Senior Security and Information Risk Advisor (A2ZD15747)
at MOD, South West

Location: South West

Salary: Daily Rate: Up to £550 via Umbrella

Job Type: Contract

Industry: Government

Job Title: Senior Security and Information Risk Advisor
CV Submission Deadline: 14 August @ 12.00
Location: Corsham
Duration: until 09/05/2020
Daily Rate: Up to £550 via Umbrella
Security Clearance: SC
IR35 IN/OUT Scope: In Scope


Key Tasks and Deliverables:

Role Purpose:

To provide business driven advice on the management of security and information risk consistent with HMG IA policy or other sector specific guidance:

To provide a focal point for resolution of security and information risk matters

To identify, analyse and evaluate information risks

To explain to risk owners and other stakeholders the causes, likelihood and potential business impacts of information risks throughout the information system lifecycle

To assist checking compliance with applicable regulations, standards, policies and guidance on information risk management

To present risk management options to the business

To support the development of appropriate and proportionate documentation to inform risk management decisions, ensuring these are expressed in terms meaningful to the business

To investigate security incidents

To promote security awareness

To provide threat guidance Responsibilities To achieve a particular responsibility level the candidate should meet the standard in the headline statement. The supporting bullet points provide examples of activities, behaviours or responsibility consistent with the standard. Other examples may also meet the standard. Headline statement Enables provision of the Security and Information Risk Advisor service across a range of business units, sites, projects or other change activities

Selects appropriate risk assessment techniques for use across the client programme

Identifies information risks which are systemic across the programme or business

Understands and provides guidance on the threat environment

Recommends implementation of new IA controls across the programme or enterprise to provide more cost effective risk mitigation in the long term and ensures these are traceable

Contributes to the development of IA strategies, policies, guidance and awareness and aligns these with local risk management practices

Integrates information risk management into programme risk management

Manages security incidents escalated from a Security and Information Risk Advisor in accordance with applicable policies and standards

Provides specialist information security advice requiring at least one IISP skill at skill level 3

Plans and manages delivery of a security work programme

Manages or supervises Security _ Information Risk Advisors Candidates will be CESG Certified IA Professional Senior Security and Information Risk Advisor.

Post Specifics:

A IT Security Manager is required for the DPS Service Management team at MOD Corsham

Key Responsibilities:

  • The ITSyM is required to assist in the implementation of effective IT security in accordance with local policy. Therefore, the ITSyM must have a strong background in information technology (ideally in the deployed military capability environment) and have a clear understanding of the challenges of information security. Main responsibilities will include, but not limited to:

-Writing, updating and supporting the development of system security policies and procedures and reviewing their implementation for the organisation;

-Manage the PKI, RBAC and Crypto Management resources;

-Review the effectiveness of IT security controls in accordance with security policies and system risk management;

-Review compliance with SyOPs and contributing to their further development;

-Supporting the SAC in the review of requests for change;

-Providing advice on compliance with IT security policy and procedures;

-Use tooling provided to monitor the system for threats and attacks;

-Alerting the SAC to changes in system use that might affect the level of risk;

-Reporting security incidents or breaches of security policy in accordance with local procedures;

-Assisting investigations into IT security incidents and where appropriate performing remedial actions such as providing user training or briefings;

-Attending and briefing at Security Working Groups where necessary;

-Providing regular reports to the SAC on system security.

Experience Required:

To be eligible for the post of an information security manager, an individual should have completed a bachelor’s degree in computer science or any other relevant field. They will require excellent analytical and problem-solving abilities to identify and fix security risks. To build understanding and awareness of security issues throughout the organisation, they must have excellent communication and presentation skills. They also need good team working skills to develop security solutions in collaboration with other information technology professionals. Other skills required are:

-Excellent interpersonal and communication skills are a must to be able to present their ideas concisely.

-Ability to prioritise work and design schedules to meet the desired requirements

-Ability to work in demanding and taut timescales

-The ability to work collaboratively with other team members as well as should be able to work independently with minimum supervision

-Excellent organisational and time management skills are a must

They may carry out simulated attacks to test the efficiency of security measures. They also prioritize security coverage to ensure that strategically important data, such as commercial information or personal data, receives the highest levels of protection.