The public sector client is looking to recruit a Senior Information Security & Risk Advisor for a 12 month temporary contract based in Litchfield. There may be a possibility for you to work from home on occasion, you will however, be required to travel to other MOD locations when required. The successful Security Advisor will have the relevant skills and experience specified below. The successful Security Advisor will have a valid SC Clearance. Please Note: This assignment sits inside of IR35.

Your tasks will include: Identifying, analysing and evaluating information risks with the business. You will be required to explain to risk owners and other stakeholders the causes, likelihood and potential business impacts of information risks throughout the information system lifecycle. You will be tasked with assisting and checking compliance with applicable regulations, standards, policies and guidance on information risk management, which will then enable you to present risk management options to the business.

Provides specialist information security advice requiring at least one IISP skill at skill level 3 Plans and manages delivery of a security work programme. Manages or supervises Security _ Information Risk Advisors.

Experience:
• Experience within the cyber security & IA profession within the MOD.
• MOD Accreditor and / or Security Assurance Coordinator (SAC) experience.
• ISO 27001 or ISO 9001 auditor experience (ideally)
• Data Protection Act (DPA18) experience including production of DPIAs. (ideally)

Support the development of appropriate and proportionate documentation to inform risk management decisions, ensuring these are expressed in terms meaningful to the business. To investigate security incidents. To promote security awareness. To provide threat guidance.

Responsibilities To achieve a particular responsibility level the candidate should meet the standard in the headline statement.. The supporting bullet points provide examples of activities, behaviours or responsibility consistent with the standard. Other examples may also meet the standard. Headline statement. Enables provision of the Security and Information Risk Advisor service across a range of business units, sites, projects or other change activities. Selects appropriate risk assessment techniques for use across the client programme. Identifies information risks which are systemic across the programme or business. Understands and provides guidance on the threat environment. Recommends implementation of new IA controls across the programme or enterprise to provide more cost effective risk mitigation in the long term and ensures these are traceable. Contributes to the development of IA strategies, policies, guidance and awareness and aligns these with local risk management practices Integrates information risk management into programme risk management. Manages security incidents escalated from a Security and Information Risk Advisor in accordance with applicable policies and standards.

Qualifications – Preferred:
• Degree in the Information Cyber Security & Assurance discipline
• CISSP
• CISM

Professional Membership in Information Security and Cyber (eg: Institute of Information Security Professionals (IISP), NCSC Certified Professional (CCP), ISACA CISM, ISC2 CIISP, BCS.

Candidates will be CESG Certified IA Professional Senior Security and Information Risk Advisor