You’ll be a part of a small core team of around 5 but within a larger IT team of around 400 various specialists reviewing the application of Information Assurance processes, procedures and regulations and carry out activities related to accreditation of systems.
Advances in information technology and digital communications are revolutionising the way we live and work, almost every aspect of our daily life depends on technology. Cyber Security has delivered many opportunities and benefits and is fundamental to the business of DE&S. Use of technology comes significant risk and potential threats through the loss or compromise of our information, which would impact on the success of Defence as a whole. This risk must become a conscious part of our daily working practices, so we can minimise it by ensuring we adopt appropriate behaviour to safeguard our data and our information and that of our suppliers.
As a result, we are recruiting multiple Information Assurance Analysts in various teams including:
The DE&S Digital Governance Risk and Compliance (GRC) Section:
GRC owns and leads on the management of the DE&S Strategic Cyber Risk, as well as delivering and maintaining DE&S ISO27001 certification. This involves the active involvement in the auditing and certification itself as well as in depth preparation of parties for audit. The section is also responsible for the leadership of the DE&S response to MOD internal audits based around the NIST framework.
The DE&S Digital Cyber Operations Section:
The section owns and leads on the organisations management of Cyber security incidents within both DE&S and Defence Industry. This work includes both cross MOD and cross government collaboration conducting activities such as: Incident Response, provision of Cyber Security guidance, threat reporting, and vulnerability management. The section is currently leading of the development DE&S integration into the wider MOD Cyber community and exploring the generation of in-house protective monitoring solutions.
DE&S Accreditation Team:
These roles are responsible for providing expert advice, guidance and solutions relevant to the DE&S enterprise they’re supporting. They provide support for Information Assurance, Information Risk Management, Threat Analysis, Policy, and Information Technology Assessment. This includes regular interaction with both internal and external parties and involves advising customers on complex and contentious issues within an ever-changing risk environment.
Want to hear what one of our current Information Assurance Analysts thinks of the role?
“Our job is to enable the organisation to securely take advantage of cutting-edge technologies and operate in a rapidly changing world.”
Please note that some attendance to site will be required and for some posts, there will be very infrequent travel to other UK sites.
Whilst on site, you’ll experience our impressive range of on-site facilities including a restaurant and coffee bistros and free parking. Our sports facilities include a fully equipped gym and sports hall with bookable classes, as well as a squash court, tennis courts and a football pitch.
Please note, due to the nature of work some posts are Reserved (open to UK Nationals only), some are Non-Reserved. Some posts will require the successful candidate to attain DV (Developed Vetting) clearance once in post. Other roles available require SC (Security Clearance).
Responsibilities
-
Undertake Information Assurance reviews, audits and security surveys both internally and externally with Industry Partners
-
Support provision of cyber awareness on projects and Information Assurance community initiatives.
-
Provide guidance in line with policy to project teams regarding information assurance compliance or IT security
-
Implement security policy, process and procedure within system and project teams to assure all policy and legal obligations are met and escalate noncompliance
-
Actively learn from Information Assurance Best Practice, Technologies, Policies and Legislation.
-
Support the mitigation plans and activities against project and team risks.