Security Assurance Consultant

Job Specification

We are looking for a Security Assurance Coordinator to join as a member of the Project Assurance team within the Intelligence Solutions BU of the Leonardo UK Cyber division on a short term basis. This role will be based in central London with travel.

You will be responsible for taking the lead in providing rigorous assessment and validation of the information assurance competences of a solutions design and deployment. It is essential that you have a sound technical understanding of electronic security measures and how any cryptographic security measures may be implemented into the solution. You must also have a good practical experience of cyber security, security operations, configuration management and must be aware of the principles of risk management.

You will receive direction from the Accreditor, the Information Risk Owner (IRO), the Defence Crypto-security Authority (DCA), the Project Board, and the Project Manager.

This role requires you to take ownership of any unresolved security matters and co-ordinate the resolution with the relevant stakeholders, accreditation bodies and Security Working Group (SWG).

It would be great if you had previous expertise of working in the information assurance and cyber security arena in both government and industry.

Responsibilities

Have a good knowledge of the relevant HMG, CESG and MOD (mainly JSP) policy and guidance.

• Ensure appropriate action is taken to enable accreditation.
• Provide advice on security policy and technical solutions.
• Ensure that National and MoD Cryptosecurity and security policy is being correctly applied.
• Monitor security considerations that are being incorporated and report on them to the SWG.
• Establish the Terms of Reference for the SWG.
• Organise the Project SWG meetings around a status list of requirements for each accreditation or re-accreditation covering COMSEC, COMPUSEC, TEMPEST, Key management and P3 (Physical, Procedural & Personnel) measures for each project or phase.
• Highlight and report unresolved security difficulties to the SWG.
• Inform the Project Board, through the Project Manager, of the SWG decisions.
• Ensure that the configuration management procedures meet the criteria for the required level of assurance and that Cryptonet Controlling functions are in place where necessary.
• Liaise with the National Security Authorities advisors, the Defence Cryptosecurity Authority and TLB Principal Security Advisors (PSyA) and advise the SWG as appropriate.
• Ensure that the security deliverables are available as and when required by the project plan.
• Responsible for the production of all security deliverables (e.g. security documentation) and ensure that they are fit for purpose (to the satisfaction of the Accreditor).
• Staff and coordinate the input to Sy Ops and any P3 measures required.
• Arrange with Accreditor for the issue of Interim and/or full accreditation certificates as required by stages of the project.
• Co-ordinates the Project Cryptographic Plan.
• Ensure that all Project security related risks, as identified by the Accreditor and/or SWG, are promptly listed on the Projects Risk Register and reviewed at each SWG meeting.
• Ensure that a Project Information Risk Owner has been identified.

Skills

CESG Certified Professional (CCP) or equivalent CESG Listed Advisor (CLAS)

Fundamental understanding of HMG Security Policy Framework, MoD JSP440 and ISO 27001 accreditation with the capability to create and maintain supporting documentation in relation to a Risk Management Accredited Document Set (RMADS)#

Production and review of IS1&IS2 Risk Management and Accreditation Document Sets (RMADS) within a UK MoD (JSP 440) environment

DSAS in an IA and IT Security role and able to clearly demonstrate recent experience of working within an Information Security and Information Assurance environment

Defence/MoD experience (Highly desirable)

Matchtech acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers and is part of Gattaca Plc.

Gattaca Plc provides support services to Matchtech and may assist with processing your application.