Information Assurance Specialist x 2
- Deliver assurance services to the business, EITS, IM&T Sector, Group Function and covering CPE (Customer Premises Equipment).
- Identification of risk and appropriate mitigation requirements, development & analysis of secure solutions (covering technical / physical / procedural / personnel controls) and assessment of compliance with internal and external standards and regulations.
- Deliver documentation to demonstrate compliance to internal and external stakeholders.
- Assessment and provision of control effectiveness in managing information security risk
- Provide security architecture / technical input into the development of secure solutions
- Support development of strategy and continual service improvement for the assurance function
- Act as a subject matter expert regarding assurance activities for the wider organisation
Delivery of IT Security assurance activities to ensure ‘secure by design’ and ‘effective in operation’ for systems and services in scope:
- IT Security risk assessment of systems and services.
- Assess Architectural designs and identify proportionate IT Security controls aligned with business objectives.
- Assessment of systems, services and IT Security controls, to provide an independent analysis of compliance with BAE Systems Security Policy, standards and external regulatory requirements. Lead Assessment of IT Security controls to ascertain effectiveness in reducing risk, including any vulnerability components.
- Analysis, creation and compilation of relevant documentation determining the compliance level of systems and services, technical security controls with applicable certification, accreditation, and internal policy requirements.
IT Security Control Monitoring and Reporting:
- Delivery of control monitoring and reporting to provide visibility of critical controls and their status and effectiveness in managing the information security risk.
- Engage with stakeholders to promote a mind-set of developing secure systems and transfer knowledge of security standards and processes.
- Development, delivery & maintenance of Business reporting and assurance documentation
- Support stakeholders in resolving IT Security issues and act as a subject matter expert regarding assurance activities for the wider organisation
- Minimum of 5 years of IT Security assurance experience, dealing with security risk, requirements, technologies and architectures.
- Educated to degree level (or equivalent) preferably in a related discipline (ICT/Computing, Information assurance, risk management, vulnerability/threat assessment).
- In-depth knowledge of industry standard security policy, standards and good practice guidance and their application to a variety of IT solutions processing protectively marked information.
- In-depth knowledge of threats, risks, vulnerabilities and risk mitigations strategies and techniques
- Broad experience in risk management and the application of risk management methodologies.
- Extensive experience of Accreditation and producing RMADS.
- Wide ranging knowledge of application, infrastructure and security technologies and in-depth knowledge of implementing them in a secure configuration within CPE
- Experience of working in a project environment and awareness of system development lifecycle methodologies.
PLEASE NOTE: This position has been assessed as INSIDE IR35
AAP3 is acting as an Employment Business in relation to this vacancy.