Loading media...

Security Assurance Coordinator - Systems

Hurn

Job description

Role Purpose

The Security Assurance Coordinator reports to the Head of Security / Business Information Security Officer (BISO) administratively and functionally, for line management, leadership, direction and guidance. The role is responsible for management of System Security Accreditations, particularly maintenance of accreditation information and system status in the MOD DART tool, for guiding and maintaining compliance with all regulatory and contractual system security requirements, for providing or contributing to Technical Information Security planning, and for providing astute technical Information Assurance input to a range of other IA and project tasks. The incumbent is responsible for maintaining and improving all aspects of system security capability and compliance while also delivering continuous system and service accreditation.

Key Responsibilities

  • The Security Assurance Coordinator (SAC) role will, on behalf of and/or in conjunction with the BISO:
  • Maintain System Registrations on the DART tool / input new systems for accreditation using DART.
  • Maintain Risk Balance Cases (RBCs) and expiry dates in DART.
  • Maintain currency of RMADS and SyOPs; maintain evidence of user acceptance/compliance with SyOPs.
  • Engage with Accreditors for system-specific issues.
  • Provide essential System Security accreditation progress reports and other Information Security reporting to the SWG and other forums.
  • Contribute to System Security Design.
  • Provide reviews of System Security Requirements within QPulse (or other systems / tools) and advise Project Boards and Development Teams.
  • Maintain or contribute to project and system security risk registers, managing issues affecting the delivery and operation of secure CIS and Mission Systems.
  • Provide interpretation and guidance on MOD and HMG System and Information Security requirements.
  • Advise on compliance with ISO 27001 and DefStan 05-138 controls.
  • Administer and maintain DefStan 05-138 compliance; ISO 27001 compliance and Cyber Essentials / Cyber Essentials Plus compliance.
  • Investigate, seek and maintain certification against other Cyber and Information Assurance standards, including Civil Aviation security standards and frameworks and other Government, International and commercial standards.
  • Plan security activities for new system developments.
  • Review and advise on security within the Supply Chain.
  • Investigate and report on company information security issues and events.
  • Plan and support response to Information and System Security incidents.
  • Conduct or support exercises of Business Continuity and Disaster Recovery measures and contingency planning.
  • Track Cyber and Information Security Threats and assess impact to company systems.
  • Assess emerging Information System and software Vulnerabilities; advise on software patching and update requirements.
  • Support routine System Security Officer tasking and activities.

Special Conditions

  • Provide support for ad-hoc/out of hours work during urgent/unforeseen business requirements;
  • Conduct any other reasonable duties, which may requested that fall within the scope/capability of the incumbent;
  • Undertake domestic/International travel as required.

Experience

  • HMG Information Security Standards and technical knowledge;
  • HMG / MOD Accreditation policy and practices; experience with DART;
  • Experience designing infrastructure, system and software security controls;
  • Understanding of HMG Security Policy Framework;
  • Experience developing RMADs and SyOPs;
  • Experience of managing risk at programme and project level;
  • Experience at applying different risk models;
  • Participation in Security Working Groups;
  • Proven management of compliance with standards and frameworks;
  • Strong verbal and written communication skills;
  • Ability to engage and influence internal and external stakeholders;
  • Experience specifying ITHC activities and requirements;
  • Qualified as CCP, CISSP, CISM or equivalent;
  • Preferable: Professional membership of BCS or similar.

Skills

  • Good communication skills, both written and oral;
  • Process mindset, able to easily follow and understand complex processes;
  • High attention to detail and excellent analytical skills;
  • Ability to communicate effectively at all levels within the organisation;
  • Self-starter with strong sense of responsibility;
  • Flexibility to adapt to an ever evolving and dynamic work environment;
  • Ability to communicate complex technical and security topics effectively;
  • Stakeholder management and leadership;
  • Negotiation/influencing skills;
  • Possess and maintain high levels of integrity and work ethic.

Education / Qualifications

  • CISSP, CISM, COMP TIA or equivalent
  • ISO27001 Lead Implementer / Lead Auditor
  • NCSC CCP (or CLAS), SANS certifications (or equivalent) an advantage
  • Information Security Diploma or Degree (or equivalent) an advantage

Key Measures

  • Objectives set during annual Personal Development Review (PDR)
  • Effective management of the compendium of DART Targets of Accreditation (TOA)
  • Effective maintenance of compliance with Cyber and Information security standards / frameworks
  • Effective support to Cyber and Information Security event and incident management, and Operational Security activities.

Job type
Permanent
Posted
2022-05-20T00:00:00