Our Government client is currently recruiting for a CCP consultant, on a 6 month contract paying £77 per hour, outside IR35.
Role: CCP Consultant
Contract Length: 6 months
Location: Warrington or Cumbria with mix of working from home.
Pay Rate to Candidate: £77 per hour LTD
1) Strong Cloud Experience
2) Strong Cyber Security Risk Assessment Experience within cloud applications.
Security Clearance: BPSS
CV Deadline: 1st Sept 4pm
Interview Process: MS teams
To support the Head of Cyber Risk as a Subject Matter Experts (SME) in Cyber Security risk for the delivery of risk specific elements of the CS&IA plan The Senior Information Risk Adviser (SIRA) is an autonomous risk role to support the Head of Cyber Risk with understanding the technology risks and propose mitigations to assist in establishing and maintaining an enduring cyber security and information assurance posture. The role’s primary function is to conduct formal risk assessments on Sellafield Ltd’s and supplier’s cloud environments and to assist in developing a “secure by design” approach for the delivery of such environments that supports the business needs whilst satisfying Sellafield Ltd and ONR/ICO Regulatory requirements.
In order to provide the outcomes above, it is envisaged that the SIRA role will be responsible for:
• Formal risk assessment of Sellafield Ltd Cloud environments O365/Azure security configuration and other systems.
• Recommendations around mitigations necessary to minimise the materialisation of identified risks in line with the SL risk framework.
• Production of risk reports to support the CS&IA Plan.
• Analysis of system configurations and in cognisance of NCSC guidance, determination of associated risk in relation to systems or solutions developed or implemented by Sellafield Ltd.
• Assists with input to the risk tracking of related cyber risks and the management of a Cyber and Information security/privacy risks for the Head of Cyber Risk.
• Formal determination of cyber and information security/privacy related risks and issues.
• Produce the following deliverables:
o Requirements documents/specifications
o Policies and procedures
o Risk assessments/reports
o Security cases
o Risk Treatment plans
CONTEXT AND CHALLENGES
The role has a broad scope spanning technical and process risk across the cyber security, information security and privacy space and will necessitate engagement with SL CS&IA (Cyber Operations, Assurance, Risk, Data Protection), SL ISO (Architecture, Service and Knowledge Management), SL Cyber Programme and other partners/suppliers. The output will include (but is not limited to) the production of formal risk assessments conducted to the standards acceptable to SL, including but not limited to HMG IS1, IRAM 2 or other ISO27005 assessments as agreed. The output will be used to determine the exposure to risks and likelihood of materialisation, required mitigations and support CS&IA planning necessary to support correctness of posture, satisfy Regulatory matters.