Public sector experience must have. Need someone available immediately
The Security controller is required to assume the responsibilities for ensuring that security procedures are maintained in compliance with the Government Security Classifications framework and are continually improved and developed in accordance with good practice, legislative change and client policies and procedures.
This position will be the focal point for security management practices both within the organisation as well as regular engagements with our current public sector programme security stakeholders including client side representatives.
The candidate will also be integral in supporting the development of new business opportunities and services.
and maintaining a security awareness culture.
Client side engagements will require understanding of Government Digital Service security considerations in relation to agile delivery in Public Cloud deployed production services.
Define and contribute to IS program policies & standards Security
To be responsible for the maintaining the information security and compliance processes within assigned area.
To ensure appropriate and timely reporting and escalation of areas of information security non-compliance
To build the security culture and ensure assigned area's are always compliant from information security perspective. Compliance on Information Security areas includes People, Process and Technology.
To be responsible for the daily operation and management of Information Security Technologies and Controls
Carry out security audits / spot checks and ensure compliance and best practice is adhered to.
Be responsible for KPI and metric creation and reporting to allow the monitoring of compliance with Mastek client's security policies and procedures and refer any problems to appropriate departments
This would be an exciting position for an experienced security controller who is seeking new challenges to be part of a rapidly growing secure services organisation.
Skills and Qualifications
Proven experience in excess of 3 years of undertaking a similar role within or engaging with public sector programmes
In-depth understanding and experience of Security Policy Framework, Government Security Classifications and related processes
Understanding of GDS delivery models for end-to-end development and support of accredited systems, e.g. secure by design, NCSC principles and best practices, open source security products and tooling, DevSecOps services, accreditation and ITHC and secure service management
British UK resident and have the ability to obtain and relevant UK Government clearances
Experience in HMG Vetting processes and personnel security controls, working with National security Vetting services to undertake security vetting for new starters
Knowledge of physical security measures and controls
Experience in developing, maintaining, and monitoring policies and procedures so that the business remains pro-actively compliant with current security guidelines and legislation
Ensure employees remain compliant security clearance obligations through the required aftercare processes
Knowledge and understanding of Cyber Essentials and Cyber Essentials Plus
Technical knowledge of networks, operating systems, databases, firewalls, anti-virus, VA and patch management, cloud etc.
Experience in taking a pro-active lead in investigating security breaches
Undertaking advisories for management and other senior stakeholders on the interpretation and implementation of legislative security controls and policies
Detailed understanding of ISO 27001 and related industry standards and working closely with internal IT and management teams
Experience championing security training and awareness initiatives
Flexibility to travel with the UK
Excellent written and oral communication skills
Knowledge of multiple public sector clients and specific standards and policies(e.g. Home Office, MOD, Police)
Relevant certifications and qualifications such as - knowledge on Information security certifications like ISO 27001, Cyber Essential Plus or a related one.
Technical certifications like CISSP, CISM, CISA, ISO 27001 LA
Understanding of other relevant legislative compliance aspects (e.g. GDPR)
Experience in undertaking the design of required security controls for new contracts or for the alteration / establishment of sites where classified assets are to be handled, stored or produced
Experience in undertaking similar roles in the delivery of Critical National Infrastructure and List X services
Awareness and understanding of public cloud security controls and accreditation processes
Supporting presales activities when required in defining information security response to potential UK Government clients