Due to the nature of the projects involved, this role is open to SOLE UK NATIONALS only.
There are two types of roles that need to be filled within this campaign; Cyber Security Managers and Security Assurance Co-ordinators (SACS) Our Cyber Security Managers will:
- Set teams strategic direction towards achieving cyber security accreditation across the large and complex submarine programme, maintaining oversight and holding to account all suppliers across the Nuclear Enterprise
- Provide, leadership, representation and intervention as appropriate at Security Working Groups at all tiers of the programme, sometimes down to individual sub-tier suppliers in high-risk areas.
- Provide advice and support on cyber security (policy, implementation, risk management, technical testing etc.)
- This role involves engaging effectively with a large stakeholder base, including the capability customer; in-service community; intelligence community and UK Subject Matter Experts in IA/cyber and involvement in early activities to understand how to better integrate the cyber and safety domains within the programme.
- Provide expert advice and guidance in supporting the delivery of Business Continuity and Disaster Recovery planning.
- Lead the testing of relevant controls on the implementation of any system, platform or infrastructure to ensure alignment with security architecture and policy.
The SAC (Security Assurance Coordinator) monitors and reports to the Accreditor, Information Asset Owner (IAO) and Delivery Team on all security matters relating to a project. The primary tasks of the SAC are to:
- Ensure that security stakeholders roles required for the project have been identified, are aware of their responsibilities, and are suitably briefed;
- Coordinate, consider, witness, manage and report on all security requirements for a project, ensuring they are completed professionally, efficiently, to schedule, and that they are fit for purpose and compliant with relevant policy and legislation;
- Conduct Data Protection Impact Assessments;
- Ensure all appropriate actions are taken to achieve accreditation;
- Provide advice on security policy covering both policy that is already in place e.g., HMG SPF, Departmental Policy (JSP440), IEC/ISO 27001 controls and the creation of new security-related documents for the project, such as a Risk Management Accreditation Document Set (RMADS), relevant legislation (e.g. Data Protection Act, Freedom of Information Act), technical solutions, risk management and Information Assurance;
-Ensure all project cryptographic requirements are met;
- Monitor and report on project security requirements and issues as they arise;-
- Organise the project security meetings such as the Security Working Group and chair them on behalf of the Project Manager, if required;
- Be responsible for the production of all security deliverables (e.g., security documentation, testing witness reports) and ensuring they are fit for purpose and delivered on schedule; and,
- Create, update and manage the Security Risk Register and ensure it is reviewed at the security meetings.
To be found successful you must demonstrate the following essential criteria:
* The ability to evidence a substantial range of cyber and information security knowledge
* Experience, knowledge and/or qualifications in one or more of the following: Information risk management, information security (e.g. CISSP), cyber security of networks, interfacing, product security lifecycles, penetration testing
* Experience in RMADS
It would benefit your application should you be able to demonstrate the following desirable criteria:
* Experience in implementation of cost-effective and pragmatic security enforcing functions within systems or equipment and at system-of-systems design levels
* Experience in leading and managing cyber security on complex engineering programmes
* Experience and knowledge of cyber security in the defence environment, including knowledge of JSP440 and current defence policies and practices
* Experience of working on submarine projects, and an understanding of submarine systems
* Experience of leading / managing across a broad range of stakeholders and regulators
Matchtech acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers and is part of Gattaca Plc.
Gattaca Plc provides support services to Matchtech and may assist with processing your application.