CCP Consultant (SIRA) at Sellafield Ltd, Remote, 12 Months, £Contract Rate (Outside IR35)

  • Outside Spy
  • Remote
  • May 13, 2022
6 Months or more

Contract Description

CCP Consultant (SIRA) - Outside IR35 | Ref: PIP0006000

Remote/Home | Risk & compliance,Technology | Start: ASAP | Duration: 12 months

Posted 2 days ago

Job description

 

Location: Remote

To support the Head of Cyber Risk as a Subject Matter Experts (SME) in Cyber Security risk for the delivery of risk specific elements of the Cyber Security & Information Assurance (CS&IA) plan.

The Senior Information Risk Adviser (SIRA) is an autonomous risk role to support the Head of Cyber Risk with understanding the technology risks and propose mitigations to assist in establishing and maintaining an enduring cyber security and information assurance posture.

The role has a broad scope spanning technical and process risk across the cyber security, information security and privacy space and will necessitate engagement with Sellafield Ltd CS&IA (Cyber Operations, Assurance, Risk, Data Protection), Sellafield Ltd ISO (Architecture, Service and Knowledge Management), Sellafield Ltd Cyber Programme and other partners/suppliers.

The output will include the production of formal risk assessments conducted to the standards acceptable to Sellafield Ltd, including but not limited to HMG IS1, IRAM 2 or other ISO27005 assessments as agreed. The output will be used to determine the exposure to risks and likelihood of materialisation, required mitigations and support CS&IA planning necessary to support correctness of posture, satisfy Regulatory matters.

 

As a CCP Consultant (SIRA) your main responsibilities would be: 

  • Formal risk assessment of Sellafield Ltd Information Technology/Operational Technology applications, Cloud environments O365/Azure security configuration and other systems.
  • Recommendations around mitigations necessary to minimise the materialisation of identified risks in line with the Sellafield Ltd risk framework.
  • Production of risk reports to support the CS&IA Plan.
  • Analysis of system configurations and in cognisance of NCSC guidance, determination of associated risk in relation to systems or solutions developed or implemented by Sellafield Ltd.
  • Assists with input to the risk tracking of related cyber risks and the management of a Cyber and Information security/privacy risks for the Head of Cyber Risk.
  • Formal determination of cyber and information security/privacy related risks and issues.
  • Produce the following deliverables - Requirement’s documents/specifications, Policies and procedures, Risk assessments/reports, Security cases and Risk Treatment plans.

 

You’ll have relevant experience in:

  • SC Clearance is an essential requirement for this role, as a minimum you must be eligible and willing to undergo these checks.
  • Qualification as an NCSC Cyber Certified Practitioner (CCP) at SIRA level, or a former GCHQ CESG CLAS consultant
  • CISSP or equivalent Qualification or membership of a professional body in Information Security.
  • Significant experience in applying Cyber Security Standards.
  • Experience of CSA CCM v3 cloud controls.
  • Experience in applying technical information technology and information assurance controls to business information models.
  • Ability to identify vulnerabilities when assessing information systems architectures and designs.
  • Demonstrable experience of implementing projects based upon Microsoft-based Public PaaS and SaaS based solutions at UK Official or above. (E.g., E3 and E5 licensing models, licensing bolt-on’s such as SCP & EMS, O365 & M365, Microsoft Teams, Information Protection, Sentinel, MCAS etc).
  • Knowledge and use of security and privacy policy (including but not limited to ISO27001, ISO 27005, ISO22301, NIST 800-53, EU GDPR and DPA 2018)
  • Knowledge of Cyber Security models and frameworks (NIST PDRR, Mitre ATT&CK, ONR Security Assessment Principles (SyAPs).
  • Thorough knowledge of Cyber Security risk methodologies including but not limited to HMG IS1, IRAM 2 and others such as NIST RMF (800-37).
  • Ability to interpret business requirements and technical ICT documents into Cyber Security requirements.
  • Good understanding and knowledge of ICT systems (software, hardware, and networks) and applications both legacy and current.
  • Good communication skills across all levels of the business and able to talk to non-specialists, specialists, and senior stakeholders.

Desirable:

  • Active SC Clearance.
  • Knowledge of Civil Nuclear Information security requirements and NCSC good practice.
  • Working with operational cyber security teams.
  • Working with Regulators/in a Regulated environment.
  • Knowledge and experience of network and systems management.

If this CCP Consultant (SIRA) role sounds like something that you would be interested in, please click the link to apply and get in touch with one of our PSR team now.