Information Assurance Consultant
Benefits will include: 25 Days Holiday Company Pension Private Medical Insurance Subsidised Gym Membership Childcare Vouchers Company Benefits Portal Share Save Scheme An Information Assurance Consultant is required to join a growing team which provides security assurance services to a range of public and private sector clients, as well as supporting the Company internal security ; Work content will include the preparation and review of security assurance artefacts, the provision of security advice and consultancy, attendance at meetings and working autonomously on projects, scoping and undertaking of audits. The role is contractually based from either Lincoln or St Neots office; however this is a client facing role and the successful candidate must be comfortable with travel to client locations and MASS work sites. The preferred candidate will hold National Cyber Security Centre (NCSC) certified qualification (CESG Certified Professional – CCP) in one or more roles and will have demonstrable experience in information and IT security. This will include: risk assessment and management methodologies; in depth technical understanding of secure IT system architecture; production of Risk Management Accreditation Document Set (RMADS) and HMG Information Assurance ; A good understanding of the application of security controls to IT systems, conversance with HMG / NCSC IA publications, ISO 27001 and experience and strong knowledge of GDPR / Data Protection ; The successful candidate will be a strong team player with good communication skills, and will be required to hold, or be in a position to qualify for Developed Vetting (DV) Security Clearance. MANDATORY REQUIREMENTS Assurance Schemes Knowledge of NCSC and wider Assurance schemes, for example CAPS / CPA / Common Criteria products. Qualifications & Skills CCP certification in one of the following. (Accreditor, IA Architect, IA Auditor, ISSO, SIRA). At least one of the following recognised IT Security certifications. (CISSP, CISM, CISA, ISO 27001). At least one of the following recognised Risk Assessment or Risk Management certifications or training. (HMG IS1&2, CRISC, COBIT, ISO27005, Octave). Experience and strong knowledge of GDPR and Data Protection law. Demonstrable knowledge of HMG accreditation process, ISO27000 series, NCSC IA portfolio, End User Device security strategy: Security Policy Framework, GovUK Cyber Security Guidance and controls. Hold a Full UK Driving License. Applications/Tools Competent in the use of the MS Office suite. Markets Government, MOD. Experience Demonstrate a good understanding of the business relevance of information risks and the current trends and growths in information security. Demonstrate the ability to explain business principles of secure system designs in terms of business risk. Subject matter expertise in an element of information risk management, accreditation, governance or compliance. Ability to produce security cases, accreditation evidence artefacts and documentation to support Accreditor approvals. Awareness of ITHC requirements and analysis of results. Conducting Compliance Audits. An ability to explain secure system designs in terms of business risk. DESIRABLE REQUIREMENTS Assurance Schemes CompTIA A+ Qualifications & Skills ITIL. TOGAF. Cyber Essentials Auditor/Technical Assessor. Familiarity with: JSP 440 MOD Manual of Security, Industry Security Control Systems and Risks (SCADA). JSP604 Defence Manual for Information and Communications Technologies (ICT). Applications/Tools vsRisk2 HMG IS1 Risk tool methodology. Markets Commercial CNI Experience Previous role as an Accreditor. CPNI CMAT framework. Business Continuity and Disaster Recovery Planning. Knowledge of PSN. Experience in writing or updating information assurance operating policies and compliance procedures. Ability to take a rounded view of security issues and make risk judgements across the relevant scope. Penetration Testing. Performance of IT security audits. Mass is an equal opportunities employer.