MASS requires an experienced Information Security Architect to join a growing team which provides security assurance services to a range of public and private sector clients, as well as supporting the Company internal operations.
The role supports our customers by recommending and applying architecture and security principles and practices to guide the organisation through the business, information, process, and technology changes necessary to achieve the business objectives.
The role is contractually based from MOD Abbey Wood, but this is a client facing role so the successful candidate must be comfortable with travel to client locations and MASS work sites.
You will: Have the ability to speak on behalf of technical teams and facilitate the relationships with direct and indirect stakeholders.
Drive beneficial security change into the business through the development and review of architectures so that they; fit business requirements for security, mitigate the risks and conform to the relevant security policies whilst balancing information risk against the cost of countermeasure Understand the design of systems characterised by managed levels of risk, manageable business and technical complexity and meaningful impact.
Understands technology and identifies appropriate patterns.
Advise and enable technical teams to make security decisions and provide advice and guidance, ensuring the effective use of common tools and patterns.
Have a proactive responsibility to deliver secure systems and implement proportionate controls to enable business outcomes.
Test final security structures to ensure they behave as expected.
Update and upgrade security systems as needed.
Generate products such as sketches, models, an early user guide, and prototypes to keep the user and the engineers constantly up to date and in agreement on the system to be provided as it is evolving.
The preferred candidate will be a CESG Certified Professional (CCP) IA Architect and will have demonstrable experience in information and IT security.
This will include: Risk assessment and management methodologies; in depth technical understanding of secure IT system architecture; identification and production of relevant security and accreditation artefacts and the subsequent production of Risk Management Accreditation Document Set (RMADS) and Information Assurance processes.
A good understanding of the application of security controls to IT systems and conversance with HMG / NCSC IA publications and ISO 27001 are essential.
The successful candidate will be a strong team player with excellent communication skills, and will be required to hold, or be in a position to qualify for Developed Vetting (DV) Security Clearance.
Mandatory Skill Requirements: Understanding of security technologies Access control models.
Public and private encryption.
Intrusion detection techniques and how to apply them.
Common design patterns for mitigating against information risks.
Software - Knowledge of CAPS / CPA / Common Criteria products.
Tools and Methodologies: At least one of the following recognised IT Security certifications.
CCP IA Architect at either senior or lead level.
CISSP, CISM, CISA, ISO 27001.
At least one of the following recognised Risk Assessment or Risk Management certifications or training (HMG IS1&2, CRISC, COBIT, ISO27005, Octave) Demonstrable knowledge of HMG accreditation process, ISO27000 series, NCSC IA portfolio, End User Device security strategy: Security Policy Framework, Gov.UK Cyber Security Guidance and controls.
Applications: Competent in the use of the MS Office suite.
Creation of architectural models using System Modelling Language (SysML) Unified Modelling Language (UML) or Business Process Modelling Notation (BPMN).
Other: Demonstrate a good understanding of the business relevance of information risks and the current trends and growths in information security.
Demonstrate the ability to explain business principles of secure system designs in terms of business risk.
Subject matter expertise in an element of information risk management, accreditation, governance or compliance.
Ability to produce security cases, accreditation evidence artefacts and documentation to support Accreditor approvals.
Awareness of ITHC requirements and analysis of results.
Conducting Compliance Audits.
An ability to explain secure system designs in terms of business risk.
Hold a Full UK Driving License.
Desirable Skill Requirements: Technologies - Experience implementing NCSC design patterns Tools and Methodologies: ITIL.
Experience, Industry recognised qualifications and knowledge of relevant architectural frameworks (TOGAF, MODAF, SABSA and/or DODAF etc.) to support the specific business Cyber Essentials Auditor/Technical Assessor.
Familiarity with:JSP 440 MOD Manual of Security, Industry Security Control Systems and Risks (SCADA), JSP604 Defence Manual for Information and Communications Technologies (ICT).
General Data Protection Regulation (GDPR) Applications - Familiar with the following tools, Archimate, SPARX Enterprise Architect.
Other: CPNI CMAT framework.
Business Continuity and Disaster Recovery Planning.
Experience in writing or updating information assurance operating policies and compliance procedures.
Ability to take a rounded view of security issues and make risk judgements across the relevant scope.
Performance of IT security audits.
Benefits will include: 25 Days Holiday Company Pension Private Medical Insurance Subsidised Gym Membership Childcare Vouchers Company Benefits Portal Share Save Scheme MASS is an equal opportunities employer