Our defence sector client requires two SC or DV cleared Security Architects to provide technical advice to users and to lead the development and assurance of all deliverables related to a Cyber Attack Recovery Planning (CARP) Project. There are two roles available - one for 6 months in duration and the other for 12 months. The roles will require a presence insure in Corsham for 2-3 days per week.
The Security Architects will be accountable for all technical support and assurance activities associated with the Project. This will include (but is not limited to):
- Recommend controls and identify solutions that support MOD in improving its ability to recover from cyber incidents.
- Provide specialist advice and recommend approaches across teams and stakeholders.
- Support supplier facilitated ‘pre-mortem’ workshops focussed on helping System/Service teams in developing their compliant Cyber Recovery Plans.
- Support supplier facilitated workshops focussed on testing/exercising system/service teams Cyber Recovery Plans to measure and improve their effectiveness.
- Provide technical assurance of SORs, commercial artefacts and supplier proposals.
- Review, refine and maintain all cyber recovery policy, guidance, and other documentation.
- Work closely with teams from complex interconnected and interdependent systems to support them in applying guidance and developing recovery plans at an enterprise level.
- Understanding security implications of transformation. You can interpret and apply an understanding of policy and process, business architecture, and legal and political implications to assist the development of technical solutions or controls.
- You can apply the approach to real problems and consider all relevant information. You can apply appropriate rigour to ensure a full solution is designed and achieves the business outcome.
- You can demonstrate a deep understanding of security concepts and can apply them to a technical level. You can effectively translate and accurately communicate security and risk implications to technical and non-technical stakeholders. You can successfully respond to challenges. You can manage stakeholder expectations and be flexible, adapting to stakeholder reactions to reach consensus. This should include and understanding of ISO27001.
- You can advise on developments to security properties in technology. You can identify new technologies and design their use in a business context.
- Enabling and informing risk-based decisions. You can work with risk owners to advise and give feedback. You can advise on risk impact and whether this is within risk tolerance. You can describe different risk methodologies and how these are applied, as well as the proportionality of risk.
- Hold a Certified Information Systems Security Professional (CISSP) certification.