SC Cleared Infrastructure Assurance Designer

SC Cleared Infrastructure Designer Assurance Central London 7 months

working with within the Infrastructure Assurance area of Service Delivery working as a Enterprise Infrastructure Assurance Manager (Security Analyst). This assignment will be within the Service Delivery Group.

- To be the Subject Matter Expert, responsible for the assurance of all aspects of the delivery of Enterprise Infrastructure Services (EIS) - capacity/availabilityand changes do not adversely affect existing services.
- To represent the authority to ensure compliance of the EIS services; including the management of non-compliance, the resolution of conflict and the associated risk management.

Essential Experience:

3-4 years of Security Assurance in the public or private sector
Self motivated individual with flexible approach to work loads.
Good knowledge of Security standards and practices.
Strong English written and oral communication skills.
Over 3 years of understanding of security processes and technologies including, threat
Analysis, vulnerability assessment, security monitoring and Compliance Auditing.

Desirable Experience:

Industry recognised Information Security or audit Qualification (e.g. CISSP, CLAS)
Experience of working to an ISO27001/2 aligned framework.
Experience of assuring a multi-supplier environment
Experience of Service Management ITIL V3 Framework
Experience of Government Security Policies, Standards and Frameworks

Mandatory

2 - 3 years of practical industry experience of providing technology and security specific consultancy services
Ability to interact with all levels of management and users in a confident and authoritative manner.
Good understanding of industry and government specific security standards

Desirable

BSC/MSC in computer science or information security
CISSP
CLAS
TOGAF 9
ITIL V3

Key tasks and deliverables

- Providing ad-hoc security support services to existing accreditation and security projects/programmes and BAU environments.
- Supporting the IAO in the day to day review of risk statements and advise on risk management
- Supporting accreditation streams to develop and define security accreditation requirements, such as ITHC Scopes, RMADS and SIRO Submissions.
- Reviewing and assessing technical architecture of solutions in order to identify appropriate levels of compliance against relevant CESG, Cabinet Office policies and frameworks as well as industry best practice. (IAS, GPG, AP).
- Liaising with suppliers to ensure their commitment to remediation action and activities identified as a result of IA reviews and ITHC's.

Experience Required

- Good knowledge of CESG and HMG standards and compliance, including Good Practice Guides (GPG), vulnerability management, patching and Security Policy Framework (SPF).
- Knowledge of ISO/IEC 27001:2005 standard for an ISMS,ISO27002 code of practice (controls implementation).
- Practical experience with good technical background of enterprise secure infrastructure architecture and designs.
- Good understanding of, penetration testing and incident management.
- Ability to work with outsourced supplier security personnel to deliver services in accordance with agreed SLA's.
- familiarity with key technologies such as Active Directory, LDAP, web application firewall, Cisco ASA, Juniper, DNS, DHCP, Proxy servers etc...

Security clearance required

ITHR Group is acting as an Employment Business in relation to this vacancy. ITHR Group is an Equal Opportunities employer; we welcome applicants from all backgrounds.