Reporting to the Commercial Director/Head of Compliance and working in close partnership with the Technical Team and Business Relationship Team.
The role holder must be an experienced security practitioner, have the ability to negotiate effectively and respond flexibly to the changing needs of the organization. Working in an existing secure environment, the successful candidate will play a key role in the coordination and administration of security matters across the Company.
As this role requires regular visits to customer sites, you must be comfortable travelling unaccompanied to locations within the UK.
The role is responsible for maintaining key Customer relationships with respect to security and CIO strategy along with understanding new and emerging threats with information security in both Cloud and on-premise environments. You will maintain contact with relevant authorities and interest groups to ensure all aspects of security compliance are adhered to and improved upon on an ongoing basis.
The candidate will be able to use their security knowledge to support the business development team to build emerging relationships with new clients both in the UK and overseas.
- Maintain knowledge and horizon scan current and future MoD and wider UK Government security requirements and provide advice to the wider Company.
- Assist with maintaining accreditation of systems in accordance with the security requirements of current and future Company contracts.
- Maintain the RMADS and security risk assessments for systems to support accreditation.
- Operate as the Company Security Controller.
- Maintain certification of the facility and infrastructure in support of the accreditations.
- Maintain relevant Codes of Connection (CoCo) and ensure continued approval for such connections.
- Maintain Protective Document Registers.
- Assist with security administration including security clearance paperwork and NSV.
- Review, update and generate company security operating procedures.
- Support compliance checking activities.
- Assist with the development and delivery of security training to the team and employees.
- Chair the company’s Security Working Group.
Essential Experience, Knowledge and Skills
- The ability to work effectively with a wide range of stakeholders using strong influencing and negotiating skills.
- Knowledge and experience of information security and assurance. This will include experience of ISO 27001 and the UK Government’s security requirements, including the Cyber Essentials scheme, JSP 440 and JSP 604.
- Security Cleared to a minimum of SC.
- Proficient in performing Business Impact Analysis and Risk Assessments as part of Cyber Security & Information Assurance Risk Management.
- Production of Risk Management Accreditation Document sets (RMADS).
- Performing Security Risk Assessments.
- IT background and understanding of potential IT and cyber threats to the organisation.
- Awareness of and input into secure IT architectures.
- Management of Company data assets.
- A track record of developing and maintaining security policies and procedures.
Desirable Experience, Knowledge and Skills
- Experience of working on defence-related projects or experience of working for the UK MoD.
- Security Architectures.
- Cyber Security Professional (CCP) certification, CISM, CRISC or CISSP.
- Understanding and assessment of new and evolving information security technologies for use in the UK Government context.
- Experience of obtaining system accreditation using the Defence Assurance Risk Tool.
- Experience of IT Health Checks (CHECK), providing scope of works, analysis of ITHC reports and remediation plans.
- Knowledge & Experience of NCSC Architectural Patterns and an in depth understanding of how NCSC work.
- Experience of Close working relationships with UK and Foreign Accreditation Authorities.