Governance And Assurance Security Officer in Portsmouth

Primary Purpose: The Governance and Assurance Security Officer (GASyO) is the first point of contact for members within their Area Of Responsibility (AOR) regarding cyber and information management and security. They are responsible for providing their Commanding Officer / Head of Establishment with assurance of effective cyber and information security management while acting as the Unit Security Officer (USO) in the control of all aspects of security including counter-terrorist and counter-espionage measures at HMS EXCELLENT in peace and war.

Secondary Purposes:

• Deputise for Establishment Security Officer as required.
• Act as First / Second reporting officer for RN security team (OR 2-4).
• Manage ITSO output and personnel.
• Conduct the role of Information Manager.
• Hold the Security Section AinU and provide all stores for the Security Section to carry out duties.
• Member of the Families Day Committee for Security, including attendance on Families Day to act as part of ICP.
• Act as Secretary at the Monthly Security meetings.

On taking up the appointment of GASyO, the new incumbent's first action will be to conduct a 100% muster of all IT assets within their establishment and reconcile the assets against the Navy Command Asset Register (NCAR) or equivalent. Ensure registration of details with completion of mandatory training as defined.

Duties of the Governance and Assurance Security Officer (GASyO):

• The maintenance of procedures for the physical security of HMS EXCELLENT.
• Develop and implement local Cyber Security Policy and Procedures (CSPP) for their specific AOR where required, developed from MOD and Navy CSPP.
• Manage the Cyber Security of all non-MODNET assets within their AOR and scope.
• Update and maintain the Navy Command Asset Register (NCAR), ensuring that all non-MODNET assets are recorded when received.
• Understand the accreditation process and the Defence Assurance Risk Tool (DART) to guide submitters within their AOR through the process.
• Ensure all ICT asset requests go through the Navy Digital Request For Change (RFC).
• Act as focal point for triaging, actioning, and responding to MODCERT Directives.
• Ensure that all assets within their AOR are accredited and maintained throughout life, retaining copies of all Accreditation Certificates and Security Operating Procedures (SyOPs).
• Ensure anti-virus updates and patches are carried out within the required timeframe and in accordance with SyOPs, contacting MCSU Service Desk with any issues.
• Retain a copy of all master passwords for the assets within their AOR.
• Conduct a monthly 10% spot check of all Cyber assets within their AOR, with a 100% check by the end of the year.
• Ensure all Information and Cyber breaches are reported to Navy WARP through a Security Incident Reporting Form regardless of resolution at local level.
• Monitor and/or assist with investigations into significant Cyber incidents when required.
• Ensure the unit has a Cyber Champion to uphold good security hygiene and maintain a positive security culture by providing security advice and guidance, delivering education and awareness briefs.
• Carry out annual Cyber assurance of holdings policy and procedures of subordinate units where applicable.
• Provide support to all visits where Cyber assets are involved.
• Provide general IT security inclusive of CYBER and Social Media advice and guidance to the user community, preparing and presenting annual security training and education.
• Assist ITSO on all security matters connected to social media.
• Arrange Technical Surveillance Countermeasures (TSCM) sweeps in accordance with JSP440 Leaflet 18.
• Ensure that all Cyber related changes to PSyA RN Security Directives, Security Advisory Briefs, and RN Temporary Memorandums are distributed to all department heads within their AOR.
• Produce up-to-date instructions for assets e.g. Printers, scanners, fax machines, etc. where necessary.
• Liaise with the Data Protection Officer for maintaining their part of the Navy Command Information Asset Register (NCIAR).
• Co-ordinate all aspects of physical, documentary, and personnel security, including preparations for external Security Assurance Visits and Inspections by the PSyA Security Assurance Team and actions required for Self-Assessments.
• Assist in the production and maintenance of the Establishment Security Risk Register.

Superiors: The GASyO is accountable to 1st Lt and functionally accountable to the ESyO for Security related matters.

Authority: The GASyO is authorised to take necessary measures to ensure that security rules are observed, making spot checks of any department, Lodger unit, or section without prior warning to note security measures in force and impound any protectively marked material not properly secured.

Whole Ship Responsibilities: Participate in Whole Ships activities in support of the Executive Department.

Required Experience: Unclear Seniority

Key Skills: Security Management, Vehicle Patrols, Public Safety, Law Enforcement, Access Control, Safety Procedures, Security Measures, Alarm System, Crowd Control, CCTV Monitoring, Access Point Security Checks, Detect Signs, Safe Environment, Security System.

Employment Type: Full Time

Experience: years

Vacancy: 1