Accessibility Links

Compliance Officer

Expired
  • Salary: Negotiable
  • Job type: Permanent
  • Location: Farnborough, Hampshire
  • Sector: Database Design
  • Date posted: 30/08/2017
  • Job reference: J373326A

We're really sorry, but it looks like this job has already been filled.

Register your CV with us, see our latest jobs or use the search below.

Overall Purpose of the Job

In line with ISN 2017/01, Defence Industry is MANDATED by the MOD to enrol ALL systems/networks/entities (which includes applications) that store, handle, process MII (MOD Identifiable information). This activity (to meet the aforementioned non-negotiable time frames with the Authority) would be a fulltime undertaking which cannot be met from within the current resources in Grp Sy.

Across the business, there are circa 320 Primary/Secondary TOAs (Targets of Assurance) which fall within the scope of this ISN so we require an appropriately experienced security compliance officer for a fixed term contract to properly meet this mandated requirement and retain our MOD Accreditation (license to operate) for these primary and secondary systems.

This contract term (18 months) includes the lead time for appropriate induction, on boarding, DART training and then tool familiarisation.

The main purpose of this role is in-depth liaison with the various systems owners and managers of all TOAs and then successful and timely data entry of these TOAs on DART (Defence Assurance Risk Tool).

Key Accountabilities

The main tasks of the DCO are to:

  • Design a data entry schedule for all TOAs on DART which meets the requirements of both QQ and MOD.
  • Produce a project management case which supports the agreed schedule
  • Act as focal point for the progressing of all TOAs on DART in line with agreed timescales - this involves:
  • Key stakeholder engagement
  • Prioritisation of system management and data entry
  • Own the DART process for QQ
  • Support the escalation of risk, and manage Risk Balance Case (RBC) process in liaison with the DAIS Accreditor
  • Support the two year rolling reaccreditation and audit programme covering LTPA sites and sensitive systems as agreed by HM Government in liaison with the Audit Lead
  • Accredit information systems which require risk mitigation measures in addition to the default measures applied across the organisation or domain via DART
  • Report regularly to the Grp Hd of InfoSec on DART accreditation progress and any serious issues identified
  • Identify the residual security risks and confirm that they are accepted by the appropriate risk owner in accordance with the risk owner's delegated authority
  • Recognise accreditation decisions that have implication beyond their level of responsibility, experience or delegated risk tolerance and escalates them accordingly
  • Review with the Grp Hd of InfoSec monthly the progress of TOAs DART entry
  • Provide constructive and timely advice to Team Leaders on any aspects of DART accreditation which are required
  • Acts as the subject matter expert for DART aspects of accreditation
  • Contribute to the development of IA policy that affects accreditation
  • Follow JSP 440, SPF, IS1&2 and their local interpretations
  • Maintain currency in all mandatory training and keep personal HRMS and Training records up to date

Key Capabilities/Knowledge

  • An sound understanding and experience of Security techniques
  • Experience of delivering effective Security in a complex, regulated and safety-critical business environment
  • Highly capable of managing Security issues, with demonstrable experience
  • Being a detail-oriented, organised, critical thinker, with analytical skills
  • A person with excellent experience of managing stakeholders at various levels
  • An excellent 'people person', with the ability to work with and influence many different people at differing levels in an organisation
  • An excellent communicator, with the ability to create many relationships and handle conflict
  • Personal attributes must include confidentiality, independence, integrity and energy
  • Results focused with a "can do will do" personal style

Experience & Qualifications

Essential:

  • Excellent IT data entry and general ICT administration (non-technical) knowledge, experience and capability
  • IT experience with wide knowledge of IT systems and C4I within MOD
  • Practical experience of security and IA implementation within MOD and Industry
  • Security Clearance to be held and maintained at level appropriate for the role

Desirable:

  • Experience as either an MOD or other Government Department (OGD) Auditor or Administrator
  • Knowledge of INFOSEC accreditation and JSP 440
  • Formal and relevant Information Security certifications (CISM, CISSP, etc) or equivalent experience