Security Assurance Manager

Security Assurance Manager

London - Hybrid

12-18 months

£600 - £750 per day inside IR35 - umbrella only

Active SC clearance required

Responsibilities

Oversee and guide a team of consultants from the UK business who are fulfilling our cloud security assurance process for non-core cloud systems

Maintain and implement our overall Secure Networks Security Assurance framework, including creation of protocols and processes as required.

Maintain our secure network approvals including risk assessments, security arguments, and compliance statements against the DCPP Cyber Security Model (plus against other standards and control sets as required)

Carry out and maintain security assessments for core Secure Networks cloud systems such as Microsoft 365

Oversee Secure Networks elements of broader company certification to the Defence Cyber Certification

Carry out compliance audits to ensure that the Secure Networks Team, local security contacts, and project teams are carrying out required assurance activities, both in our secure networks and for cloud systems

Stay up to date with MOD and other regulatory guidance, and relevant commercial standards such as Microsoft 365 guidance, and incorporate the results into our Secure Networks security assurance approaches

Provide security assurance guidance to the Secure Networks Team to review and influence the design and operation of our secure networks

Periodically update the risk assessments for our secure networks, communicate implications to relevant stakeholders, and track progress against action items

Stay up to date with the threat landscape affecting our secure networks, using a range of sources such as the corporate Threat Intelligence team

Track progress made by a range of parties against security action plans

Collaborate with, learn from and advise relevant internal stakeholders such as Global Security, Security Points of Contact, the Secure Networks Team, the UK business security managers, Security Controllers, corporate and UK project procurement, HR Vetting, project teams, and individual staff members seeking guidance e.g. for overseas working

Liaise with relevant external stakeholders such as MOD CyDR

Annually revise and reissue Security Operating Procedures for our secure networks and core Secure Networks cloud systems

Support external security-related audits such as ISO27001 and by clients including MOD

Oversee authorisations of third parties who will handle information from our secure networks or connect in to them, including both initial approval and ongoing maintenance

Assess devices that require connection to our secure networks, for example point cloud scanners

Maintain a co-ordinated programme for all security assurance activities to ensure they are delivered in a timely manner

Arrange, report to, and provide advice and recommendations to Secure Networks Governance Committee meetings

Report into the Office of the Chief Information Security Officer to provide confidence to them that our UK Secure Networks have adequate security assurance

Carry out security assurance for key elements of the Secure Networks supply chain (hardware, software, services)

Create and maintain infrastructure required to move the Security Assurance function from being an individual contact to a comprehensive standalone function, for example a group mailbox, a Team, communications methods, and site(s) for publication of Security Assurance policies, trackers, etc.Required Skills & Qualifications

A 'completer finisher', with an eye for detail.

Demonstrable experience of working in cyber security in a UK MOD-related environment

Strong familiarity with UK MOD security standards such as Def Stan 05-138 versions 3 and 4, the Cyber Security Model, Secure By Design, Industry Security Notices

Strong familiarity with UK Government security standards such as 007/SPF, NCSC Cloud Security Principles, NCSC Principles for Using Software as a Service (SaaS) securely, Cyber Essentials, and the CHECK penetration testing scheme

Broad familiarity with UK Government physical and personnel security such as NPSA and UKSV

Risk assessment using recognised standards such as IS1 and NIST SP800-30

Able to express yourself effectively, with a high degree of clarity, in English, especially when justifying and explaining required security measures

Able to liaise effectively with a wide range of stakeholders, from senior leaders to technical IT staff

Able to prioritise and manage your time to achieve multiple different tasks

(Desirable) Familiarity with broader international security standards such as ISO27001, CMMC, and the NIST Cyber Security Framework (especially SP800-30 and SP800-53)

(Desirable) Familiarity with UK nuclear regulations such as the ONR SyAPs

(Desirable) Familiarity with the AtkinsRéalis corporate security standards and approaches

Competent with Microsoft Word, Excel and PowerPoint

Join a dynamic team supporting vital national security projects. Apply now to be part of a forward-thinking organisation committed to safeguarding critical infrastructure