- Formal risk assessment of the PPP O365/Azure security configuration and other systems.
- Recommendations around mitigations necessary to minimise the materialisation of identified risks in line with the SL risk framework.
- Production of risk reports to support the PPP ITSO with the PPP CS&IA Plan.
- Represents PPP cyber risk exposure in any security related working groups within SL, Regulatory or internal PPP environs.
- Analysis of system configurations and in cognisance of NCSC guidance, determination of associated risk in relation to systems or solutions developed or implemented by PPP Partners for SL.
- Assists with input to the risk tracking of PPP related cyber risks and the management of a PPP Cyber and Information security/privacy risks by the PPP ITSO for the PPP ICT Manager.
- Formal determination of cyber and information security/privacy related risks and issues.
- Qualification or membership of a professional body in Information Security.
- Qualification as an NCSC Cyber Certified Practitioner (CCP) at SIRA level, or a former GCHQ CESG CLAS consultant.
- Significant experience in applying Cyber Security Standards.
- Experience in applying technical information technology and information assurance controls to business information models.
- A good understanding of:Cyber Security threats and exploitation.ICT (both IT and OT) architecture.NCSC architectural approach.
- Ability to interpret business requirements and technical ICT documents into Cyber Security requirements.
- Good understanding and knowledge of ICT systems (software, hardware and networks) and applications both legacy and current.
- Good communication skills across all levels of the business and able to talk to non-specialists, specialists, and senior stakeholders.
- Ability to work independently and unsupervised.
- Excellent problem-solving skills.
- Methodical and logical approach.
- Self-motivated and can demonstrate high levels of resilience, honesty, and integrity.
- Hold or be capable of obtaining government clearance (SC/SL – Nuclear).
- Ideally qualified at a minimum of degree level in an IT, Cyber Security, or associated technical or engineering studies.
- CISSP or equivalent.
- Experience of working with operational cyber security teams.
- Experience of working with Regulators/in a Regulated environment.
- Detail oriented.
- Communicator and Collaborator
- Passion for Success
- Team Player
- Empathetic and Considerate #LI-JI1 #LI-HYBRID
Security Information Risk Advisor - Birchwood, United Kingdom - KBR
Description
Description
:The Senior Information Risk Adviser (SIRA) is an autonomous risk role to support the PPP ITSO and Head of IT with understanding the technology risks and propose mitigations to assist in establishing and maintaining an enduring cyber security and information assurance posture. The role's primary function is to conduct formal risk assessments on the PPP IT environment that supports PPP business needs whilst satisfying SL and ONR/ICO Regulatory requirements. The role's secondary function is to assist in developing the "secure by design" approach for the delivery of programmes and projects by PPP.
Role Responsibilities:
The role has a broad scope spanning technical and process risk across the cyber security, information security and privacy space and will necessitate engagement with SL CS&IA (Cyber Operations, Assurance, Risk, Data Protection), SL ISO (Architecture, Service and Knowledge Management), SL Cyber Programme and PPP Partners. The output will include (but is not limited to) the production of formal risk assessments conducted to the standards acceptable to SL, including but not limited to HMG IS1, IRAM 2 or other ISO27005 assessments as agreed. The output will be used to determine the exposure to risks and likelihood of materialisation, required mitigations and support to PPP CS&IA planning necessary to support correctness of posture, satisfy Regulatory matters.
Main duties include:
Specific:
The Senior Information Risk Adviser (SIRA) is an autonomous risk role to support the PPP ITSO and Head of IT with understanding the technology risks and propose mitigations to assist in establishing and maintaining an enduring cyber security and information assurance posture. The role's primary function is to conduct formal risk assessments on the PPP IT environment that supports PPP business needs whilst satisfying SL and ONR/ICO Regulatory requirements. The role's secondary function is to assist in developing the "secure by design" approach for the delivery of programmes and projects by PPP.
Experience, Skills and Knowledge:
Essential:
Desirable:
Behaviours: