Senior Information Security & Risk Advisor, MoD, up to £653/day

Job Description

The Ministry of Defence are seeking a Senior Information Security and Risk Advisor to join their team in Lichfield. Some working from home will be possible. Some travel to other MoD locations might be required.Team: Ministry of Defence|MOD Core|Defence Infrastructure Organisation|DIO Management Group|Head Office Business GroupInitial contracts will run for 12 months and offer a rate up to £653/day.IR35 STATUS: Inside IR35. This engagement has been assessed by the public body as Inside IR35 legislation. Candidates would be required to operate through an umbrella company on this engagement.DEADLINE FOR SUBMISSIONS: 26/05/2021 at 15:00This role requires Active SC (Security Check) clearance. Applicants require active SC clearance or the willingness to go through clearance before starting on site. Candidates with current clearance will be preferred.Main Responsibilities To identify, analyse and evaluate information risks To explain to risk owners and other stakeholders the causes, likelihood and potential business impacts of information risks throughout the information system lifecycle To assist checking compliance with applicable regulations, standards, policies and guidance on information risk management To present risk management options to the business To support the development of appropriate and proportionate documentation to inform risk management decisions, ensuring these are expressed in terms meaningful to the business To investigate security incidents To promote security awareness To provide threat guidance Enables provision of the Security and Information Risk Advisor service across a range of business units, sites, projects or other change activities Selects appropriate risk assessment techniques for use across the client programme Identifies information risks which are systemic across the programme or business Understands and provides guidance on the threat environment Recommends implementation of new IA controls across the programme or enterprise to provide more cost effective risk mitigation in the long term and ensures these are traceable Contributes to the development of IA strategies, policies, guidance and awareness and aligns these with local risk management practices Integrates information risk management into programme risk management Manages security incidents escalated from a Security and Information Risk Advisor in accordance with applicable policies and standards Provides specialist information security advice Plans and manages delivery of a security work programme Manages or supervises Security Information Risk AdvisorsRole Requirements Subject Matter Expert to provide SQEP advice, guidance and support to the project team based on existing MOD and Government Security Policy (JSP440, 441, 890, 891, 604, ISNs, HMG GPGs, SPF, HMG IAS Policy and guidance etc and where necessary supporting the application of Industry best practise (ISO27001)) and practical application of these policies and guidance including legislation IRT cyber security and GDPR. Subject Matter Expertise on Enterprise Networks, cloud hosting, security architecture and design within the MOD environment and practical application of these policies and guidance. Subject Matter Expertise on MOD Targets of Accreditation (TOAs) to enable accreditation to be achieved at the earliest opportunity. Subject Matter Expertise on the Data Protection Act (DPA) and GDPR to enable Privacy Impact Assessments to be completed for DIO CIO TOAs. Production of Risk Management Accreditation Documentation Sets (RMADS) for DIO CIO TOAs using the HMG IS1&2 methodology and any required supporting documentation to enable Accreditation to be achieved at the earliest opportunity. MOD Accreditor and / or SAC experience. Knowledge of DART. Production of Accreditation Management Plan for DIO CIO TOA. Production of any other security documentation as required by DIO CIO. Stakeholder Management, excellent communication and collaboration across all internal MOD and external Industry Partners. Excellent written and oral skills to be able to manage senior stakeholders expectations and to produce succinct and tailored presentations dependant on the audience. Flexible attitude and working patterns to enable meetings, travel and project targets to be met. Excellent Team work and proactive attitude including problem solving and risk management to enable project targets to be balanced against security risk. Must be willing to travel within the UK to enable to support the project achieve its objectives with possible overnight stays.Experience Experience within the cyber security & IA profession within the MOD. MOD Accreditor and / or Security Assurance Coordinator (SAC) experience. ISO 27001 or ISO 9001 auditor experience (ideally) Data Protection Act (DPA18) experience including production of DPIAs. (ideally)Qualifications - Preferred Degree in the Information Cyber Security & Assurance discipline CISSP CISM Professional Membership in Information Security and Cyber (eg: Institute of Information Security Professionals (IISP), NCSC Certified Professional (CCP), ISACA CISM, ISC2 CIISP, BCS.)Candidate EligibilityCandidates must be eligible to work in the UK, this role will not offer Visa sponsorship. Tier 2 - General visas are cannot be accepted. This role requires that candidates be willing to undergo BPSS (DS) Baseline Personnel Security Standard (with a Disclosure Scotland).Other Job PostingsVisit for all current Quast recruitment job vacancies.