Information Security Adviser - Bristol

65.00 - 85.00 GBP Hourly
09 Nov 2016
07 Dec 2016
Contract Type
Full Time
Role Title: Information Security Adviser

Location: Bristol

Rate: ??65 - ??85 per hour

Clearence: SC

Role Activities

* Identifying security risks within complex air/ground computer and information systems and developing for implementation, effective and risk balanced security measures.
* Providing security documentation and evidence to meet HMG (MOD, Police and OGDs) security accreditation requirements.
* Liaison with customers, accreditors and technical authorities, including attendance at Internal Company and wider Industry Security Forums and Working Groups when necessary.
* Performing security analysis of operational environments, threats, vulnerabilities and internal interfaces to define and assess compliance to accepted industry and government standards.
* Conducting advisory and verification audits to maintain certifications which include ISO27001 and Cyber Essentials Scheme.
* Contributing to the development of information governance and risk management structures and processes.
* Assisting in the integration of information assurance activities with the system engineering, design and manufacturing elements of new business ventures and programmes.
* Engaging with stakeholders, the engineering team and sub-contractors to provide direction, guidance and support on acceptable and balanced information security solutions.
* Developing business and user focused security policies, procedures, processes and operational guidance for the compliant delivery of customer and Enterprise information security requirements.
* Maintaining knowledge of technology development (both hardware and software), threat actors, tools and techniques and the risk implications for information security.

* Assisting in security investigations and incident response, and contributing to development of business resilience measures.
* Participating in and/or leading the development of information security training materials and processes as well as training general and privileged users on information security processes, policies and procedures.

Typical Qualifications/Education

* Preferably qualified to degree level (or equivalent) or with substantial relevant information security experience, particularly within a similar role in UK Government or Defence.
* Relevant industry security certifications would be advantageous (e.g. CCP, CISSP, CISA, CISM or CIS auditor qualification such as ISO27001 Lead Auditor).



* Knowledge and understanding of MOD and Government information security policy, standards and guidance.
* Understanding of systems and security verification, validation, testing and evaluation approaches, including HMG Information Assurance schemes and processes.
* Experience in generation of information security Risk Assessments, Risk Treatment Plans and Risk Management and Accreditation Documents.
* Experience in the specification and development of effective and balanced information assurance solutions or approaches.
* Ability to analyse the security aspects of business risks
* Pragmatic approach to the recommendation of security controls


* Experience of assuring IT systems in a secure government environment (MOD OFFICIAL SENSITIVE) would be a distinct advantage.
* Knowledge and understanding of CESG CAPS and CPA processes and evaluations.
* Information assurance experience across the Systems Engineering, Development Lifecycle would be preferred.
* Experience of participating in developing security solutions in response to Invitation to Tenders
* Detailed understanding of data protection controls and practices
* Knowledge of computer security audit and investigative techniques is desirable