Account Security Manager

The role:

• Acting as the security subject matter expert (SME) of all contracts managed by the Account by being thoroughly familiar with the Security Aspects Letter (SAL), contractual security requirements and all Security and Business Continuity Planning requirements,
• Ensuring CSC security policies are adopted, providing additional interpretation/applicability clarifications, where required by specific contractual requirements in an Account Security Plan (ASP) and that all Variances are documented,
• Ensuring all other staff with subordinate security responsibilities are adequately briefed and that these tasks are properly coordinated to ensure they are fulfilled in an effective and most efficient manner,
• Coordinating with the CSC Security Controller the personnel security aspects of account Joiners, Movers and Leavers to ensure all staff have appropriate security clearance and meet any International Trafficking Arms Regulations (ITAR) nationality constraints for the ICT accounts and the duties they have been assigned and ensuring upon transfer or departure their privileges are revoked,
• Facilitate an active Security Governance model and maintain an Account Risk Register documenting risks to service delivery, and ensure that risks are regularly reviewed and escalated appropriately,
• Reporting promptly all security related incidents and only when directed, provide their independent investigation and provision of an incident report,
• The notification, investigation and resolution of security related incidents should be in accordance with the Account Security Incident Management policies/processes,
• Coordinating any external security auditing of the account and undertaking all scheduled Internal Security Audits, in accordance with the plan,
• Actively supporting the Security Improvement Programme (SIP) initiatives within the accounts and fulfilling any other security related management issues that may arise,
• Facilitate security audits of their account, ensuring staff are prepared, all related records and documents are current and are made available for inspection. Contribute to the internal audit programme when tasked,
• Ensure that each system has appropriate, approved security documentation, is operated in accordance with that documentation and also meets the requirements of the Data Protection Act,
• Delivery of specific projects and initiatives as agreed,
• Ensure work of the Account Security Resources is carried out effectively,
• Execute AGM and customer strategic direction and carry out tasks as requested,
• Promptly respond to user issues, as necessary, advise users on IA and Security aspects of their work including applications development,
• Provide advice on all information assurance and security issues, to ensure that desired business outcomes are not impacted adversely,
• To be familiar with Security regulations/standards and UK Legislation.
• In particular;
  • DPA
  • FOIA
  • OSA
  • CeSG GPGs
  • JSP440
  • JSP480
  • JSP604
  • ISO27001
• Deliver the contractual obligations of Security and IA, as set out in the Contract(s),
• Provide assurance to senior executives that the organisation, processes and technologies that implement IT security controls are effective and efficient,
• Management of specific risks for which the ASM/CSO is the appointed risk owner/manager,

MUST HAVE:

Either CISM, CISSP, CLAS or M.Inst.ISP Qualification