The SDA is seeking Cyber Security Specialists to lead, coordinate and assure all activities towards achieving Information Assurance (IA) /cyber security accreditation on its HM Submarines

Please note, due to the nature of the projects involved, this role is open to SOLE UK NATIONALS only, and whilst initially requiring SC level clearance , the successful candidate may be required to obtain Developed Vetting in the future.

Responsibilities

There are two types of roles that need to be filled within this campaign; Cyber Security Managers and Security Assurance Co-ordinators (SACS)

Our Cyber Security Managers will:
– Set teams strategic direction towards achieving cyber security accreditation across the large and complex submarine programme, maintaining oversight and holding to account all suppliers across the Nuclear Enterprise
– Provide, leadership, representation and intervention as appropriate at Security Working Groups at all tiers of the programme, sometimes down to individual sub-tier suppliers in high-risk areas.
– Provide advice and support on cyber security (policy, implementation, risk management, technical testing etc.)
– This role involves engaging effectively with a large stakeholder base, including the capability customer; in-service community; intelligence community and UK Subject Matter Experts in IA/cyber and involvement in early activities to understand how to better integrate the cyber and safety domains within the programme.
– Provide expert advice and guidance in supporting the delivery of Business Continuity and Disaster Recovery planning.
– Lead the testing of relevant controls on the implementation of any system, platform or infrastructure to ensure alignment with security architecture and policy.

The SAC (Security Assurance Coordinator) monitors and reports to the Accreditor, Information Asset Owner (IAO) and Delivery Team on all security matters relating to a project.
The primary tasks of the SAC are to:
– Ensure that security stakeholders roles required for the project have been identified, are aware of their responsibilities, and are suitably briefed;
– Coordinate, consider, witness, manage and report on all security requirements for a project, ensuring they are completed professionally, efficiently, to schedule, and that they are fit for purpose and compliant with relevant policy and legislation;
– Conduct Data Protection Impact Assessments;
– Ensure all appropriate actions are taken to achieve accreditation;
– Provide advice on security policy covering both policy that is already in place e.g., HMG SPF, Departmental Policy (JSP440), IEC/ISO 27001 controls and the creation of new security-related documents for the project, such as a Risk Management Accreditation Document Set (RMADS), relevant legislation (e.g. Data Protection Act, Freedom of Information Act), technical solutions, risk management and Information Assurance;
-Ensure all project cryptographic requirements are met;
– Monitor and report on project security requirements and issues as they arise;-
– Organise the project security meetings such as the Security Working Group and chair them on behalf of the Project Manager, if required;
– Be responsible for the production of all security deliverables (e.g., security documentation, testing witness reports) and ensuring they are fit for purpose and delivered on schedule; and,
– Create, update and manage the Security Risk Register and ensure it is reviewed at the security meetings.

What you will be assessed against
To be found successful you must demonstrate the following essential criteria:
• The ability to evidence a substantial range of cyber and information security knowledge
• Experience, knowledge and/or qualifications in one or more of the following: Information risk management, information security (e.g. CISSP), cyber security of networks, interfacing, product security lifecycles, penetration testing
• Experience in RMADS

It would benefit your application should you be able to demonstrate the following desirable criteria:
• Experience in implementation of cost-effective and pragmatic security enforcing functions within systems or equipment and at system-of-systems design levels
• Experience in leading and managing cyber security on complex engineering programmes
• Experience and knowledge of cyber security in the defence environment, including knowledge of JSP440 and current defence policies and practices
• Experience of working on submarine projects, and an understanding of submarine systems
• Experience of leading / managing across a broad range of stakeholders and regulators

If you are invited to an interview, you will be assessed against the following technical competencies:
• Information Assurance
• Knowledge and Imformation Managament

If you are invited to an interview, you will be assessed against the following behaviours:
• Communicating and influencing
• Making effective decisions

What’s in it for you?
You will receive a generous benefits package including market leading employer pension contributions of around 21% of your salary (not including any personal contribution), annual bonuses, a flexible working pattern to fit you where possible, 25 days holiday +1 additional day every year you work up to 30 days with opportunity for movement and promotion. Some of our sites include an onsite gym, onsite restaurants, cafes and much more.

Find out more about what we offer by clicking here or by using ‘The Little Book of Big Benefits’ booklet PDF at the bottom of this page.

Applicants should be aware that any move across the Civil Service may have implications on an employee’s ability to carry on claiming childcare vouchers.

About your team
Our mission is to both enable and drive SDA towards its vision to become a world-class digital business. The IM&IT function employs professionals from information assurance and cyber security to management information and statisticians. We act as the ‘digital partner’ to SDA, helping the whole organisation to embed new business processes, tools and technology.