Please note for this role all applicants must SC security cleared and be a British Passport holders (no dual citizenship)

We’re looking for an Information Assurance Manager to be solely responsible for ensuring the accreditation of a system using COTS PLC and SCADA technologies, is achieved against JSP440.

Key responsibilities include:
• Establishing guidelines and policies surrounding risk and security
• Audit work undertaken against agreed management plans, procedures and policy
• Audit current and future Commercial off the shelf based PLC and SCADA systems
• Working with the engineering teams to implement the right security strategy
• Monitor selected COTS hardware and software for any suspicious behavior or traffic
• Document best practices for security and information assurance based on business and user requirements
• Responsible for production of RMADS to support accreditation against JSP440
• Chair security working groups with internal stakeholders, customer, end user and accreditor
• Planning IA activities to support design system engineering design reviews, software design reviews and software delivery
• Mentoring engineers in IA best practice and embedding an IA culture
• Functional management and mentoring of a graduate IA engineer
• Working within a multi-disciplined team including project managers, supply chain, software engineers, hardware engineers, safety engineers and quality engineers
• Support to new bids and proposals for future opportunities
• Conduct penetration testing to find exploitable weaknesses
• Occasional travel around the UK to suppliers and customers

For this role the ideal candidate would have:
• Ability to use HMG Standards, including Information Assurance Standard 1 and 2 for technical risk assessment and creation of Accreditation documentation.
• Have worked with and implemented:
  - HMG Departmental Policies and Publications such as MoD Joint Service Publications.
  - CESG Good Practice Guides and other CESG guidance.
  - Cabinet Office Policies such as the Security Policy Framework.
  - Systems in high impact level environments, including achieving full IA Accreditation.
• Used HMG Approved hardware devices such as Data Diodes and Enhanced grade encryption devices.
• Familiarity with personal computer lockdown techniques using domain based technologies.
• Security Cleared or be prepared to undergo a Security Clearance.
• Someone with Good presentation and customer facing skills, including working on Security Working Groups.
• Collaborative working to resolve conflicting requirements
• Understanding of systems engineering lifecycle and how to apply this to IA
• Communication of complex technical issues and solutions to non-technical stakeholders

This role would be suitable for:
• An experienced Security Architect who was also a CESG Listed Advisor Scheme (CLAS) member and is now a CESG Certified Professional (CCP).
• Information Assurance (IA) practitioner.
• Experienced ISO27001 practitioner, including creating Statement of Applicability's.
• Someone who has an understanding of Cryptographic techniques and technologies.

Ideally, the candidate would be:
• A member of an IA group such as the Trusted Security Advisor Register (TSAR).
• A member of an IA related professional body such as IISP, APM Group or BCS.
• Familiar with Network Penetration Testing using manual or automatic methods including tools such as the US DoD Cyber Security Evaluation Tool.
• Experienced in a maritime environments.
• Experienced in Industrial Control Systems environments.

As well as a competitive salary, we also offer a flexible benefits package including, flexible working, private healthcare and pension.

Interested in applying?

Please send a CV and a covering letter by clicking on the apply now button below: