Summary of the work:
Specialist role – Technical Architect
Security Information Assurance Consultant to support Borders IT.
Latest start date Monday 3 July 2017
Organisation the work is for Home Office
About the work
Who the specialist will work with:
Key stakeholders within Border Force, Home Office Digital Data and Technology, Home Office and Security Services. The programmes are resourced by a range of specialist resources including Home Office Civil Servants and other government Civil Servants.
What the specialist will work on:
The specialist will work in a central role in Borders IT, performing information assurance work to enable key projects to begin and also assure and advise project teams during development. This will involve creating RMADS style documentation to look at threats/risks/mitigations and residual risk for each project and make a recommendation back to business/technology and influence the architecture design. All expected to be cloud hosted in AzureUK with the mix of IaaS, SaaS and PaaS to be determined (and influenced by the security work).
Skills and experience
Essential skills and experience:
Strong experience of security information assurance Methodology.
Experience of formulating Information Security Governance Structure.
Excellent knowledge of government standards and GPGs.
Strong experience with government security policy framework (SPF).
Proven background of compiling information assurance frameworks.
Experience of preparing and reviewing RMADS and associated documents including the provision of Risk Treatment Plans and recommended remedial activities.
Experience of formulating Risk Assessment summaries.
Experience with commercial risk assessment methodology e.g. ISF and IRAM
Experience with ISO27001:2013 and risk assessment methodology.
Ability to manage technical assessments of security related technologies, vulnerability assessments and penetration tools and techniques.
Good understanding of risk based architecture and design.
Good understand of securing applications, databases, networks and infrastructure.
Excellent interpersonal and communication skills.
Ability to form and maintain relationships at all levels of engagement.
Appreciation of development and project life-cycles, including Agile methods.
Experience of formulating and delivering Security Awareness Training.
Nice-to-have skills and experience:
Experience of working on digital by default service standard compliant government website.