Security Manager

The Role

The successful candidate will be a knowledgeable, enthusiastic and conscientious individual who has relevant Information Assurance and Cyber Security qualifications. The role encompasses maintenance of ADST’s ISO27001 accreditation and coordinating our office security accreditations as well as providing relevant advice on security matters within the business. Your key responsibilities will include the following: 

• Acting as the ADST ISMS Manager and maintaining the ADST Information Security Management System and its artefacts
• Maintaining a programme of internal auditing for the scope of the ISO 27001 accreditation, which includes people (Training), property (Physical) and information (Projects).
• Maintaining our ISO 27001 accreditation by attending all LRQA external audits and carrying out corrective actions.  Reviewing the scope of the ISO 27001 accreditation on a regular basis.
• Attending and minuting regular meetings including Local Information Assurance Managers (LIAMs), Information Security Forum (ISF), Group IS and HR
• Maintaining the IA Sharepoint site.
• Updating the monthly statistics to PowerBi.
• Maintaining and disseminating policy, procedures and guidance for ISO 27001.
• Visiting ADS&T main offices and larger projects to carry out internal audits for physical and project controls.
• Briefing ADS&T personnel on ISO 27001 including IA Policy and training
• Maintaining relevant training records for all staff annually and ensuring that relevant training is provided for LIAMs and auditors.
• Attending DISA and client briefings and meetings to keep up to date with changes in policy, threats and disseminate as necessary.
• Maintaining and disseminating security policy, procedures and guidance in line with client policies.
• Visiting ADS&T main offices to carry out musters and check holdings ensuring the maintenance of classified holdings, including musters and spot checks at each of the relevant sites are carried out.
• Security administration for the secure networks including access management and monitoring of data transfer and usage patterns.
• In conjunction with client accreditors, work with our security controllers to maintain the accreditation for relevant UK offices.
• Monitor the quarantined emails, release as necessary, record incidents of near misses and reports to Security Controllers and LIAMs for relevant action.  Send reminders to repeat offenders, carrying out disciplinary action as necessary through the HR process.
• Investigation of and MOD/Client security incidents, reporting as necessary and carrying out any corrective actions required.
• Investigation of internal security incidents, breaches and monitoring near misses for trends taking corrective actions as required.
• Maintaining a programme of internal auditing for the various clients’ accreditation standards, which includes people (Training), property (Physical) and information (Projects).
• Attend Security Controller Forums as lead by Global Security, ensuring local site reports are produced.
• Carry out specialist briefings for clients and maintain relevant paperwork

 The Requirements

Essential:

• Experience of developing Information Security Management Systems (ISMS), including risk assessments/management and the deployment of appropriate controls
• An excellent communicator, verbal (active listener) and written (able to write concisely)
• Ability to articulate Information Security advice both at a technical and non-technical level, directly to key stakeholders
• Ability to work on multiple projects and tasks concurrently, successfully balancing business priorities
• Ability to provide high-quality work under pressure that delivers security outcomes to tight deadlines and to manage stakeholder expectations
• Ability to work both effectively individually and within a team in a multi-discipline environment and in a matrix organisation.
• A wide awareness of Cyber Security across Government and Industry to include; HMG Information Assurance Policies, Standards and Guidelines, including the Security Policy Framework, the CESG IA Portfolio and JSP440 (plus other standard MoD IA methods)
• CESG Certified Professional (Security and Information Risk Advisor or Security Architect)
• Successful candidates will be required to undergo a security vetting process and offers of employment will be subject to relevant security clearance being granted.

Desirable:

• Certified Information Systems Security Professional (CISSP) or equivalent
• Associate/Full Membership of recognised security professional body such as the Institute of Information Security Professionals (IISP) or the BCS

Security 
This role may require security clearance and offers of employment will be dependent on obtaining the relevant level of clearance. If this is necessary it will be discussed with you at interview. 
If applying to this role please do not make reference to (in conversation) or include in your application or CV,  details of any current or previously held security clearance.
 

#LI-ADST