Senior Cyber and Information Assurance Consultant
Remote with occasional travel to Serco offices
Full Time, Permanent
Here at Serco, we are seeking an experienced Senior Cyber and Information Assurance Consultant who will guide the design, implementation, and ongoing management of appropriate combinations of technical, physical, procedural and personnel controls within the services we operate. The objective is to protect our customers' data and to comply with our legal, regulatory and contractual obligations, while still enabling and supporting business requirements. This involves working with and influencing at all levels within bid and contract teams, producing a variety of verbal and written outputs.
The role is positioned within the Cyber Security and Data Protection team, which is part of Serco UK and Europe's Data, Digital and Technology (DDaT) function. The role reports to the Head of Cyber and Information Assurance but will also have reporting responsibilities to other stakeholders within individual contracts or bids. As a Senior role, the individual will be self-motivated, able to work with autonomy, and will take accountability for the broad scope of deliverables. The role will be required to manage relationships with and influence senior stakeholders (both internal and external) and may lead small teams of consultants and act as a mentor for more junior members of the Practice.
As part of this you'll:
- Provide information assurance leadership in large and complex environments
- Deliver security input into multidisciplinary bid teams, including security requirements definition, architectural design work, advice and guidance on security issues, risk assessment, guidance on residual risk and mitigation strategies, contracts review, governance strategies, costing of security operations, written submissions, creation of draft policies, and so on
- Support architectural design activities, advising on security factors such as HMG policy and good practice, assurance / evaluation requirements, technical requirements or constraints, selection of security technologies and controls, physical requirements or constraints, supporting personnel and / or procedural requirements
- Undertake risk assessments and production of assurance documentation in line with HMG policy or departmental processes (including Information Assurance Standards 1&2 or their replacement)
- Support security management functions, predominantly within 'formal' security frameworks such as accredited, ISO27001 compliant, or PCI compliant environments, adopting a proactive approach to security management and security assurance coordination, ensuring smooth running of scheduled activities (SWGs, penetration tests, security documentation review) and gaining the trust of key stakeholders (including customer representatives and accreditors)
- Provide guidance on the appropriate components to utilise in implementing an architecture with the necessary security enforcing functionality, or guidance on retro-fitting security capabilities to meet updated requirements or change requests
- Engage with IT Security Health Check suppliers, scoping test plans and helping stakeholders interpret the results of the tests, as well as supporting the implementation of any remedial actions, where required
- Undertake gap analyses against formal security frameworks (particularly ISO27001 and PCI DSS), reporting on areas of deficiency and producing remedial action plans (where appropriate)
- Support procurement processes, including documentation of appropriate security requirements into RFP / tender documentation, the assessment of responses, and support in the production of appropriate statements of work / contractual schedules
- Produce of collateral to support the wider business, where appropriate.
What you'll need to do the role:
-A broad Information Security knowledge, ranging from developing and reviewing security architectures through to risk assessment and certification
- Excellent communications skills (written and oral) are essential, as are demonstrable experience of working within formal frameworks such as ISO27001 and PCI-DSS
-Typically, will have 10 or more years' experience of operating with autonomy in a senior Information Assurance role, and be educated to degree level in a relevant discipline (or possess equivalent vocational qualifications)
-Willingness to undergo SC clearance.
Professional qualifications desirable for this role:
-Certified Information Systems Security Professional (CISSP) And / or Certified Information Security Manager (CISM) And / or · Cloud Security Practitioner · ISO27001 Lead Auditor and / or Implementer · PCI-DSS Practitioner · Certificate in Information Security Management Principles (CISMP)
- Certification against the NCSC Certified Cyber Professional (formally CESG Certified Professional) Scheme is advantageous (but not essential)
You should have detailed working knowledge of multiple Information Security-related requirements sources / standards, with examples including:
- The Government Security Policy Framework (SPF), along with NCSC (and legacy CESG) security standards and guidance
- PCI-DSS (Payment Card Security)
- ISO27001 (Information Security Management)
- NHS security standards and supplier assurance framework
- Data Protection Act / GDPR
- ISO 22301 (/BS 25999) (Business Continuity Management)
- UK Government Cyber Essentials Scheme.
- DefStan05-138 (Defence Cyber Protection Partnership).
Meaningful and vital work: In this position, your work is vital to the business, in terms of decisions and growth. You will gain a world of opportunity working for a globally operating business delivering essential services across 5 vital sectors, personal growth, achievement and development won't be hard to find. You'll also work with great people. You'll find yourself working in a highly motivated, supportive environment where no two days are the same, with experienced colleagues who strive for excellence.
What we offer:
- Flexible working considered
- Pension - 6%
- Employee Assistance Programme
- Chance to contribute to innovation in the public services
- A company passionate about diversity and inclusion
- Serco Benefits
At Serco, not only is the nature of the work we do important, everyone has an important role to play, from caring for vulnerable people to managing complex public services. We are a team of 50,000 people responsible for delivering essential public services around the world in areas including defence, transport, justice, immigration, healthcare and citizen services. We are innovators, committed to redesigning and improving public services for the benefit of everyone.
By joining Serco you will have unlimited access to our Global Employee Networks - SercoInspire (Gender), SercoEmbrace (Multicultural), SercoUnlimited (Disability) and In@Serco (LGBT & Networks). Serco Employee Networks, led by colleagues who are passionate about diversity, inclusion and belonging.
Please click on the apply button to complete your application. Occasionally we receive a large volume of applications for our roles and when that happens we sometimes bring the closing date forward, so please apply promptly to avoid disappointment.
At Serco, we see people first and foremost for their performance and potential. We are committed to building a diverse and inclusive organisation that supports the needs of all. As such we will make reasonable adjustments at interview through to employment for our candidates and strongly encourage applications from a diverse candidate pool. We are open to discussions around flexibility and flexible working. We operate a hybrid work structure in many of our business areas. We are proudly Disability Confident Leader employers and holder of the Silver Inclusive Employer Standard. Disabled applicants who meet the minimum criteria for the job will be given the opportunity to demonstrate their abilities at an interview. For help with your application please contact 0345 010 4000.
At Serco we support fair access to employment for those with unspent criminal convictions through the 'Ban the Box' pledge (some may be exempt due to the nature of the role and the security clearance required). Please contact our recruitment team directly on 0345 010 4000 to discuss.