Job Title: Project Security Lead
Location: Corsham
Duration: Until 31/03/2026 with possible extension
Rate: Up to £600 per day via an approved umbrella company
Overview
The Project Security Lead (PSyL) is responsible for establishing and maintaining security activities, including implementing continuous assurance approaches for the system, in alignment with Secure by Design (SbD) guidance as part of the programme's ongoing cyber risk management strategy. Reporting to the Programme Chief Information Security Officer (CISO), the PSyL ensures that the mandated requirements outlined in JSP 440 Lft 5C are applied throughout the capability lifecycle. By embedding security from the outset and proactively addressing potential risks, the PSyL ensures that all information security risks are identified, scored, recorded, and managed.
Responsibilities
* Risk Management
o Provide subject matter expertise, advice and guidance on security activities relating to the continual risk management of the system(s).
o Establish and maintain a continuous approach to risk management, within the designated risk appetite, across the system(s) linking into Programme and Organisation policy for the duration of the systems' lifecycle.
o Identify and communicate current and emerging security threats and respond to in line with reporting requirements.
* Governance and Compliance
o Provide advice, guidance, and approval for all security controls on the system, including assessment for all architectural and design changes, as well as continuously monitoring their effectiveness.
o Create, develop, and maintain security artefacts for the system that align with the clients cyber assurance processes and manage all associated JSP 440 and JSP 453 related compliance and standard requirements.
o Responsible for all aspects of physical, procedural and personnel security related to the development systems operation and the identification, assessment, and continual monitoring of appropriate security controls.
o Represent the project at the Project Security Working Group (monthly) and CISO standups (weekly).
o Provide solutions that balance business requirements with information and cyber security requirements.
* Stakeholder Engagement
o Managing relationships with key stakeholder groups including Project Teams within Projects and other project assurance teams.
o Effective communication skills across diverse audiences including the ability to translate Cyber Risks to business impacts for non-SMEs.
* Continuous Assurance
o Ensure all continuous assurance reporting requirements for Secure by Design are completed in line with programme reporting and auditing standards.
o Manage all system assurance activity including CHECK IT health checks, SbD 2nd Line Assurance and the Cyber Compliance Framework Audits and the associated remediation activities.
* Deliverables
o The key deliverable for the Project Security Lead (PSyL) is the overall implementation and continuous monitoring of cyber security controls, managed within a Cyber Security Framework to mitigate identified risks within the project. The PSyL ensures that security, including cyber security of suppliers, is addressed through governance and project processes to maintain Defence standards and address security issues. Documents will vary depending on the system and identified risks. An indicative list is provided below:
* Risk Assessment and Management Plan.
* Cyber Risk Assessment.
* Security Management Plan (SMP).
* Security Aspects Letter (SAL).
* Digital Obsolescence Plan.
* System Patching and Update Plan.
* Data Protection Impact Assessment.
* Vulnerability Management Plan.
* Incident Response Plan.
* Cyber Assurance Activity Tracker (CAAT) completion or DART(S) until CAAT(S) is released to service.
* Approval of Code of Connection.
* Completion of certification of conformity for all external bearers.
* Produce briefs, attend meetings, and deliver additional documents as required.
Post deliverables are managed on a Sprint basis and will be agreed in Sprint and Programme Increment (PI) Planning. All agreed Sprint tasks will be completed by the end of the Sprint.
If this is the role for you please submit your CV at your earliest convenience
#J-18808-Ljbffr