• Job ref:


  • Location:

    Wiltshire, England

  • Sector:


  • Job type:


  • Salary:

    £600 - £675 per day

  • Contact:

    Phil Johnson

  • Email:

  • Published:

    about 1 year ago

  • Duration:

    6 months +

  • Start date:

    September 2021

  • Consultant:



+ 6 month initial contract + expectation of extensions

+ Home based with travel to London and South West

+ £625 to £675 per day + travel expenses

+ Outside of IR35

+ DV Cleared position



To provide business driven advice on the management of security and information risk consistent with HMG IA policy, standards and guidance. The role of a Lead SIRA is to provide the Accreditor with sufficient information on which to base a decision to issue an Authority to Operate. The Lead SIRA is to provide security oversight and governance across the Programme and to direct SIRA resources, deliverables and outcomes across the Programme portfolio.

Role Profile

+ Identification of assets that require protection;

+ Identification of relevant threats to the assets;

+ Identification of exploitable vulnerabilities;

+ Assessing the level of threat posed by potential threat agents;

+ Producing an information security risk assessment;

+ Determining the business impact of a risk being realised;

+ Developing information risk management strategies to reduce the risk;

+ Including information risk management strategies in business risk processes;

+ Gaining management commitment to the support of the information risk elements of business risk management;


The principal deliverable from the SIRA is a Risk Paper, which describes the risks to a system and how these risks are mitigated. The Risk Paper must be completed to the satisfaction of the Accreditor.

For any system the SIRA is assigned to analyse:

+ Ensure they understand its business function and context

+ Ensure they understand the technical solution and how it meets the business requirement

+ With advice from the Accreditor, determine the principal threat sources and threat actors

+ Determine the principal attacks threat actors are likely to apply

+ Determine the impact and probability of the risks associated with the compromise of such attacks being successful

+ Identify technical, procedural and physical controls that will mitigate such risks

+ Determine if the risks are sufficiently mitigated, and if not, what additional controls are required

+ Describe technical risks in business language

+ Provide security advice and guidance to the programme

+ Ensure the system complies with Agency policies and standards

+ Analyse the results of any penetration test and determine the impact on risks associated with the system

The Lead SIRA will also:

  • Liaise with business, technical, project management staff, and operational staff, as appropriate

  • Liaise closely with the Accreditor

  • If requested, write supplementary documents such as SyOPs

  • Attend appropriate meetings


  • In depth knowledge of the HMG Accreditation and Compliance regime

  • Knowledge of ISO27001 and HMG Information Standards and Good Practice Guides

  • Good understanding of information management


+Experience working in an Information Security or Information Assurance team

+ Experience of managing projects and workload planning and reporting

+ Proven experience of supervision or first line management

+ Experienced in effective decision making

+ Experience of analysing information from a range of sources

Location of Work

Mainly remote working with some workshops/engagements required for attendance at premises located in Bristol and London.

Where resources are required to attend customer site, the appropriate risk assessments will be carried out in and around Covid 19 topics.