Cyber Risk Consultant

Job Description

Skills and Experience. Essential Skills. a.Must have current MOD DV clearance. (candidates without a clearance will be considered)b.Must have recent experience working with the MOD (Information Cyber Security and Assurance) and familiarity with MOD Security Policies e.g. JSP 440, 604, IS1&2, SALs and DCPP.c.Must have MOD report writing and staffing experience (producing reports for OF5 and above). d.CCP SIRA at Practitioner or equivalent.e.Demonstrable cyber risk management (CRM) experience..Desirable Skills.a.Working knowledge of NIST CSF. b.Knowledge of the organisation to which they are assigned developed from previous involvement within that organisation. .The Cyber Risk Consultant will join an established team of CRM embeds; these embeds are currently co-located with six other MOD organisations (such as the Army, Royal Navy, etc). The new Cyber Risk Consultant should expect to work collaboratively and coherently with the established team as well as the CRM Central Function within CyDR. .The Cyber Risk Consultant is required to provide specialist support comprising the following responsibilities and activities: Primary role:a.Conduct a review of DNOs cyber risk governance and management processes at the Top Level Budget (TLB) Holder level. b.Conduct a maturity assessment of processes and governance (including a comparative assessment with the other six MOD organisations i.e. a gap analysis).c.Conduct a discovery piece of work to understand potential under-resourcing of security roles in Project Teams and recommend remedial actions.d.Produce a report describing the findings from the maturity assessment and recommended remedial actions. Depending on the maturity of the organisation, the Cyber Risk Consultant may undertake the following:e.Support the identification of candidates for Cyber Vulnerability Investigations (CVIs), commissioning investigation as required. f.Support the identification of critical assets and enterprise level cyber risks observed throughout the review.g.Provide Learning from Experience (LFE) inputs and highlight key themes and recommendations.h.Identification of and engagement with data owners/stakeholders responsible for host relevant cyber information sources . This includes, but is not limited to; Threat Intelligence; Vulnerability Assessments; Risk Balance Cases; Risk Management and Accreditation Document Sets (RMADS); Cyber Vulnerability Investigations (CVIs); Warning, Advice and Reporting Points (WARP); Data Protection Support Team (DPST); Operational Lessons; and, Outcomes from Collective Training. i.Promote the use of the endorsed CRM tooling.j.Escalate requirements, based on endorsed cyber risks.k.Engagement with CRM Central Function within CyDR..Due to the nature and classification of the work, it is expected that the DNO Cyber Risk Consultant will spend a significant amount of their time co-located with their host organisation (assume a minimum of 4 days per week in office). .COVID-19. Home working will be enabled where practicable and necessary (in case of self-isolation) in line with Government Guidance; however, the DNO Cyber Risk Consultant should expect to attend site to undertake aspects of the role which cannot be accomplished at home. Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment which can take up to a minimum 18 weeks.LA International Computer Consultants Ltd is an HMG Approved Consultancy and operates as an IT & Engineering Consultancy or as an Employment Business & Agency, depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, we welcome applications from all sections of the community and from people with diverse experience and backgrounds.Award Winning LA International Computer Consultants Ltd (Recruiter Awards for Excellence - Best IT, Best Public Sector & Gold Awards) and the most prestigious award that any business can receive The Queens Award for Enterprise: International Trade 2015.