Description
A Government Agency is requiring a Cyber Risk Assurance Consultant who holds current SC Clearance to join them on an initial 6 month contract.
Successful candidate must already hold VALID FULL SECURITY CLEARANCE. Role to be remote work to start with and then to be based in Croydon so must be willing to travel 5 days per week or live locally.
The Cyber Security Assurance Service (CSAS) is unique in that it is a stand-alone service that provides the bridge between technology delivery, business delivery and security assurance to ensure that the department can utilise current developments in technology but in a manner that addresses its wider risk requirements. A Cyber Risk Assurer helps to ensure that the department is handling its cyber risk appropriately, in accordance with risk appetite and in line with its defined GRA policies, processes and standards for cyber risk management. They exploit their technical knowledge and business expertise to ensure that cyber risks are understood in terms of their impact to the business and on the delivery its objectives. Working closely with the Cyber Controls Auditors also Embedded within the CSAS, they provide an effective, centralised assurance function for the department's business areas, programmes and projects.
Day to day responsibilities -
- Advise on cyber risk management decisions and remedial actions
- Advise and recommend where risks should not be tolerated and escalated, using your professional judgement and factoring in business area risk appetite
- Review, assess and assure cyber security documentation, including System Security Plans, Solution Security Documents etc.
- Produce security assurance documentation to support achievement of assurance by projects
- Undertake, commission and/or oversee assurance of cyber risk management activity across the department's business areas, including:
- adherence to CSAS-defined policy, processes and standards;
- alignment to departmental and business area risk appetite, business impact assessments and risks assessments
- review and guide any assurance undertaken by the business areas to ensure it is fit-for-purpose and consistent.
- Ensure that remediation actions resulting from activities such as assurance, testing etc. are tracked and monitored, holding action owners to account as necessary and operating in line with GRA process
- Provide input to the scoping of IT health checks and audits
- Advise on cyber risk management matters relating to the supply chain/MSPs.
- Support and advise projects to deliver secure solutions during the system life cycle, particularly at key development gates and following agreed triggers (eg in-service modifications)
- Contribute to the continuous improvement of CSAS-defined processes, policies and standards and advise on the ongoing compliance of these
Skills & Experience required -
- Experience in information risk management or in a business risk management role with significant exposure to the threat intelligence environment, desirably within government
- Experience of working in an assurance or approval within information assurance, information security or cyber security, desirably working with accreditors or auditors
- Knowledge of industry cyber risk management methodologies, control frameworks (eg NIST, ISO 27000, COBIT 5, Cyber Essentials, Cyber Defence Controls, Cloud Principles etc. and generally NCSC guidelines) and relevant legislation, preferably working with the NCSC
- Experience in supporting secure system development, ensuring cyber security is considered throughout the development life cycle, is desirable
- A current knowledge of the latest threats and vulnerabilities to data and systems that process data.
- Experience in complex stakeholder management and liaison
Rate paying up to £550 per day (inside IR35).
Networkers acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers and is part of Gattaca Plc.
Gattaca Plc provides support services to Networkers and may assist with processing your application.