
Join to apply for the Information Assurance Technical Security Specialist role at Portal Londrinatur.
In fast changing markets, customers worldwide rely on Thales. Thales is a business where brilliant people from all over the world come together to share ideas and inspire each other. In aerospace, transportation, defence, security and space, our architects design innovative solutions that make our tomorrow's possible. Together we offer fantastic opportunities for committed employees to learn and develop their career with us. At Thales UK, we research, develop, and supply technology and services that impact the lives of millions of people each day to make life better, and keep us safer.
THALES is looking to hire an Information Assurance/Technical Security Specialist to provide technical security advice and guidance on the efficient and effective secure through-life management of systems related to the use, processing, storage, and transmission of Thales information or data. This includes but is not limited to the technical oversight of the physical, technical, and administrative security controls to conduct these tasks. Reporting to the Thales UK Deputy CISO, the role involves identification of applicable technical security requirements and associated cost‑effective security controls, as well as through‑life continual security assurance of Thales IS environments throughout design, implementation, transition into service, and operational lifespans.
Location: Crawley / Doncaster (other Thales locations considered).
What can we offer you?
* Competitive salary and benefits package, including performance‑related bonus
* Half day every Friday, finishing around 13:00
* Hybrid working
* Pension scheme
* 28 days annual leave plus bank holidays
* Life cover
* 24/7 employee assistance program and access to mental wellbeing app
* Employee discount shopping schemes on major brands and retailers
* Gym membership discounts
What will you deliver?
* Support Thales UK in ensuring all IS/IT technical security measures are implemented, enhanced, and developed where necessary, to ensure successful and timely security assurance via ongoing through‑life continual assurance and compliance programmes.
* Provide a central PoC for all IS/IT technical security matters and concerns, supporting delivery teams and businesses throughout project lifecycles.
* Conduct security reviews of internal/ external connected platform related changes ensuring security risks, impacts and mitigations are managed appropriately.
* Provide security guidance around secure deployment and usage of Thales adopted public cloud infrastructure and/or SaaS services, compliant with government security guidelines, Thales policy and industry accepted good practices.
* Ensure on‑premises and cloud environments comply with government policies such as Cyber Essentials, DefStan 05‑138, UK GDPR, NCSC guidelines and other applicable frameworks.
* Maintain and review all IS/IT technical security documentation, policies and procedures associated with Thales IS/IT networks, systems and applications.
* Report, investigate and analyse security incidents and potential breaches within classified environments.
* Develop security requirements and guidance for squads to include data protection and security in scope of new and existing projects.
* Collaborate with other team members to deliver solutions that provide required level of security assurance in line with data processing requirements and risk appetites.
* Develop and coordinate formal technical risk and compliance assessments, recommending remedial action where required.
* Provide assurance for all Code of Connections (CoCos), cryptographic products, key material and documentation.
* Engage in continuous learning and development and support less experienced staff.
Who are we looking for?
* Demonstrable experience of applying security principles within an agile delivery framework.
* Subject matter expert in evaluation and implementation of technical security products and solutions for public or private sector organisations.
* Experience in identification, assessment and management of technical security risks and residual risk tracking.
* Experience managing assurance or compliance activities associated with a defined security standard (ISO 27001, Def‑Stan 05‑138, NIST SP 800‑*, NIST CSF).
* Experience developing security assurance frameworks and governance models.
* Experience performing formal risk assessments and producing security reporting artefacts in on‑premises and cloud environments.
* Expertise evaluating and implementing technical security products for MS Office 365, Azure and public or private sector organisations.
* Excellent communication of highly technical security concepts to management, clients and staff at all levels.
* Interpret detailed system design documentation to identify potential security risks and recommend mitigations at appropriate risk levels.
* Interpret security standards and derive solution‑specific requirements; assess solutions against these standards for compliance for new and existing systems.
* Provide technical security advice to business areas and contribute to risk registers.
* Understanding of security across the full stack of information systems (network, infrastructure, applications) on‑premises and cloud‑hosted (MS Azure, Oracle, AWS, PaaS, IaaS, SaaS).
* Ensure compliance with MOD/UK Government security governance frameworks.
* Ensure activities embody a compliant approach that maximises business value with appropriate security.
* In‑depth experience of technical security issues and remediation activities across a range of systems, platforms, and cloud‑hosted environments.
* Working knowledge of UK Government and MOD security standards (Def Stan 05‑138 v4, DEFCON, NCSC cloud security principles).
* Info.Security qualification: MSc (InfoSec)/CISSP/CISM or similar certifications.
Desirable
* Understanding of Azure Stack and related security products.
* Current Cloud Security qualification such as CCSK, CCSP.
* Understanding of Office 365 Stack, risks, threats and countermeasures.
* Understanding of current and emerging security technologies.
* Qualifications: AZ‑500, CCSP, CISSP, SABSA.
This role requires SC Clearance.
SC clearance is required. Existing holders are preferred, but if not held, the successful applicant will undergo, achieve and maintain SC clearance. For guidance on UKSV and baseline and security vetting, visit the UKSV website and the National Security Vetting (NSV) Agency.
Eligibility for full SC
To be eligible for full SC, generally need to have resided in the UK for the last 5 years. In some circumstances, a minimum of 3 years residence in the last 5 years may be accepted. For further details, refer to the Defence Business Services National Security Vetting (DBS NSV) Agency.
Thales UK inclusive recruitment
Thales UK is committed to providing an inclusive, barrier‑free recruitment process. Reasonable adjustments and support are available for neuro‑diverse applicants or those with long‑term conditions. If you need this job advert in an alternative format, contact Resourcing Ops. Great journeys start here, apply now.
#J-18808-Ljbffr