Evodia Limited is seeking a highly experienced SC cleared Project Security Lead for our Defence client. This is a fantastic opportunity to contribute to key security initiatives within a complex, high-security environment, helping to safeguard critical systems and information. The role offers a flexible working pattern, with the choice of being based in Corsham, Wiltshire, or Portsmouth, Hampshire, with hybrid working (2 to 3 days onsite per week).
What you’ll be doing
As the Project Security Lead, you will be responsible for establishing and maintaining robust security activities across the project lifecycle. Your role will involve implementing continuous assurance strategies aligned with Secure by Design (SbD) guidance, ensuring compliance with MOD policies such as JSP 440 and JSP 453. You will provide expert advice on risk management, oversee security controls, and facilitate stakeholder engagement across multiple Defence and governmental teams. Key responsibilities include:
- Providing expertise on cyber risk mitigation, identifying threats, and managing security risks throughout the system lifecycle.
- Developing and maintaining security artefacts and managing compliance with relevant standards and policies.
- Representing the project in security forums and working groups, ensuring clear communication of cyber risks to all stakeholders.
- Overseeing all assurance activities, including audits, vulnerability assessments, and remediation plans.
- Balancing business needs with security requirements to find pragmatic, effective solutions.
What we’re looking for
Our ideal candidate will have proven experience operating within a security risk role or working within frameworks such as NIST RMF or CSF. You should possess a thorough understanding of defence policies, standards, and risk management processes, alongside excellent stakeholder engagement skills.
Essential:
- Experience in security risk management within the defence or government sector.
- Familiarity with JSP 440, JSP 453, and MOD cyber security policies.
- Ability to produce Security Management Plans, Security Instructions, and related policy documentation.
- Strong understanding of risk reduction strategies like Incident Response, Vulnerability Management, and Patch Management.
- Experience leading risk assessments, risk treatment planning, and managing IT health check activities.
- Effective stakeholder communication skills within MOD or similar environments.
- Current SC security clearance (minimum)
Desirable:
- Professional registration such as CISSP, CISM, CGRC, or equivalent.
- Chartered status or membership in a recognised cyber security or engineering body.
What’s on offer
This is a 2-year contract, inside IR35, with a negotiable day rate. The role provides the chance to work within a critical, high-security environment, making a significant impact on national defence projects. On offer is a collaborative, supportive environment where your expertise will help shape vital security strategies for the MOD. If you’re ready to bring your security expertise to a challenging, rewarding project, we’d love to hear from you. Apply now to join a team committed to excellence and integrity in defence cybersecurity.