• Profile

Information Security Architect

Location:
Bristol
Salary Details:
Negotiable dependent on experience + company benefits
Closing date for applications:
22 Feb 2019
Job Description

MASS requires an experienced Information Security Architect to join a growing team which provides security assurance services to a range of public and private sector clients, as well as supporting the Company internal operations.

The role supports our customers by recommending and applying architecture and security principles and practices to guide the organisation through the business, information, process, and technology changes necessary to achieve the business objectives.

The role is contractually based from Home, but this is a client facing role so the successful candidate must be comfortable with travel to client locations and MASS work sites.
You will:

  • Have the ability to speak on behalf of technical teams and facilitate the relationships with direct and indirect stakeholders.
  • Drive beneficial security change into the business through the development and review of architectures so that they; fit business requirements for security, mitigate the risks and conform to the relevant security policies whilst balancing information risk against the cost of countermeasures.
  • Understand the design of systems characterised by managed levels of risk, manageable business and technical complexity and meaningful impact. Understands technology and identifies appropriate patterns.
  • Advise and enable technical teams to make security decisions and provide advice and guidance, ensuring the effective use of common tools and patterns.
  • Have a proactive responsibility to deliver secure systems and implement proportionate controls to enable business outcomes.
  • Test final security structures to ensure they behave as expected.
  • Update and upgrade security systems as needed.
  • Generate products such as sketches, models, an early user guide, and prototypes to keep the user and the engineers constantly up to date and in agreement on the system to be provided as it is evolving.

The preferred candidate will be a CESG Certified Professional (CCP) IA Architect and will have demonstrable experience in information and IT security. This will include:

Risk assessment and management methodologies; in depth technical understanding of secure IT system architecture; identification and production of relevant security and accreditation artefacts and the subsequent production of Risk Management Accreditation Document Set (RMADS) and Information Assurance processes. A good understanding of the application of security controls to IT systems and conversance with HMG / NCSC IA publications and ISO 27001 are essential.

The successful candidate will be a strong team player with excellent communication skills, and will be required to hold, or be in a position to qualify for Developed Vetting (DV) Security Clearance.

MANDATORY SKILL REQUIREMENTS

Understanding of security technologies:

  • Access control models.
  • Public and private encryption.
  • Authentication techniques.
  • Intrusion detection techniques and how to apply them.
  • Common design patterns for mitigating against information risks.

Software

Knowledge of CAPS / CPA / Common Criteria products.

Tools and Methodologies

At least one of the following recognised IT Security certifications.

CCP IA Architect at either senior or lead level.

CISSP, CISM, CISA, ISO 27001.            

At least one of the following recognised Risk Assessment or Risk Management certifications or training

(HMG IS1&2, CRISC, COBIT, ISO27005, Octave)

Demonstrable knowledge of HMG accreditation process, ISO27000 series, NCSC IA portfolio, End User Device security strategy: Security Policy Framework, Gov.UK Cyber Security Guidance and controls.

Applications

Competent in the use of the MS Office suite.

Creation of architectural models using System Modelling Language (SysML) Unified Modelling Language (UML) or Business Process Modelling Notation (BPMN).

Other

Demonstrate a good understanding of the business relevance of information risks and the current trends and growths in information security.

Demonstrate the ability to explain business principles of secure system designs in terms of business risk.

Subject matter expertise in an element of information risk management, accreditation, governance or compliance.

Ability to produce security cases, accreditation evidence artifacts and documentation to support Accreditor approvals.

Awareness of ITHC requirements and analysis of results.

Conducting Compliance Audits. An ability to explain secure system designs in terms of business risk.

Hold a Full UK Driving License.

DESIRABLE SKILL REQUIREMENTS

Technologies

Experience implementing NCSC design patterns

Tools and Methodologies,

ITIL.

Experience, Industry recognised qualifications and knowledge of relevant architectural frameworks (TOGAF, MODAF, SABSA and/or DODAF etc.) to support the specific business

Cyber Essentials Auditor/Technical Assessor.

Familiarity with: JSP 440 MOD Manual of Security, Industry Security Control Systems and Risks (SCADA),

JSP604 Defence Manual for Information and Communications Technologies (ICT).

General Data Protection Regulation (GDPR)

Applications

Familiar with the following tools:

Archimate

SPARX Enterprise Architect.

Other

CPNI CMAT framework.

Business Continuity and Disaster Recovery Planning.

Experience in writing or updating information assurance operating policies and compliance procedures.

Ability to take a rounded view of security issues and make risk judgements across the relevant scope.

Penetration Testing.

Performance of IT security audits.

MASS is an equal opportunities employer