Security Assurance Co-ordinator (SAC)

The SAC will play a key role in Co-ordination of security assurance activities for the company. The role will support the delivery of a variety of innovative, accreditable, cost efficient and profitable solutions to comply with HMG’s security classification system. These solutions are operated at a variety of company and customer’s premises and are the foundation for the Company’s secure managed ICT services to public sector customers.

The role encompasses two key areas:

• Information Assurance: Implement measures focused on protection and safeguarding of the Company’s critical information and relevant information systems, assuring the integrity, availability, authentication, confidentiality and non-repudiation.
• Information Security: Protecting information and information systems from illegitimate access, usage, revelation, alteration, disruption and destruction to achieve the objectives of data integrity, availability and confidentiality.

Responsibilities

• Support junior members of the information security team.
• Co-ordinate the security accreditation and assurance processes for new and enhanced services which the company offer to our customers.
• ITHC’s
• MOD and other authority assurance activities
• Completion of JSP processes
• Planning Information Assurance Capability:
• Support the Development and maintenance of our Information Security Management System (ISMS) to best support the Company’s activities, including Risk Management and Accreditation Document Sets (RMADS) and Company Security Policies.
• Examine any risks to the Company's information security and work with the Senior Information Security Manager to put policies and procedures in place to manage those risks.
• Work with the Senior Information Manager to develop, maintain and continually improve a set of controls and measures to manage any threats to information assets.
• Plan and maintain information security compliance activities with the variety of security requirements that the Company meets.
• Monitoring Information Assurance
• Coordinate and implement all protective security activities including physical security.
• Co-ordinate information governance, including annual Service assessments and risk management.
• Monitor the operation of the Company’s Information Security Management System
• Implementing Information Assurance:
• Perform the role of Incident Manager during any security incidents and emergencies, ensuring that all business recovery/contingency plans and/or procedures are actioned accordingly.
• Co-ordinate investigations involving security; to prepare reports and note follow up action.
• Support the delivery of the Company’s Information Security awareness, education and training programme.
• Co-ordinate actions with appropriate suppliers, including consultants and service providers.
• Evaluating Information Assurance
• Represent information security on any relevant project workgroups and project boards.
• Co-ordinate a process of continual Audit, to ensure that compliance is maintained with the various requirements on the Company, and to support continuous improvements.
• Under the guidance of the Senior Information Security Manager, Co-ordinate periodic review of policies and procedures.
• Carry out Security exercises including NCSC Cyber in a box.
• Co-ordinate the completion of follow up actions.[SP1]

Qualifications (Essential)

Working towards or qualified in CISSP/CISA/ CISM is desirable or equivalent professional experience.

Must hold or be able to gain national security clearance to the Security Cleared level.

To meet government policy requirements, must be a British national.

Skills and Experience.

Experience in risk and regulatory frameworks and standards, such as NIST, ISO27001, MOD JSP440, JSP604 (Essential)

Proven track record in Information Security and Assurance (Essential)

Initiative and pro-activity, matched by an ability to be a strong member of a team. (Essential)

Willingness to work flexibly in response to changing organisational requirements. (Essential)

Solid communications skills – including the ability to influence employee behaviour and perceptions. The best security policies won’t be effective without buy-in from all employees; (Essential)

A keen understanding of technology and the ability to leverage this knowledge to implement effective security solutions (Preferable)

Experience of managed service environments, with an awareness of ITIL best practice. (Preferable)

Tagged as: IT