Security Assessment Auditor

THE OPPORTUNITY  

As a member of the wider MCR Global family, you will be joining our small, but rapidly expanding team of consultants here in the UK.  The opportunity is for a Security Assessment Auditor to support the Ministry of Defence (MOD) on the Cyber Resilience Programme (CRP) to perform assessments of MOD’s suppliers, particularly those that are critical and/or high risk.  Using a common, repeatable process and supporting artefacts, you will review a prioritised list of projects/suppliers and conduct assessments. 

THE CANDIDATE

We are seeking a pro-active Security Assessment Auditor who has demonstrable experience of undertaking an ISO27001 auditor role, encompassing risk assessments/management and the deployment of controls.  You must also have previous experience of working within Defence and a wide awareness of Cyber Security across Government and Industry.

THE ROLE 

• Prepare for and perform supplier security assessments as required.
• Provide best practice advice and guidance for the supplier assessment function.
• Completion of assessment reports and recommendations
• Supplier stakeholder engagement to ensure the efficiency and effectiveness of assessments.

ESSENTIAL REQUIREMENTS

• ISO27001 Lead Auditor qualification.
• 2+ years’ experience as an ISO27001 Auditor.
• Completion of MOD Industry supplier security assessments including Information Security Management Systems (ISMS), encompassing risk assessments/management and the deployment of appropriate controls.
• Ability to work under pressure and to compressed timescales.
• Good communicator, verbal (active listener) and written (able to write concisely).
• Ability to articulate Supplier Security advice at a technical and non-technical level to key stakeholders.
• Experience of working within Defence including a wide awareness of Cyber Security across Government and Industry to include; HMG Information Assurance Policies, Standards and Guidelines, including the Security Policy Framework, the CESG IA Portfolio and JSP440 (plus other standard MoD IA methods).
• Experience of handling national sensitive information including that related to ITAR.
• Ability to work throughout the United Kingdom. 
• Minimum United Kingdom SC security clearance
• United Kingdom national only (no dual nationality)

DESIRABLE REQUIREMENTS

• NIST Cyber Security Professional – Practitioner level.
• DV security clearance
• CESG Certified Professional (Security and Information Risk Advisor or Security Architect).
• Certified Information Systems Security Professional (CISSP) or equivalent.
• Associate/Full Membership of recognised security professional body such as the Institute of Information Security Professionals (IISP) or the BCS.

THE COMPANY

MCR, LLC, is the nation’s premier Integrated Program Management firm. Since 1977, we have delivered ground breaking cost/schedule analysis, acquisition management and program assessment solutions to help government clients success­fully deliver agile and creative programs. MCR’s 400+ professionals provide critical thinking and integrated solutions to customers, enabling them to more rapidly develop complex National Security Space programs.  We value integrity, excellence, honesty, service, and trust. It is through these values that we form long-term client partnerships, build expertise, and attract and retain hardworking employees.

EQUAL OPPORTUNITY EMPLOYER

MCR, LLC is an equal opportunity/affirmative action employer. We will consider you for employment without regard to sex, gender identity, sexual orientation, race, colour, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.

For more information about MCR, LLC, career opportunities, please visit www.mcri.com.