Senior Cyber Security Consultant (SEO)
Are you an experienced security professional who would like the opportunity to play a key role in protecting the things that matter at DVLA and to contribute to the development and support of new DVLA IT services? If so, our Senior Cyber Security Consultant roles offer you the challenge you are looking for, and real opportunities to build on your professional experience. These permanent opportunities come with a Digitec allowance of up to £10k.
Cyber security is currently seen as a key area within Government, addressing a Tier 1 Threat and being a key enabler for the delivery of on-line services. DVLA's role in delivering significant on-line services to the public and caring for the key Driver and Vehicle databases which are part of the UK Critical National Infrastructure, results in cyber security being viewed as an essential activity, in which the organisation continues to invest. DVLA has an extensive change program to build world class digital services, and in that context getting the security right is an imperative. The successful candidates will work as part of the Cyber Security Services team, providing cyber security consultancy services for projects and business as usual activities and supporting ongoing compliance and accreditation.
We are looking for security professionals with substantial experience, but this technically fascinating role will provide opportunities to broaden that already significant experience.
You will have the opportunity to:-
- Apply your extensive knowledge of cyber and information security
- Assess risks to existing and proposed systems and technical solutions, and then devise risk management plans to address such risks
- To a large degree manage your own time and resources to deliver the required outcomes
- Be actively engaged in the major change program being implemented at DVLA, including playing an important role in solution evaluation and technology selection.
- Develop and maintain good relationships with a wide range of stakeholders
- Work as part of a team to deliver cyber security services
- Develop progress your own skills and career and also to actively coach and develop others
These roles are located in Swansea
The role holder will be responsible for providing high quality security consultancy in support of projects, accreditation and compliance with standards.
You will be expected to work with minimal supervision, and will be responsible for providing high quality, up-to-date advice and direction, including utilising an excellent understanding of risk and risk assessment methodologies to assess and clearly articulate risks, and develop technical risk management plans. The role may also entail some staff management responsibility.
- Works as part of a team without supervision as a subject matter expert drawing on a broad knowledge of the issues and techniques associated with securing a variety of technologies.
- Providing timely high quality subject matter expert advice, direction and consultancy in accordance with industry good practice, HMG security guidelines and DVLA policy on cyber security and information security matters. Including where relevant risk and threat assessments
- Utilise skills as a security architect to review and assess proposed solutions, and inform technology selections.
- Delivering high quality documentation (such as RMADS) in support of system accreditation
- Undertaking risk and threat assessments using agreed risk assessment methodologies within agreed timescales in order to devise risk treatment plans, identify appropriate and proportionate countermeasures, and provide senior manager with the appropriate information to make information risk management decisions.
- Develop and maintain Security Non-Functional requirements (sNFRs) and Use/Abuse Cases as required.
- Reviewing assurance reports, providing advice on ways of improving, and identifying and evaluating risks and advising on how they can be mitigated as and when required.
- Establish working relationships with relevant stakeholders to understand requirements and business context in order to ensure appropriate and proportionate security is applied. Stakeholders will include system owners, accreditors, solution architects and project managers.
- Compliance assessment against specified security standards (such as ISO 27001)
- Stays up to date with developments in the cyber security industry, including new & emerging threats and potential countermeasures, as well as keeping up-to-date with UK Government security requirements and guidance, and maintaining an awareness of new products, tools and techniques.
- Interprets and contributes to the development of Cyber Security policies in accordance HMG and CESG recommendations
You will be a security professional with significant experience of cyber security, especially in relation to:
- Understanding a broad knowledge of the issues and techniques associated with securing a variety of technologies, and a knowledge of the cyber security industry (knowledge of security in a UK Government context would be highly advantageous, but not an absolute necessity).
- A substantial understanding of risk, and risk assessment and management techniques (ideally experience using a range of methodologies and tools).
- An understanding of security architecture (ideally based on the SABSA architectural framework)
We would expect that such experience will be evidenced, such as by possession of relevant professional qualifications (e.g. CISSP or CISM), but other evidence will also be considered, and even where professional qualifications are held, evidence of practical application will also be sought.
You will also require:
- Consultancy and negotiation skills.
An ability to maintain working relationships with key stakeholders
A real understanding of risk, and experience of using a range of risk assessment methodologies is expected, along with knowledge of security architecture (familiarity with SABSA would be desirable).
Ideally at least some of the candidates security experience will have been gained in the context of UK Government security, but this is not a requirement.
A limited amount of travel may be expected in this role.
Security Clearance Level
Successful candidates will need either already have, or be eligible to gain Security Check clearance
If you are interested in making an application, please email your CV which demonstrates your ability to meet the requirements of the above essential criteria. You will then be contacted by Experis who will issue further instructions about the application process.
Following this, an initial sift of your CV will be conducted against the essential criteria, if demonstrated you will be contacted to arrange telephone interview. The final stage of the process will be an interview and assessment.
The interview will consist of a range of question types. These could include questions about your strengths or how you may respond in any particular situation as well as specific examples of things you have done.
We expect the role will be open for applications for up to 4 weeks with candidates being assessed throughout this period.