Security Consultant - HMG - RMADS - CESG - CCP - ISO27001


Reference: PM/Req/006577
Location: Berkshire
Type: Permanent
Status: Active
Salary/Rate: £70,000 per Annum

Find out more about this vacancy and apply here

Security Consultant – HMG – RMADS – CESG – CCP – ISO27001
Job Description
This vacancy is for a security consultant with all-round information assurance security skills to join a Security Services Consultancy as a Security Consultant . There will be some travel required for working at customer sites due to HMG security requirements but the consultant will be a mobile worker based from home/ office with travel to client site as required. The role requires the individual to, provide subject matter expert (SME) security input/advise to all contracts managed by the relevant account personnel.

The following skills and experience are essential:
• Information Security Consultancy;
• Knowledge and understanding of, and experience in, IT security;
• Good overall understanding of Security management and assurance practices, with hands on experience
• Ability to investigate aspects of IT systems and compare them to relevant standards (e.g. HMG/JSP 440, CIS, ISO27001)
• Ability to identify solutions to resolve security gaps in systems and designs
• Understanding and experience of using RMADS documentation for UK government and/or defence customers
• Conversant with the HMG Security Policy Framework and Departmental government security policies Understanding of Threat and Risk analysis methodologies/techniques and the interpretation/application of their output in the definition of Security Architectures.
• Appreciation of trends in IT security.
• The ability to present to senior client personnel.
• Experienced in Solutioning and bid work
• Experience of working client side

The primary responsibilities :
• Maintain the currency of their Account Security Plans and supporting documents required by the Information Security Management System (ISMS).
• Maintain good communication channels with their respective security authorities and Security Assurance Coordinators (SACs).
• Ensure all other Account staff with subordinate security responsibilities are adequately briefed and that their security tasks are carried out effectively and efficiently.
• Ensure the accounts are accredited, and operated in accordance with the system RMADS/SyOPs and that these documents are reviewed at least annually.
• Confirm that all hardware, software and media is registered and correctly managed. Liaise with the local Site Security Controller to ensure all mustering is completed within specified timeframes and that all ICT movement is controlled and any disposal or re-use is achieved in accordance with current policies and contractual requirements.
• Provide compliancy oversight of Trade system security log management, user account management, authentication management, patching, AV updates, firewall configurations and any security monitoring for Trade ICT operated by the account.
• Facilitate an active Security Working Group(s) and maintain an account level Security Risk Register by ensuring risks are regularly reviewed and escalated within the requirements of the SIRO’s delegation and in accordance with current policies and directives.
• Report all security related incidents promptly and, only when directed, provide independent investigation and reports.
• Coordinate any external/internal security auditing of the account.
• Review RFCs for security considerations, ensuring peer reviews are conducted for all Delivery Assurance Reviews (DARs) and for alignment with wider security strategy and architecture; also liaise with commercial staffs to review opportunities/issues that may arise from security policy changes.
• Provide all security coordination for the account and maintain a robust security posture whilst striving to ensure all security requirements and goals are achieved.
• Facilitate security audits of their account, ensuring staff are prepared, all related records and documents are current and are made available for inspection. Contribute to the internal audit programme when tasked.

One or more of the following certifications/qualifications would be preferred.
• Minimum of 5 years industry or HMG security experience.
• MSc in IT Security or related subject or relevant industry experience
• M.Inst.ISP or other professional body
• CESG Certified Professional (CCP) IA Architect at Senior Level
• CCP Security Information Risk Advisor (SIRA) at Senior Level
• ITAC Level 1/2/3
• ISO 27001

Security Consultant – HMG – RMADS – CESG – CCP – ISO27001