Security Assurance Manager

Location: London - Hybrid

Duration: 12-18 months

Rate: £600 - £750 per day inside IR35 - umbrella only

Active SC clearance required

Responsibilities:

• Oversee and guide a team of consultants from the UK business who are fulfilling our cloud security assurance process for non-core cloud systems.
• Maintain and implement our overall Secure Networks Security Assurance framework, including creation of protocols and processes as required.
• Maintain our secure network approvals including risk assessments, security arguments, and compliance statements against the DCPP Cyber Security Model (plus against other standards and control sets as required).
• Carry out and maintain security assessments for core Secure Networks cloud systems such as Microsoft 365.
• Oversee Secure Networks elements of broader company certification to the Defence Cyber Certification.
• Carry out compliance audits to ensure that the Secure Networks Team, local security contacts, and project teams are carrying out required assurance activities, both in our secure networks and for cloud systems.
• Stay up to date with MOD and other regulatory guidance, and relevant commercial standards such as Microsoft 365 guidance, and incorporate the results into our Secure Networks security assurance approaches.
• Provide security assurance guidance to the Secure Networks Team to review and influence the design and operation of our secure networks.
• Periodically update the risk assessments for our secure networks, communicate implications to relevant stakeholders, and track progress against action items.
• Stay up to date with the threat landscape affecting our secure networks, using a range of sources such as the corporate Threat Intelligence team.
• Track progress made by a range of parties against security action plans.
• Collaborate with, learn from and advise relevant internal stakeholders such as Global Security, Security Points of Contact, the Secure Networks Team, the UK business security managers, Security Controllers, corporate and UK project procurement, HR Vetting, project teams, and individual staff members seeking guidance e.g. for overseas working.
• Liaise with relevant external stakeholders such as MOD CyDR.
• Annually revise and reissue Security Operating Procedures for our secure networks and core Secure Networks cloud systems.
• Support external security-related audits such as ISO27001 and by clients including MOD.
• Oversee authorisations of third parties who will handle information from our secure networks or connect in to them, including both initial approval and ongoing maintenance.
• Assess devices that require connection to our secure networks, for example point cloud scanners.
• Maintain a coordinated programme for all security assurance activities to ensure they are delivered in a timely manner.
• Arrange, report to, and provide advice and recommendations to Secure Networks Governance Committee meetings.
• Report into the Office of the Chief Information Security Officer to provide confidence to them that our UK Secure Networks have adequate security assurance.
• Carry out security assurance for key elements of the Secure Networks supply chain (hardware, software, services).
• Create and maintain infrastructure required to move the Security Assurance function from being an individual contact to a comprehensive standalone function, for example a group mailbox, a Team, communications methods, and site(s) for publication of Security Assurance policies, trackers, etc.

Required Skills & Qualifications:

• A 'completer finisher', with an eye for detail.
• Demonstrable experience of working in cyber security in a UK MOD-related environment.
• Strong familiarity with UK MOD security standards such as Def Stan 05-138 versions 3 and 4, the Cyber Security Model, Secure By Design, Industry Security Notices.
• Strong familiarity with UK Government security standards such as 007/SPF, NCSC Cloud Security Principles, NCSC Principles for Using Software as a Service (SaaS) securely, Cyber Essentials, and the CHECK penetration testing scheme.
• Broad familiarity with UK Government physical and personnel security such as NPSA and UKSV.
• Risk assessment using recognised standards such as IS1 and NIST SP800-30.
• Able to express yourself effectively, with a high degree of clarity, in English, especially when justifying and explaining required security measures.
• Able to liaise effectively with a wide range of stakeholders, from senior leaders to technical IT staff.
• Able to prioritise and manage your time to achieve multiple different tasks.
• (Desirable) Familiarity with broader international security standards such as ISO27001, CMMC, and the NIST Cyber Security Framework (especially SP800-30 and SP800-53).
• (Desirable) Familiarity with UK nuclear regulations such as the ONR SyAPs.
• (Desirable) Familiarity with the AtkinsRéalis corporate security standards and approaches.
• Competent with Microsoft Word, Excel and PowerPoint.

Join a dynamic team supporting vital national security projects. Apply now to be part of a forward-thinking organisation committed to safeguarding critical infrastructure.