Information Assurance Adviser - Bristol, United Kingdom - BOEING

BOEING
BOEING
Verified Company
Bristol, United Kingdom

2 weeks ago

Tom O´Connor

Posted by:

Tom O´Connor

beBee Recruiter
Description
At Boeing, we innovate and collaborate to make the world a better place.

From the seabed to outer space, you can contribute to work that matters with a company where diversity, equity and inclusion are shared values.

We're committed to fostering an environment for every teammate that's welcoming, respectful and inclusive, with great opportunity for professional growth.

Find your future with us.


Introduction:


The Role:


An exciting opportunity has become available to join the BDUK Information Assurance Team as an Information Assurance Adviser in support of the BtG contract.


Responsibilities:

The Information Assurance Adviser maintains the deployment of programme Information Security and Assurance for assigned systems to meet the programme and enterprise requirements, policies, standards, guidelines and procedures:

  • Performs Information Assurance and Security compliance through continuous monitoring.
  • Performs and participates in Information Assurance and Security assessments and audits.
  • Prepares, reviews, and presents technical reports and briefings.
  • Identifies and contributes to the identification of root causes, prioritizes threats and recommends/ implements corrective action.
  • Demonstrates technical knowledge and methods regarding information security best practices.
  • Supports and explores enterprisewide information security policies, standards, guidelines and procedures that may reach across multiple stakeholder organizations.
  • Support BDUK assurance interests at the GOSCC at Corsham.


BDUK Information Assurance professionals are expected to work closely with their Information Assurance and Security counterparts to deliver an integrated and focused security effect, knowledge of Information Assurance and MOD Security policies such as JSP440 and JSP604 is preferred.


Role Activities:


  • Support the IA Team Lead in maintenance of Service Delivery Management Plans, RMADS, risk assessments and other relevant security documentation.
  • Provide advice and guidance on applicable security policy and technical solutions to internal and external stakeholders.
  • Facilitate the timely completion and presentation of accreditation to the Authority accreditor for services within scope of the contract.
  • Ensure maintenance of Authority to Operate across all services within scope of the contract.
  • Identification and recording of risks related to services within scope of the contract, and management of the working risk register.
  • Report instances of noncompliance with relevant policy and UK law to the Authority, and ensure the organization follows defined procedures for reporting of hardware and software vulnerabilities.
  • Appraisals and scoping of security testing, evaluation of and managing associated reports, and ensuring resolution plans are implemented and adhered to.
  • Collaboration within the organization to identify hardware or software security vulnerabilities, malicious software and other security related weaknesses including the areas of obsolescence, patching and antivirus.
  • Perform auditing activity against various aspects of the programme in line with ISO27001, to schedule and scope as determined by the IA Team Lead
  • Provide impact assessment to any change activity as presented by Project Management, and review/update any relevant documentation to support changes in the accredited baseline or security enforcing functionality.
  • Oversight and representation of Assurance interests at various meetings.
  • Validation of Security Operating Procedures in accordance with contractual obligations.
  • Maintaining knowledge of technology development (both hardware and software), threat actors, tools and techniques and the risk implications for information security.

Typical Qualifications/Education:


  • Ideally qualified to degree level (or equivalent) or with extensive relevant information security experience, particularly within a similar role in UK Government or Defence.
  • Relevant industry security certifications would be advantageous (e.g. CCP (Ex-CLAS), CISSP, CISM).

Essential knowledge and skills:


  • Knowledge and understanding of MOD and Government information security policy, standards and guidance.
  • Knowledge of assuring IT systems in a secure government environment (MOD)
  • Understanding of systems and security verification, validation, testing and evaluation approaches, including HMG Information Assurance schemes and processes.
  • Experience in generation of information security Risk Assessments, Risk Treatment Plans and Risk Management and Accreditation Documents in accordance with ISO2700
  • Experience in the specification and development of effective and balanced information assurance solutions or approaches, including the ability to analyse the security aspects of business risks
  • Pragmatic approach to the recommendation of security controls.
  • Ability to plan, prioritise and manage own workload with limited daytoday supervision, but know when to seek assistanc
More jobs from BOEING
See all jobs of BOEING