IT Security Assurance Lead
IT Security Assurance Lead
We have an exciting new contract opportunity working from home as a IT Security Assurance Lead.
The role will be an initial 12 month contract and will provide you with the opportunity to monitor key critical security controls within the estate to ensure effectiveness and identifying where failings are occurring.
- Monitoring key critical security controls within the estate to ensure effectiveness and identifying where failings are occurring
- Maintaining an operational overview of all security controls required to meet compliance with regulatory, HMG accreditation and company polices and standards. Where failures of effectiveness occur they are to be identified as findings and tracked to resolution
- Auditing and Assuring Third Party Service Providers (Inc. DXC, Cloud service providers, Telefonica and Capita etc) against operational security requirements as defined in their contracts and where appropriate
- Assessing as required to assist and implement any regulatory frameworks are met and implemented such as ISO20000, ISO27001 and CE+
- Organising and overseeing internal and external Pen tests to assess control effectiveness and support compliance and accreditation requirements
- Working in conjunction with the EITS Service Operations Teams to manage the security aspects of service delivery of UK Service Providers including representing Information Security in Service Review Meetings
- Reviewing and assuring externally provided Security Services to maximise the service benefits; recommending changes and improvements as appropriate (Inc. GSOC, UK SOC, Outpost 24 and McAfee)
- Contributing to root cause analyses of major security incidents and following security findings through to completion with Business Group, SI and Service Provider stakeholders
- Assuring the security impact of changes to the enterprise IT infrastructure and recommending remedial actions to ensure compliance and HMG security policy and standards
- Assisting with security reporting providing evidence of assurance around key security control effectiveness
- Representing the Information Security Authority at monthly Tow er Service Reviews where specific security issues need to be review ed or addressed
Key skills & qualifications
- Strong track records of auditing or assuring the security of services in the Government sector (or commercial organisations bound by HMG standards)
- Strong analytical background with the ability to analyse and interpret large and complex data sets and articulate observations, conclusions and recommendations to senior audiences
- In-depth know ledge of HMG and industry standard security policy, standards and good practice guidance and their application to a variety of IT solutions processing protectively marked information
- Wide ranging know ledge of application, infrastructure and security technologies and in-depth know ledge of implementing them in a secure configuration
Educated to degree level (or equivalent) preferably in a related discipline
- CLAS or CISSP/CISA/CISM qualification desirable but not essential
- Strong communication skills with the ability to communicate complex subjects to a variety of audiences, pulling out key issues and decision points
- Excellent negotiation and interpersonal skills for managing relationships with internal and external stakeholders and dealing with escalations
- Capable of a very high standard of written communication including experience of writing complex reports and giving formal presentations
- Ability to work autonomously and manage workload and priorities based on demand from multiple different projects and initiatives
- Strong team working ethic and strives to meet personal and team objectives
What we’re looking for in you
Excellent verbal and written communication skills.
Well-developed analytical/ problem solving/ decision making skills.
Strong organisational skills who is adaptable in a fast-paced environment.
Stakeholder management skills.
Location: Working from home
Rate: £66.85 per hour (INSIDE OF IR35)
AAP3 is acting as an Employment Business in relation to this vacancy.