Description
My client is looking for a qualified NCSC Cyber Certified Practitioner (CCP) at SIRA level. This is an autonomous risk role to support their project with understanding the technology risks and propose mitigations to assist in establishing and maintaining an enduring cyber security and information assurance posture.
In order to be successful you will need to be able to demonstrate significant experience in applying Cyber Security standards, along with experience in applying technical information technology and information assurance controls to business information models in a regulated environment.
The role's main function is to conduct formal risk assessments on the projects IT environment that supports their business needs whilst satisfying ONR/ICO Regulatory requirements. The role's secondary function is to assist in developing the secure by design approach for the delivery of programmes and projects. The output will include (but is not limited to) the production of formal risk assessments, including but not limited to HMG IS1, IRAM 2 or other ISO27005 assessments as agreed.
The successful candidate will need to be able to demonstrate the following skills and experience:
- A good understanding of Cyber Security threats and explotation.
- Knowledge of Civil Nuclear Information security requirements and NCSC good practice.
- A good understanding of ICT (both IT and OT) architecture.
- A good understanding of NCSC architectural approach.
- Ability to interpret business requirements and technical ICT documents into Cyber Security requirements.
- Good understanding and knowledge of ICT systems (software, hardware and networks) and applications both Legacy and current.
- Good communication skills across all levels of the business and able to talk to non-specialists, specialists and senior stakeholders.
This role is likely to be outside IR35 but the final decision will only be made after a Qdos assessment.