MAIN OBJECTIVE OF JOB:
* Deliver assurance services to the business, EITS, IM&T Sector, Group Function and covering CPE (Customer Premises Equipment).* Identification of risk and appropriate mitigation requirements, development & analysis of secure solutions (covering technical / physical / procedural / personnel controls) and assessment of compliance with internal and external standards and regulations.* Deliver documentation to demonstrate compliance to internal and external stakeholders.* Assessment and provision of control effectiveness in managing information security risk* Provide security architecture / technical input into the development of secure solutions* Support development of strategy and continual service improvement for the assurance function * Act as a subject matter expert regarding assurance activities for the wider organisation
PRINCIPAL ACCOUNTABILITIES:Work within a team of IT Security specialists to:
1. Delivery of IT Security assurance activities to ensure 'secure by design' and 'effective in operation' for systems and services in scope:* IT Security risk assessment of systems and services.* Assess Architectural designs and identify proportionate IT Security controls aligned with business objectives.* Assessment of systems, services and IT Security controls, to provide an independent analysis of compliance with BAE Systems Security Policy, standards and external regulatory requirements. Lead Assessment of IT Security controls to ascertain effectiveness in reducing risk, including any vulnerability components. * Analysis, creation and compilation of relevant documentation determining the compliance level of systems and services, technical security controls with applicable certification, accreditation, and internal policy requirements.
2. IT Security Control Monitoring and Reporting: * Delivery of control monitoring and reporting to provide visibility of critical controls and their status and effectiveness in managing the information security risk.
3. Stakeholder engagement* Engage with stakeholders to promote a mind-set of developing secure systems and transfer knowledge of security standards and processes.* Development, delivery & maintenance of Business reporting and assurance documentation* Support stakeholders in resolving IT Security issues and act as a subject matter expert regarding assurance activities for the wider organisation
BUSINESS EXPERTISE (company/industry knowledge):
* Minimum of 5 years of IT Security assurance experience, dealing with security risk, requirements, technologies and architectures.* In-depth knowledge of industry standard security policy, standards and good practice guidance and their application to a variety of IT solutions processing protectively marked information.* In-depth knowledge of threats, risks, vulnerabilities and risk mitigations strategies and techniques* Broad experience in risk management and the application of risk management methodologies.* Extensive experience of Accreditation and producing RMADS.* Wide ranging knowledge of application, infrastructure and security technologies and in-depth knowledge of implementing them in a secure configuration within CPE * Experience of working in a project environment and awareness of system development lifecycle methodologies. FUNCTIONAL KNOWLEDGE REQUIRED (qualifications/experience):
* Educated to degree level (or equivalent) preferably in a related discipline (ICT/Computing, Information assurance, risk management, vulnerability/threat assessment).* CISSP/CISM and/or CCP- Desirable in one or more certifications Strong communication skills with the ability to communicate complex subjects to a variety of audiences, pulling out key issues and decision points.* Proven knowledge and experience of working within architecture frameworks, ideally SABSA and TOGAF* Knowledge of information security standards, such as HMG, ISO 27001/18, NIST 800 etc.* Excellent negotiation and interpersonal skills for managing relationships with stakeholders and direct reports, and facilitating discussions with different stakeholder groups to address conflicting requirements and priorities.* Capable of a very high standard of written communication including experience of writing complex reports and giving formal presentations to senior business peers.* Ability to work autonomously and manage workload and priorities based on demand from multiple projects. * Demonstrable experience of company behaviours such as; strategic vision, integrity, adaptability and collaboration.
SPECIALIST SKILLS REQUIRED:
* Solid understanding of Cyber Defensive capabilities, techniques, tactics and procedures* Solid understanding of cyber security Infrastructure technologies, their implementation and configuration* Technical experience in at least one IT discipline (Networks, Active Directory, Applications, Cloud)* Previous experience of developing strategic secure solutions & architectures in a complex, multi-site, federated and decentralised organisation* Strong awareness of and interest in trends in IT usage and IT technology* Ability to conduct risk assessments and develop security deliverables in-line with Information Assurance Frameworks* Ability to manage, analyse and present large quantities of data* Ability to work with multiple teams and groups of stakeholders * Possess soft skills such as multi-tasking, self-starter, prioritization, time management, decision making, project management, presentation, problem solver and strong interpersonal skills
CONTRACT INSIDE IR35