Design secure systems - In order to ensure a long-term strategic solution that are not suitable for Public Cloud, to be able to be operated in HODDaT, HO's Data Centres (HODCs). Able to design secure system architectures through the application of patterns and principles, to meet user needs whilst managing risks. Able to identify security issues in system architectures to advise and enable technical teams to make security decisions and provide advice and guidance, ensuring the effective use of common tools and patterns. They also have a proactive responsibility to deliver secure systems and implement proportionate controls to enable business outcomes.
Provide the bridge between technology delivery and cyber security assurance to ensure the HO can exploit the latest technologies but in a manner that addresses its wider risk requirements.
Advise on security considerations, including preparing & reviewing assurance documentation, for a system or service, applying the security principles and standards set down by the department, NCSC and Cabinet Office, in particular ensuring systems are 'secure by design'.
Ensure the use of Home Office security services and tools where appropriate including the Cyber Security Operations Centre (CSOC), Cyber Incident Response (CIR) and Cyber Resilience Testing (CRT) services.
Promote and develop the reuse of agreed patterns and approaches and support the development of new variants, and support the preparation and completion of high and low-level designs.
Collaborate with colleagues across the cyber security team, assurers, accreditors and senior information risk owners to ensure that agreed designs are subject to end-to-end assurance (and accreditation where appropriate).
Analyse the current environment to detect critical security deficiencies and ensure fixes are implemented in line with policies.
Keep up-to-date on developments in the security and technology industry to ensure that the technology landscape is kept secure in line with industry and government standards (e.g. Cyber Essentials. Cyber Defence controls and Cloud Principles as appropriate)
Recommend security controls and identify solutions that support a business objective.
Provide specialist advice and recommend approaches across teams and various stakeholders. This will include advising on key security related technologies and assessing the risk associated with proposed changes.
Inspire and influence others to execute security standards, policies and principles.
Someone who can:
Effectively translates cyber risk analysis into standards, patterns and approaches to enable the safe exploitation of current and emerging technologies.
Manages stakeholders' expectations and is flexible, pragmatic and able to adapt to reactions to reach consensus.
Designs secure system architectures through the application of patterns and principles, to meet user needs whilst managing risks.
Identifies security issues in system architectures.
Can make and guide effective decisions on risk, explaining clearly how the decision has been reached.
Advises on developments on security properties in technology.
Understands and communicates the impact of vulnerabilities on existing and future designs and systems, and is able to articulate a response.
Can demonstrate great partnership skills, in particular the ability to build effective partnerships and trust with peers across the technology organisation.
Has good communication skills, verbal and written, and a good understanding of the use of different channels and formats for different audiences.
Is technology-agnostic and possesses broad knowledge of a range of technologies
Works with a diverse team across multiple locations.
Responsibilities Essential Criteria
The ability to demonstrate a deep understanding of security architecture principles and practices within complex environments, and be able to apply security concepts at a technical level in an innovative way.
Experience of implementing 'secure by design' throughout the design lifecycle including the evaluation of the security of solutions and services using both manual and automated techniques.
An excellent knowledge of security tools and technologies (including penetration testing) at all aspects of a solution; including network, server, cloud and end-user-compute.
Experience of advising, guiding and influencing on cyber security architecture and cyber risk to senior business stakeholders and security advisors.
Working experience of ISO 27001, NIST, BS EN 31111 CoBIT, SOX and/or other Information Security Management frameworks including NCSC standards and guidance including experience of production and evaluation of assurance documentation.
One or more of the following qualifications CISA, CCSP CCP, CISSP, CISM, or CIA, or equivalent; it is desirable to be a CRTSA (Crest Registered Certified Technical Security Architect) or willing to work towards such
Project People is acting as an Employment Business in relation to this vacancy.