SC Cleared Security Assurance Consultant

On behalf of the MOD, we are looking for a Security Assurance Consultant (Inside IR35) for 8 Month contract-based Hybrid in London.

The Ministry of Defence (MOD) is a central government department with a mission to protect our country and provide the ultimate guarantee of its security and independence, as well as helping to protect its values and interests abroad.

To do this we have an annual budget of almost £40 billion and a workforce comprising 193,000 people, almost 59,000 of whom are civilians. We currently manage more than £11 billion of spend every year.

Our work really matters; we offer engaging roles which have a direct impact on the quality of services we provide. We employ people in many different roles and in many locations across the UK and abroad. We have jobs in policy, finance, HR, IS/IT, commercial and project management and all the types of jobs you would expect to find in a government department, or indeed in the private sector. We also employ doctors, dentists, teachers, police, fire service, quantity surveyors, and engineers to name a few. There are many opportunities to develop and progress both within MOD and across the wider Civil Service, whether you're a permanent appointee or an interim.

As a SAC security consultant, you will be responsible for providing security assurance and risk management support to various projects and programmes within the Defence Artificial Intelligence Centre (DAIC). You will act as the main focal point for all security assurance related tasks, working closely with service managers, stakeholders, technical teams and other security professionals. You will also facilitate security working groups, review and assess security controls, produce and maintain security documentation, and support the assurance process under secure by design.

Contributing to the development and review of security documentation and security relevant design documentation, the assurance of the required deliverables and assurance of the IA evidence in the form of documentation, processes, test plans, reports, and risk management activities to the Security Working Group, SRO, Project Board and Assurer to meet objectives defined in work packages and measured key deliverables and associated KPIs for Gen AI delivered projects.

As a Security Assurance Consultant, your main responsibilities will be:
* Conduct security risk assessments and advise on risk mitigation strategies for DAIC projects and programmes
* Define and implement technical and non-technical security controls in accordance with DAIC policies and standards
* Produce and maintain security documentation such as risk management and assurance document sets, security operating procedures (SyOPs), security test plans, etc.
* Establish and chair security working groups to coordinate security activities and resolve security issues
* Liaise with MoD authorities, assurance, and other external parties on security assurance matters
* Monitor and report on the security status and performance of DAIC services and systems
* Support the continuous improvement of security assurance processes and practices within DAIC

Essential:
* Valid SC clearance as a minimum, with the ability to obtain higher clearances if required
* CCP Senior SIRA or equivalent certification for example CISSP or UK Cyber Security Council Chartership
* Minimum of 5 years of experience in information security roles
* Demonstrable experience in delivering information risk management and governance, risk, and compliance (GRC) services to large and complex organisations
* Demonstrable experience in defining and implementing security controls for various platforms and technologies, such as cloud, network, application, etc.
* Excellent understanding of the vulnerabilities and threats that exist within modern ICT and how to mitigate them
* Thorough knowledge of MoD security policies and standards, such as JSP 440, JSP 604, etc.
* Thorough knowledge of MoD assurance process and requirements, such as Secure by Design.
* Experience of working with civilian, military, and contractor staff within the MoD and wider defence industry.
* Excellent communication, presentation, and stakeholder management skills
* Ability to work independently and as part of a team

Desirable:
* Experience of working with security frameworks and standards, such as NIST 800-53, CIS Top 18 CSC, ISO 27001, etc.
* Experience of using security tools and techniques, such as vulnerability scanning, penetration testing, etc.
* Experience in securing Generative AI systems and modern software developments practices.

Please be aware that this role can only be worked within the UK and not Overseas.

In applying for this role, you acknowledge the following "this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different.