Name: Defence Equipment and Support
Status: Full Time
The SDA team is seeking a Cyber Security Specialist to lead, coordinate and assure all activities towards achieving Information Assurance (IA) /cyber security accreditation on its HM Submarines.
Please note, due to the nature of the projects involved, this role is open to SOLE UK NATIONALS only, and whilst initially requiring SC level clearance, the successful candidate may be required to obtain Developed Vetting in the future.
The SAC (Security Assurance Coordinator) monitors and reports to the Accreditor, Information Asset Owner (IAO) and Delivery Team on all security matters relating to a project.
The primary tasks of the SAC are to:
-Lead & establish the programme of work to work to ensure information assets are adequately protected at the platform assurance level.
-Ensure all appropriate actions are taken to achieve cyber security accreditation;
- Provide advice on security policy covering both policy that is already in place e.g., HMG SPF, Departmental Policy (JSP440), IEC/ISO 27001 controls and the creation of new security-related documents for the project, such as a Risk Management Accreditation Document Set (RMADS), relevant legislation (e.g. Data Protection Act, Freedom of Information Act), technical solutions, risk management and Information Assurance;
-Lead the activities required to maintain security accreditation throughout the Submarine equipment's project lifecycle. This will involve the liaison and provision of an interface between the relevant accreditor(s), the primary and sub supply chain, the project team and the end user community, ensuring that all aspects of security are delivered throughout the Submarine equipment's project lifecycle.
-Lead on the work required to prioritise and maintain Security Cases and keep the User informed on any changes that may impact on Operational aspects.
-Prioritising and implementing security measures within the maintenance periods set for each Submarine.
-Ensure that security stakeholders roles required for the project have been identified, are aware of their responsibilities, and understand the levels of risk appetite for the different Classes of submarine and ensure the IA activities control risk within these appetites.
-Lead & establish the governance required to link Safety-Security procedures and audits to ensure Cyber risks are addressed within safety management processes
- Coordinate, consider, witness, manage and report on all security requirements for a project, ensuring they are completed professionally, efficiently, to schedule, and that they are fit for purpose and compliant with relevant policy and legislation;
-Conduct Data Protection Impact Assessments;
-Ensure all project cryptographic requirements are met;
- Monitor and report on project security requirements and issues as they arise;-
- Organise the project security meetings such as the Security Working Group and chair them on behalf of the Project Manager, if required;
- Be responsible for the production of all security deliverables (e.g., security documentation, testing witness reports) and ensuring they are fit for purpose and delivered on schedule; and,
- Create, update and manage the Security Risk Register and ensure it is reviewed at the security meetings
- Set teams strategic direction towards achieving cyber security accreditation across the large and complex submarine programme, maintaining oversight and holding to account all suppliers across the Nuclear Enterprise
- Provide, leadership, representation and intervention as appropriate at Security Working Groups at all tiers of the programme, sometimes down to individual sub-tier suppliers in high-risk areas.
- Provide advice and support on cyber security (policy, implementation, risk management, technical testing etc.)
- This role involves engaging effectively with a large stakeholder base, including the capability customer; in-service community; intelligence community and UK Subject Matter Experts in IA/cyber and involvement in early activities to understand how to better integrate the cyber and safety domains within the programme.
- Provide expert advice and guidance in supporting the delivery of Business Continuity and Disaster Recovery planning.
- Lead the testing of relevant controls on the implementation of any system, platform or infrastructure to ensure alignment with security architecture and policy.
What you will be assessed against
To be found successful you must demonstrate the following essential criteria:
• The ability to evidence a substantial range of cyber and information security knowledge.
• Experience, knowledge and/or qualifications in one or more of the following: Information risk management, information security (e.g. CISSP), cyber security of networks, engineering interfacing, product security lifecycles, penetration testing.
• Experience in RMADS (risk management and accreditation and document set) or security cases
It would benefit your application should be able to demonstrate the following desirable criteria:
• Experience in implementation of cost-effective and pragmatic security enforcing functions within systems or equipment and at system-of-systems design levels.
• Experience in leading and managing cyber security on complex engineering programmes.
• Experience and knowledge of cyber security in the defence environment, including knowledge of JSP440 and current defence policies and practices.
• Experience of working on submarine projects, and an understanding of submarine systems.
• Experience of leading / managing across a broad range of stakeholders and regulators
If you are invited to an interview, you will be assessed against the following technical competencies:
• Information Assurance
If you are invited to an interview, you will be assessed against the following behaviours:
• Communicating and influencing
• Making effective decisions
What's in it for you?
You will receive a generous benefits package including market leading employer pension contributions of around 21% of your salary (not including any personal contribution), annual bonuses, a flexible working pattern to fit you where possible, 25 days holiday +1 additional day every year you work up to 30 days with opportunity for movement and promotion. Some of our sites include an onsite gym, onsite restaurants, cafes and much more.
Find out more about what we offer by clicking here or by using 'The Little Book of Big Benefits' booklet PDF at the bottom of this page.
Applicants should be aware that any move across the Civil Service may have implications on an employee’s ability to carry on claiming childcare vouchers.
About your team
Our mission is to both enable and drive SDA towards its vision to become a world-class digital business. The IM&IT function employs professionals from information assurance and cyber security to management information and statisticians. We act as the ‘digital partner’ to SDA, helping the whole organisation to embed new business processes, tools and technology.
Please click the link below to apply by creating an account and upload your details.
Please find 'The Little Book of Big Benefits' by copying and pasting the following link into your browser:
External candidates may be entitled to up to £8,000 of First Appointment Expenses (FAE) depending on the outcome of an eligibility check by Defence Business Services (DBS). Internal Civil Service candidates are not entitled to relocation expenses.
| Job Requirements/
Please copy and paste the following link into your browser. You will need to register with Skillstream to create a profile and upload your CV:
Apply before 11:55 pm on Sunday 22nd November 2020
Becky Syms - DE&S Talent Acquisition Specialist£40,800 - £48,000
||Becky Syms - DE&S Talent Acquisition Specialist
Defence Equipment and Support
MOD Abbey Wood, Filton
More Listings from Defence Equipment and Support
Keep up-to-date by subscribing to our eNewsletter. (you can un-subscribe at anytime)