Sopra Steria's Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client's goal of National Security, and we operate in a unique and privileged environment. We are given time for professional development activities, and we coach and mentor our colleagues, sharing knowledge and learning from each other. We foster a culture in which employees feel valued and supported and have pride in their work for the customer, delivering outstanding rates of customer satisfaction in the UK's most complex safety- and security-critical markets.
Our technical specialists deploy systems running many of the major operating systems such as Microsoft Windows, Mac OS, and multiple Linux distros. We also provide Messaging and Collaboration systems and support, Application packaging and deployment, along with supporting Infrastructure and Cloud services and support. Our time can be split between our services and project work, so we have the chance to be multi-disciplined and access to a range of technologies.Role Overview:
The information security risk manager will support BAU and project teams by conducting gap analysis, risk assessments and drafting new, or updating existing, security artefacts in support of the customer's requirements. In addition, you will provide consultancy advice and operational mentorship to account staff on all matters related to accreditation, information assurance and information security. Further, you will support the operational security manager by ensuring resource and budgetary allocations for security personnel are appropriately handled.Key Responsibilities:
- Liaise with customer information assurance/accreditation teams to ensure security matters are resolved in a timely manner.
- Work with BAU and project teams to ensure security artefacts (e.g., risk assessments, risk remediation plan, risk register, RMADS, Security Operating Procedures et al) are authored and aligned to ISO 27005 or bespoke risk framework, as agreed with the customer.
- Amend existing security policies and procedure to ensure compliance against commercial, legal and regulatory obligations.
- Provide security leadership and consultancy advice to internal account and external stakeholders.
- Translate traditional IS/1 Risk Management Accreditation Document Sets into a bespoke accreditation framework and/or NIST format.
- Participate and where applicable chair, security working groups.
- Support the OSM on all matters related to security resource and budgeting.
- Demonstrate understanding of Security architecture frameworks/principles (e.g., NCSC, NIST, OWASP, SABSA)
- Good communication, verbal and written skills.
- Willingness to adopt and demonstrate core values (i.e., Respect, Excellence, Empathy, Community).
- Ability to work on own imitative and as part of a wider team, good team relationship skills.
The scope of the role is set to grow exponentially and there is considerable autonomy for the right person. The type of person who would fit well within our organisation is one who reflects our values, isn't afraid to make decisions, views security as a business enabler, can integrate and work harmoniously with different resolver groups with a strong personality capable of bringing new insights.
- Information Security / Information Risk management.
- ISO 27001 certified.
- Familiar with NIST framework
- CCP (or equivalent) certification
- Ideally worked within central government
- This is an operational delivery role for which a DV clearance is required.
If you are interested in this role but not sure if your skills and experience are exactly what we're looking for, please do apply, we'd love to hear from you!Full time
Cheltenham, Manchester and London - we can offer flexible working.Security Clearance Level
DV clearance is required.Internal Recruiter
£5,400 car allowance, 25 days annual leave with the option to buy additional days, private medical, life assurance, pension, and generous flexible benefits fund
Although this role is advertised as full-time, we support different ways of working and can offer a range of flexible working arrangements. So, if you're interested and need to work flexibly, we encourage you to apply and talk to us about what might be possible.