Information Assurance Consultant
Benefits will include:
- 25 Days Holiday
- Company Pension
- Private Medical Insurance
- Subsidised Gym Membership
- Childcare Vouchers
- Company Benefits Portal
- Share Save Scheme
An Information Assurance Consultant is required to join a growing team which provides security assurance services to a range of public and private sector clients, as well as supporting the Company internal security operations. Work content will include the preparation and review of security assurance artefacts, the provision of security advice and consultancy, attendance at meetings and working autonomously on projects, scoping and undertaking of audits.
The role is contractually based from either Lincoln or St Neots office; however this is a client facing role and the successful candidate must be comfortable with travel to client locations and MASS work sites.
The preferred candidate will hold National Cyber Security Centre (NCSC) certified qualification (CESG Certified Professional – CCP) in one or more roles and will have demonstrable experience in information and IT security. This will include: risk assessment and management methodologies; in depth technical understanding of secure IT system architecture; production of Risk Management Accreditation Document Set (RMADS) and HMG Information Assurance processes. A good understanding of the application of security controls to IT systems, conversance with HMG / NCSC IA publications, ISO 27001 and experience and strong knowledge of GDPR / Data Protection law. The successful candidate will be a strong team player with good communication skills, and will be required to hold, or be in a position to qualify for Developed Vetting (DV) Security Clearance.
Knowledge of NCSC and wider Assurance schemes, for example CAPS / CPA / Common Criteria products.
CCP certification in one of the following. (Accreditor, IA Architect, IA Auditor, ISSO, SIRA).
At least one of the following recognised IT Security certifications. (CISSP, CISM, CISA, ISO 27001).
At least one of the following recognised Risk Assessment or Risk Management certifications or training. (HMG IS1&2,CRISC, COBIT, ISO27005, Octave).
Experience and strong knowledge of GDPR and Data Protection law.
Demonstrable knowledge of HMG accreditation process, ISO27000 series, NCSC IA portfolio, End-user Device security strategy: Security Policy Framework, Gov.UK Cyber Security Guidance and controls.
Hold a Full UK Driving License.
Competent in the use of the MS Office suite.
Demonstrate a good understanding of the business relevance of information risks and the current trends and growths in information security.
Demonstrate the ability to explain business principles of secure system designs in terms of business risk.
Subject matter expertise in an element of information risk management, accreditation, governance or compliance.
Ability to produce security cases, accreditation evidence artefacts and documentation to support Accreditor approvals.
Awareness of ITHC requirements and analysis of results.
Conducting Compliance Audits.
An ability to explain secure system designs in terms of business risk.
Cyber Essentials Auditor/Technical Assessor.
JSP 440 MOD Manual of Security, Industry Security Control Systems and Risks (SCADA).
JSP604 Defence Manual for Information and Communications Technologies (ICT).
Risk tool methodology.
Previous role as an Accreditor.
CPNI CMAT framework.
Business Continuity and Disaster Recovery Planning.
Knowledge of PSN.
Experience in writing or updating information assurance operating policies and compliance procedures.
Ability to take a rounded view of security issues and make risk judgements across the relevant scope.
Performance of IT security audits.
Mass are an equal opportunities employer.