Senior Cyber Security Specialist
What I'll be doing
• To deliver and implement the operational end to end delivery for one or more security services ensuring the protection of existing revenue.
• To deliver and implement the security strategy, policy, procedures, processes, threat identification & response that provide security services and solutions for that service.
• To identify and understand all elements of security including future security support resource elements, for specified Customer Contract.
• To provide expert delivery of internal security infrastructure or commercial security services to the external market.
• Responsible for maintaining and building relationships with stakeholders to minimise risks to BT.
• Responsible for the operational management of risk related to people, information, assets, revenues and reputation and to ensure compliance with relevant security requirements, typically: National Government regulations, Contractual Obligations, company security and business continuity policy
The skills and experience you need
• Current CCP consultant (SIRA or Architect) preferably Senior with experience of system/service accreditation to HMG requirements and Classified systems;;
• Experience and knowledge of risk assessment to HMG standards;
• Experience of evaluation, certification and accreditation of systems to HMG security requirements;
• An understanding of designing and implementing secure systems to HMG security requirements;
• Experience of liaising with government Accreditors and participation in Security Working Groups to ensure we have a trusted relationship.
• Support of IT Health Checks including defining the scope, interpretation of results and providing guidance on implementation of remedial actions;
• Experience of monitoring security policy compliance and ISO 27001, supporting the development of the ISMS;
• In-depth understanding of security architecture;
• Good management skills and team player;
• Customer facing skills – up to and including senior management;
• A good understanding of a broad range of security technologies;
• Responsible for delivery of the security policy and accreditation documentation that supports the implementation of a Defence Contract.
• Security policy development (e.g. Risk Management Accreditation Document Set (RMADS) and associated Authority security documentation);
• Prior experience of the Security requirements of MoD contracts is desirable;
• Able to work closely with Solution and Security Architects and wider design team to ensure that accreditation aspects are addressed within the RMADS;
• Able to give design review and policy guidance to design teams;
• Ensuring that the policy described in the RMADS is reflected in the security design and in the conformance testing support documentation;
• Able to engage with the MoD DFTS Accreditor and Security Working Group to ensure the development and structure of the RMADS and related support documentation (e.g. ISO 27001 Statement of Applicability, generic Security Operating instructions, any required Code of Connection / Interconnection Security Policy development, etc
- Preferably Senior CCP SIRA but Minimum of Practitioner CCP SIRA.
- Good knowledge of the MoD ways of working
- Experience of writing and presenting RMADS to MoD Accreditor
- Experience with the application of SPF, UK National Security Policies, IA policies, JSP 440, JSP490 and ISO27001.
- Conversant with Information Security Standards, Good Practice Guides and other relevant documentation issued by CESG.
- Must either hold or be able to achieve and maintain DV clearance