To work alongside Technical and Business Stakeholders Teams in producing and/or maintaining documentation relating to Proposals, Architecture, Policies, Guidance, System Operating Procedures (SyOp’s) and Accreditation or Risk assessment documentation.
To review, challenge, influence and advise the business and Architecture teams on achieving a balanced Solution that is within stakeholders risk appetite.
Recommend solutions to stakeholders to improve business capability, efficiency etc. over the medium and long-term.
Conducting technical security reviews of low level designs and proposed solutions.
To scope and specify IT Health Checks / Penetration Tests.
Proven experience (minimum of three years) working as an Information Assurance professional within a Public Sector environment.
Advising on and implementing:
HMG Policies (the Security Policy Framework at http://www.cabinetoffice.gov.uk/resource-library/security-policy-framework and its supporting documents)
HMG Standards (such as Information Assurance, Risk Management, Accreditation, Cryptography, etc.)
NCSC Guidance (including Good Practice Guides, Developers’ Notes, Security Procedures, etc.)
Risk Assessment and Management, which provide evidence of adequate risk management to accreditors.
Interconnections and Code of Connection compliance
Security Management Plans and enforcing them
Able to provide a level of technical expertise commensurate with that of a CCP (CESG Certified Practitioner) consultant combined with an in depth working knowledge of the controls contained within the HMG Security Policy Frameworks and good Practice Guides.
Experience with applying ISO 27001 Information Security Techniques and developing Information Security Management Systems (ISMS)
Detailed working background in IT with demonstrable experience resulting in a high-level of understanding of the application of IT Security and Information Assurance principles within a diverse business environment.
Strong communication and interpersonal skills with the confidence to inform engage and influence at all levels of the organisation.
Ability to rapidly assimilate new information and make sound judgments to ensure minimum risk to the organisation.
Be able to work on own initiative or with minimal supervision.
Desirable - Security Architecture experience of Infrastructure, Telecommunications and Applications.
CISSP or CISM or equivalent
Lead ISO27001 Auditor or Implementer
CESG Certified Practitioner (CCP) IA Architect – Senior Practitioner Level
SC required – Home Office SC preferred
Required Technical and Professional Expertise
Preferred Tech and Prof Experience
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.