A fantastic opportunity has arisen for a Senior Project Security Officer to join the team with our prestigious client, this is a hybrid role 3 days per week at their offices in Crawley
Job description
Reporting directly to the head of Bid and Programme Management and the Senior Information Risk Owner, you will, by taking direct responsibility for major bids/projects and assisting/directing Project Security Officers on minor bids/projects, ensure that that all our projects comply with the relevant information security requirements. You will also play an important role in improving the departments information security posture by helping the corporate security function raise awareness of the cyber threat and inculcate a strong information security culture across the business.
Key responsibilities will include:
• Assisting project teams in remaining compliant with current security guidelines and legislation.
• Draft and develop Technology Control Plans and Security Procedures that ensure compliance whilst enabling effective working methods.
• Liaise with UK IS and Security teams to ensure our needs are represented in UK policy and procedures and that our understanding of such policies and procedures are properly disseminated to our teams and their working instructions.
• Conducting and/or organising security audits/assessments to test adherence to business policies and procedures.
• Maintain a register of PSOs for the CBU and corresponding register of SALs
• Work with PSOs to develop a clear implementation framework for the SAL including any modifications to standard ways of working. Look for inconsistencies or possible operational improvements in the SAL and support discussion with the customer.
• Work with PSO to provide summative information about the Security Aspects Letters that will help teams understand clearly the responsibilities they have and what that means for the way they work
• Providing support and guidance to the project teams for security related activities e.g. ensuring that bid packs and other media are appropriately redacted, protectively marked and their distribution managed accordingly and ensuring that specific security policies and rules (e.g. security aspects letters) are understood and observed.
• Ensuring ITAR access to controlled information assets is recorded and controlled in accordance with policy. Keep a register of the access and use security tools/reports to support monitoring of access.
• Work with the Product Owners/Project Managers to ensure build records are maintained for our products with the correct security labels.
• Conducting security briefings to Thales personnel to ensure that a culture of security awareness is maintained and that staff understand their roles and responsibilities in respect of security – this will include briefings carried out as part of bid or project launch activities.
• Issuing regular communications on security matters to ensure that SIX UK staff are updated with changes in legislation or policy and the emergence of specific security issues or threats.
• Ensuring access to controlled information assets is recorded and controlled in accordance with policy. Keep a register of the access and use security tools/reports to support monitoring of access.
• Controlling and facilitating the distribution of sensitive information assets internally to the business and with third parties.
• Controlling sensitive physical assets (e.g. cryptographic or media) in accordance with policy
• Conducting audits and reporting on the status of information and physical assets.
• Supporting the conducting of investigations into breaches of security.
• Maintaining personal and business awareness of Government, Defence, Commercial and our business Corporate security legislation, rule and policies.
You will have a detailed knowledge of security requirements across the defence and commercial sectors and have experience of:
a. HMG’s Contractual Process
b. Security Policy Framework
c. DEFCON 649, 658, DEFSTAN 05-138 and the Cyber Security Model
d. Security Aspects Letters
e. F680 and F1686 applications
f. ISO 27001 and
g. The Cybersecurity Maturity Model Certification.
h. ITAR
Recognising the restricted nature of the work there is a requirement for the candidate to be eligible to obtain Security Clearance for this role.
