Description
Cyber Security Lead (Hands on - SC cleared)
Newport
Inside IR35
Must hold SC clearance
12 month contract
1.Supporting the development of business-focused security solutions for digital products and business operations that cover data collection, storage and processing, deployed both internally and externally;
2.Identifying security threat and risk to the Organisation's digital products and business operations being developed through Agile methodologies and Supplier processes;
3.Lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation;
4.Independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures;
5.Liaising with the Organisation's business, technology and security colleagues to ensure various business needs are understood and applied, including providing general security architecture, guidance and advice to the stakeholders;
6.Advising on opportunities for using secure and open source products and any implications of such an approach;
7.Ensure that security policies and security controls remain appropriate and proportionate to the assessed risks, and are responsive and adaptable to the changing threat environment, business requirements.
8.Provide tailored advice to a range of stakeholders on how to Remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise;
9.Provide expert security advice that highlights Cyber Security related risks, so risk or service owners can make well-informed and auditable decisions.
Essential Skills
*Knowledge of application, infrastructure and networking security controls and systems covering physical, procedural and technical (ICT) areas, particularly in relation to data management.
*Experienced in providing detailed security advice and technical security solutions in a UK Government Department.
*Knowledge of UK Government Security Policy Framework, Information Assurance Standards, eg ISO 27001, DPA.
*Working towards relevant professional qualifications and memberships eg Senior Practitioner level within the CESG Certified Professional scheme (CCP), SFIA Level 4-6, Institute of Information Security Professionals (IISP), British Computer Society (BCS).
*Working towards appropriate Cloud Security industry recognised qualifications eg Certified Cloud Security Professional (CCSP), CSA Certificate of cloud security knowledge (CCSK).
*Track record in working as part of a multi divisional team covering a multi-discipline environment.
*HMG Vetting at Security Clearance (SC) and if appropriate Devolved Vetting (DV) level will be required once in role.
Certes Computing (and all of its subsidiary companies) is committed to promoting equality and diversity in its business operations.