Compliance and Security Officer- CESG, CLAS, Auditors, Governance, Ris

Compliance and Security Officer- CESG, CLAS, Auditors, Governance, Risk

The post holder will have a strong security background, with a focus on ICT security complemented by familiarity with general security policy. They will be expected to work with minimum supervision, be able to make appropriate and timely decisions, liaise with Programme and Project staff when necessary and work with stakeholders of senior rank from the industry.

The Compliance and Security Officer will be required to work on the following tasks:

- Provide advice and guidance to the Security Assurance Co-ordinator (SAC) as defined in JSP 440 and HMG Security Policy Framework.
- Elaboration and/or Assurance of Security Requirements for projects in AIS programme.
- Manage the security aspects of the transition of AIS Projects into the live environments.
- Assurance of project security plans and products, such as Security Risk Assessments and Risk Management Accreditation Document Set (RMADS).
- Co-ordinate between project stakeholders to ensure that there is a common understanding of security requirements, security risk and countermeasures in support of security assurance and approvals.
- Produce security strategy, policy and documentation as required.

Requirement

The following skills are required for this role combining strategy, governance, technical and risk management expertise and fall broadly within the following areas:

- Security Management
- Governance, Risk and Compliance
- Information Risk Assurance
- Architecture, Network and Application Security
- Incident Response and Forensic Investigation
- Business Continuity Management
- Information Security assessments (across people, manual and automated processes) including the identification of gaps and formulating recommendations on remediation
- Scoping threat and vulnerability assessments
- Conducting Technical Risk Assessments
- Organising Penetration testing
- Perform remediation of control deficiencies
- Effectively communicate results of assessment findings, rational and recommendations
- Cabinet Office IAMM return construction/reviews
- Data Protection Compliance Reviews

Entry Level responsibilities:

- Conduct effective interviews with senior management and staff
- Document interviews, develop findings and recommendations
- Perform assessments in a thorough, efficient and professional manner
- Obtain the required domain knowledge to conduct the assessments or remediation
- Work with project staff to remediate technical or process issues.

Functional Contractor Requirements

Essential Skills. It is essential the selected incumbent has the following skills:

- University degree such as B. Comm, MBA, BSc. Computer Science, Computer Engineering or equivalent working experience
- Prior experience in Information Security
- Demonstrated successful project delivery experience
- Ability to work in a Matrix environment and interact with other practice disciplines
- Ability to travel
- Strong written and spoken communication skills supported by strong presentation skills and personable demeanour
- Desirable skills

The following skills are desirable and are not pre-requisites:

It is desired that the individual has:

- Professional designation such as an accounting designation or Information Security certification such as CISSP, CISA or CISM that establish credibility and capability in the Information Security market
- ISO27001 Lead Auditor
- CESG Listed Advisor Scheme CLAS