Information Security Controller, Reading
Agilebydefault Limited
Reading, Berkshire, UK
6d ago

Public sector experience must have. Need someone available immediately

Role Description

The Security controller is required to assume the responsibilities for ensuring that security procedures are maintained in compliance with the Government Security Classifications framework and are continually improved and developed in accordance with good practice, legislative change and client policies and procedures.

This position will be the focal point for security management practices both within the organisation as well as regular engagements with our current public sector programme security stakeholders including client side representatives.

The candidate will also be integral in supporting the development of new business opportunities and services.

Role

  • Include the design and implementation of physical security controls; management of personnel security processes;
  • Implementation of information management policies; monitoring of secure services to ensure compliance; pro-active development of best practices;
  • and maintaining a security awareness culture.

    Client side engagements will require understanding of Government Digital Service security considerations in relation to agile delivery in Public Cloud deployed production services.

    Define and contribute to IS program policies & standards Security

    To be responsible for the maintaining the information security and compliance processes within assigned area.

    To ensure appropriate and timely reporting and escalation of areas of information security non-compliance

    To build the security culture and ensure assigned area's are always compliant from information security perspective. Compliance on Information Security areas includes People, Process and Technology.

    To be responsible for the daily operation and management of Information Security Technologies and Controls

    Carry out security audits / spot checks and ensure compliance and best practice is adhered to.

    Be responsible for KPI and metric creation and reporting to allow the monitoring of compliance with Mastek client's security policies and procedures and refer any problems to appropriate departments

    This would be an exciting position for an experienced security controller who is seeking new challenges to be part of a rapidly growing secure services organisation.

    Skills and Qualifications

    Essential :

    Proven experience in excess of 3 years of undertaking a similar role within or engaging with public sector programmes

    In-depth understanding and experience of Security Policy Framework, Government Security Classifications and related processes

    Understanding of GDS delivery models for end-to-end development and support of accredited systems, e.g. secure by design, NCSC principles and best practices, open source security products and tooling, DevSecOps services, accreditation and ITHC and secure service management

    British UK resident and have the ability to obtain and relevant UK Government clearances

    Experience in HMG Vetting processes and personnel security controls, working with National security Vetting services to undertake security vetting for new starters

    Knowledge of physical security measures and controls

    Experience in developing, maintaining, and monitoring policies and procedures so that the business remains pro-actively compliant with current security guidelines and legislation

    Ensure employees remain compliant security clearance obligations through the required aftercare processes

    Knowledge and understanding of Cyber Essentials and Cyber Essentials Plus

    Technical knowledge of networks, operating systems, databases, firewalls, anti-virus, VA and patch management, cloud etc.

    Experience in taking a pro-active lead in investigating security breaches

    Undertaking advisories for management and other senior stakeholders on the interpretation and implementation of legislative security controls and policies

    Detailed understanding of ISO 27001 and related industry standards and working closely with internal IT and management teams

    Experience championing security training and awareness initiatives

    Flexibility to travel with the UK

    Excellent written and oral communication skills

    Desirable :

    Knowledge of multiple public sector clients and specific standards and policies(e.g. Home Office, MOD, Police)

    Relevant certifications and qualifications such as - knowledge on Information security certifications like ISO 27001, Cyber Essential Plus or a related one.

    Technical certifications like CISSP, CISM, CISA, ISO 27001 LA

    Understanding of other relevant legislative compliance aspects (e.g. GDPR)

    Experience in undertaking the design of required security controls for new contracts or for the alteration / establishment of sites where classified assets are to be handled, stored or produced

    Experience in undertaking similar roles in the delivery of Critical National Infrastructure and List X services

    Awareness and understanding of public cloud security controls and accreditation processes

    Supporting presales activities when required in defining information security response to potential UK Government clients

    Report this job
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form