Senior Information Systems Security Specialist

This contract with our central government client is for a Senior Information Systems Security Specialist for 12 months. The role is located in Aldermaston for 30-50% of the time with the rest working from home. The pay rate for this role is £74.79 LTD/UMB or £55.67 PAYE per hour.  

Job Description:  

Key Accountabilities:  

- Provide analysis of risks to information systems in order to inform risk owners and project managers to allow effective decision making.  

- Provide expert subject matter advice to CISO and other elements of the IS management chain.  

- Ensure IT projects are provided with timely technical security advice.  

- Develop and apply the overall security architecture of the organisation and the place within in it of key security controls.  

- Maintains and promotes high personal standards in environment, safety, health, security and quality and be a great team player.  

- Additional accountabilities for this job profile may be defined and appointed through the Chief Engineer Management Arrangements, with appointees listed within the Company Design Authorities and Technical Authorities, as held in the company management system.  

Key Responsibilities:  

- Work with functions, projects and the supply chain to assess the sources of Information Risk and make recommendations on how these are to be managed.  

- Provide the companies lead for maintaining awareness of industry best practice in Information - Assurance and Information Risk Management.  

- Determine how the overall security architecture applies to projects under consideration and advise project solution architects on security requirements.  

- Review high and low level solution designs for compliance with overall security architecture, achievement of security requirements and overall efficacy of the security features and tools.  

- Facilitate the formal accreditation by the corporate systems and of other specified company systems.  

- Oversee IT Health Check and Vulnerability Assessments by approving scope of tests and overall testing programme.  

- Advise the managers on the appropriate level of risk tolerance.  

- Record and track assessments of information capability and projects supporting reviews and audits as necessary.  

- Provide technical risk assessment analysis.  

- Develop the professionalism of Information Risk Management within the company  

- Attend project Security Working Groups and manage when appropriate.

The successful candidate will have a strong understanding and background in technical and non-technical information security and risk and have the ability to engage with management and technical/non-technical SMEs for the successful implementation and operation of the ISMS and its associated deliverables.  

The candidate will have knowledge including (but not limited to):  

. Identification, assessment and management of risk  

. Security assurance and the measurement of controls  

. Creation of ISMS and IT Security documentation (Policies, Standards, Processes, Procedures and Patterns)  

. Internal and Third-Party Audits  

. Risk and threat modelling  

. Compliance and Assurance Activities  

. Business process analysis and mapping (to determine alignment against agreed industry practice and recognised control frameworks)  

The candidate will hold the following certifications/qualifications or equivalent:  

- CISSP  

- CISM