The Head of Security Assurance is responsible for leading the Security Assurance Department, primarily composed of Security Assurance coordinators. This role involves coordinating all security assurance activities to ensure that SecureCloud+ services and supporting internal IT meet the highest security standards and customer requirements. The position supports the delivery of innovative, accreditable, cost-efficient, and profitable solutions to comply with HMG’s security classification system and leads the transformation of service delivery to align with the MOD’s secure by design methodology.
The role encompasses two key areas: Information Assurance and Information Security. It involves implementing measures to protect and safeguard the company's critical information and systems, ensuring integrity, availability, authentication, confidentiality, and non-repudiation, as well as preventing illegitimate access, usage, revelation, alteration, disruption, and destruction of information.
Role Responsibilities
1. Lead and manage all members of the Security Assurance department.
2. Mentor junior team members.
3. Promote a strong security culture within the company.
4. Coordinate security accreditation and assurance processes for new and existing services.
5. Support the completion of IT Health Checks (ITHC).
6. Coordinate assurance activities with MOD and other authorities.
7. Support development and maintenance of the Information Security Management System (ISMS), including Risk Management and RMADS.
8. Assess risks to information security and work with the Senior Information Security Manager to implement policies and procedures.
9. Plan and maintain compliance activities across various security requirements.
10. Support monitoring of Information Assurance.
11. Coordinate and implement protective security activities, including physical security.
12. Manage information governance, including annual assessments and risk management.
13. Handle security-related investigations, reporting, and follow-up actions.
14. Support security awareness, education, and training programs.
15. Coordinate with suppliers, consultants, and service providers.
16. Represent the security team in project workgroups and boards.
17. Lead ongoing audits to ensure compliance and continuous improvement.
18. Assist the CISO in periodic policy and procedure reviews.
19. Oversee follow-up actions to security issues.
Education and Experience Requirements
Candidates should have:
* Bachelor's degree in computer science, information security, or a related field; Master’s degree or relevant certifications (e.g., CISSP, CISM, CISA) are highly desirable.
* Proven experience in security assurance roles within the UK Ministry of Defence or Defence Industry, with at least 5 years as a security assurance coordinator.
* Understanding of MOD Secure by Design policies and processes.
* Deep technical knowledge of security technologies such as firewalls, IDS/IPS, endpoint protection, encryption, IAM, and SIEM systems.
* Strong understanding of security frameworks and standards, including ISO 27001, NIST, GDPR, and NCSC Cyber Essentials Plus, with experience in compliance management.
* Excellent leadership and communication skills, capable of conveying security concepts to diverse audiences and building consensus.
* Analytical skills and problem-solving abilities to evaluate security issues and mitigate risks.
* Ability to work collaboratively across functions, fostering a security-aware culture.
SecureCloud+ is an equal opportunities employer and does not discriminate based on age, sex, color, religion, race, disability, or sexual orientation. Hiring decisions are based on experience and qualifications. #J-18808-Ljbffr