The role involves:
- Providing customer-facing Cyber security advice and guidance, potentially across multiple client assignments simultaneously, primarily within the UK although there may be opportunities for overseas working.
- Delivering both tactical and strategic solutions focused around customer priorities.
- Supporting the customer’s overall information risk management function to ensure they have a comprehensive understanding of their risk landscape.
- Production of detailed risk assessments to the customer’s identified area of focus.
- Production of risk management / accreditation artefacts across the full risk management lifecycle.
- Developing innovative and novel approaches to mitigate risks in business areas of high technical complexity.
- Devising and recommending options for cost-effective controls.
- Conducting security compliance assessments against recognised best practice and industry standards as appropriate to the organisation.
- Devising and implementing new security policies to address any deficiencies identified.
- Understand the relationships and interactions of a socio-technical approach to capability analysis.
- You will be an experienced Cyber Security consultant comfortable with delivering into a variety of different, public and private sector client settings as well as supporting internal security operations. Alternatively, you should be able to demonstrate a minimum of five years’ experience of supporting the administration and development of secure ICT systems.
- You will be a self-starter capable of taking a proactive approach to understanding customer requirements and responding by providing effective inputs that add tangible value to the customer’s business.
- You will recognise that there can be many contributory factors to information risk that require you to be aware of the wider technical, physical, and procedural context.
- You will be an advocate for positive change able to help the customer appreciate the benefits of challenging the status quo.
- You will be able to tailor your delivery approach as appropriate to the requirements of the assignment, whether the work is within an established security/assurance team or individually.
- You will be capable of producing quality deliverables to tight timescales.
- You will be a strong team player with good communication skills (verbal and written).
- You will possess a good understanding of the application of security controls to IT or OT systems, and be conversant with HMG / NCSC IA publications.
- You will be able to translate between business and technical requirements, and interpret these requirements back into relevant and insightful security advice at all levels of the organisation.
- Internally, you could be expected to actively participate in all aspects of the business development lifecycle and support ongoing customer relationship management.
- A minimum of three years consulting experience providing cyber security advice, audits and guidance, or five years administering and developing secure ICT systems;
- Experience of working within a recognised Information Security governance framework (HMG SPF, NIST, ISO-27001 or similar);
- Experience of producing comprehensive information risk assessments;
- Hold a Full UK Driving Licence;
- Current security clearance (or ability to obtain).
- The preferred candidate will hold the National Cyber Security Centre (NCSC) Certified Cyber Professional qualification (CCP) in one or more roles or will have demonstrable experience with risk assessment and management methodologies;
- At least one of the following recognised cyber security certifications. (CISSP, CISM, CCSP, CISA, ISO 27001, GICSP) with demonstrable experience;
- Experience of Operational Technology (OT) security preferably within a CNI context;
- Knowledge of NIS Directive and OT standards such as IEC62443 or NIST 800-82 would also be beneficial;
- At least one of the following recognised Risk Assessment or Risk Management certifications or training. (CRISC, COBIT, ISO27005) with demonstrable experience;
- Knowledge of current security hot topics (e.g. IT/OT convergence, cloud and supply chain security);
- Knowledge of data privacy legislation (e.g. DPA, GDPR);
- Experience of using recognised project management methodologies;
- The ideal candidate would have a background in Defence, Nuclear or CNI and be comfortable with using a variety of security frameworks.
- Salary and package will be commensurate with experience and qualifications.
- The compensation package includes an annual profit share; a growing list of company benefits and career development options across our transnational, market leading company
- This role is primarily home-based, with occasional attendance required at our Airbus Defence and Space offices, Newport, South Wales.
- As the role involves working with UK Government Departments, there is a requirement for the applicant to be able to be security cleared to UK SC level.
Many of our staff work flexibly in many different ways, including part-time. Please talk to us at interview about the flexibility you need. We can’t promise to give you exactly what you want, but we do promise not to judge you for asking.
Please let us know if you need us to make any reasonable adjustments for the selection process – you can share this with the Recruitment Business Partner who gets in touch if you are invited to interview. Examples of this may include (but is not exclusive to) accessible facilities; auxiliary aids; room layout etc. Any information disclosed will be treated in the strictest confidence.
We are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.