Security Information Assurance

Security Information Assurance

Active DV Clearance required
Contract: 3 Months + extension

Rate: £700-£760 per day inside Ir35
Remote working


Description:

The Security Information Assurance (IA) consultant will be required to design and enforce policies and procedures that protect customer's IT infrastructure from all forms of security breaches. The Security IA will be:

• Managing risks related to the information use, processing, storage, and transmission.
• Required to review risks relating to systems hosting information and associated processes within the scope of the Technology Change Portfolio. This will require consideration of many cyber, information and business risk considerations of enabling change.
• Focus on the correct information being made available to the right personnel, for the right reasons at the right time within the bounds of Agency policy, operating models and external compliance aspects (e.g., DPA, GDPR, and HMG SPF).
  Security IA profile
  

The Security will be responsible for the following:

• Conducting Risk assessments of systems/proposed changes to systems.
• Provision of information security input to designs and security reviews of designs.
• Development and updates to system risk management and accreditation documents for applications and underlying infrastructure.
• Information process authorship and implementation design in support of efficient business operations.
• Identification, formulation and assurance of the baseline standards and thresholds associated with information processes.
• Collaboration and facilitation of information focussed programme and business engagements to enable change
• Authorship of IA artefacts, inputs, policies, and briefings required to facilitate change.
• Reporting of any identified risk to Programme delivery and safe business operations as discovered by their IA engagements.
• Participating in project review meetings, security meetings, critical design reviews and other meetings with the client's accreditor and technical security team and others, project teams and third parties.
• Assisting the client in scoping penetration tests.
• Technology boards, stakeholders and meetings as defined by Programme leadership.
• Working closely with the client's internal Accreditation team.

Required qualifications & skills
To be successful in this role, the candidate will need to demonstrate:

• Experience of working at different Government Security Classifications (GSC) assuring that controls and mitigations are proportionate to the classification;
• Extensive experience of writing RMADS or equivalent risk documentation.
• CISSP, CISM or CCP qualified (preferred);
• Demonstrable experience of writing to a high standard suitable for deliverables to client management.
• Collaborative approach to working with other project resources including security, infrastructure, cloud & network architects, business analysts and project managers.
• Experience of identifying security risks within Government.
• Experience within law enforcement and/or Government agencies.
• Experience of working on multiple projects in parallel.
• Soft skills such as developing good relationships with client teams and communicating with non-technical staff.