Our client the Department for Digital Culture Media & Sport are seeking a Security Assurance Manager, Security Clearance : SC (DV preferable)
The SAM leads a small mixed team of contractors and Civil Servants in the delivery and maintenance of the core requirements and services that ensure the safety and security of the department’s most important assets; it’s staff and the information they generate.
Facilitates and chairs specific Working Groups, promoting a security awareness culture, on issues such as EUD & BYOD devices, password policy, protective parking, safe and secure disposal through awareness briefings.
Managing relationships with key stakeholder groups including Project Teams and the Information Security and Assurance teams. This may take the form of guidance on the threats, risks and mitigations that may be necessary in order to reduce the residual risk levels so that they are within the risk appetite of the system/business owner.
Auditing and reporting on the effectiveness of these controls in order to gain an assurance that the project is compliant with current regulations. Supporting, and authoring where required, the generation and through life management of the Risk Management Accreditation Document Sets that support the continuing accreditation of solutions delivered .
Contributes to the development of IT Security Policy and Procedures and the ongoing maintenance of all supporting documentation aligned with Security Policy Framework (SPF) Specifying requirements for IT Health Checks or Assessments to ensure identification and scheduled correction of any vulnerabilities to protect other IT systems and services.
Alerting the Lead Accreditor, other Security Assurance Coordinators or CIO of unscheduled or rogue changes in Systems and Services, which may affect accreditation.
1. Records Management experience from either a private or central government organisation:
- Knowledge of the role of a Department Records Officer (DRO)
- Knowledge of central government records practices and procedures
- Experience with either (or both) of the government’s recognised IT operating platforms; O365 or Google (Drive/AODocs), and how best to exploit embedded records processes
- Working with physical and ‘born digital’ records covering:
o Records lifecycle management
o Accessioning to The National Archives
o Retention schedules and how they are calculated
- Awareness of the emerging General Data Protection Regulation (GDPR) and its impact on the public and private sectors
- Knowledge and Information Management (KIM) experience
- Working knowledge of the Public Records Act (1958)
2. Security experience of both physical and data security measures
- Deep knowledge and experience of government security measures and how they are applied including: incident management, basic cyber awareness (including Phishing), vetting, education and awareness training
- Knowledge of the Transforming Government Security Programme (TGSP) and the new ‘Cluster’ approach,
- Demonstrable ability educate both senior and junior staff in security awareness training; induction through to continuity.
- Working knowledge of the Government Security Policy Framework (2014),
- Experience of working with all levels of Government’s Security Classifications (OFFICIAL, SECRET & TOP SECRET),
- Awareness of government vetting procedures and the newly established UK Security Vetting (UKSV) service.
- Working knowledge of the Data Protection Act (1998). Role will be expected to lead on the management & execution of DCMS Subject Access Requests (SAR) prior to being outsourced.
Please note that the client has determined that the off-payroll working rules will apply to this assignment and where a worker elects to provide their services through an intermediary (such as a personal services company) then income tax and primary national insurance contributions will be deducted at source from any payments made to the intermediary.