SC/DV Cleared Security & Information Risk Advisor

This job has now expired please search on the home page to find live IT Jobs.

The main role of the SIRA is to provide Information Assurance, security architecture and policy services for customer Programmes and Projects. He/she will ensure that live products are fully accreditable and take responsibity for specifying security risks that will be solved through implementation or upgrade of security policies and devices.

They will also be required to liaise with and provide advice and assurance to a wide range of internal and external contacts including customers, analysts, application developers, project managers, testers and support staff. To provide business driven advice on the management of security and information risk consistent with HMG IA policy, standards and guidance.

Essential:

*To provide a focal point for resolution of security and information risk.

*To identify, analyse and evaluate information risks.

*To explain to risk owners and other stakeholders the causes, likelihood and potential business impacts of information risks throughout the information system lifecycle

*To assist checking compliance with applicable regulations, standards, policies and guidance on information risk management.

*To support the development /author of Risk Management and Assurance Documentation.

*To promote security awareness

*Selects appropriate risk assessment techniques for use across the client programme

*Identifies information risks which are systemic across the programme

*Recommends implements of new IA controls across the programme or enterprise to provide more cost effective risk mitigation in the long term

*Contributes to the development of IA strategies, policies, guidance and awareness

*Provides Terms of Reference for the external CHECK team bid process and assess the bid response from vendors.

*To acts as an interface between CHECK team and the systems operations team.

*Review, collate and filter vulnerabilities and CHECK reports for organisational relevance, ensuring that relevant vulnerabilities are rectified through formal change processes.

*Shall be aware of a wide range of vulnerabilities/exploits and knows where to find the latest information on vulnerabilities or exploits and design tests to identify them.

Qualifications:

*Qualification in an IS security related area such as CISSP, CCP CESG Certified Professional - Information Risk advisor or equivalent experience.

*National School of Government HMG IA standard IS2 and IS1

*ISMS Master Implementer Certificate 27001 Master Class

Desirable:

*Public and Private Key Infrastructure

*Cryptography

*Core Technical Skills- IP Protocols, Network Architectures, Network Mapping, OS Fingerprinting, Application Fingerprinting, Auditing, Cryptography- IPSEC.

*Background Information Gathering- Domain Name Server, Customer Web site Analysis, Network Traffic analysis, Information Leakage.

*Microsoft Windows Security Assessment- Windows passwords, Active Directory, Windows Vulnerabilities, Windows patch management and Desktop lockdown.

*Unix Security Assessment- User enumeration, Unix vulnerabilities, FTP, Sendmail/SMTP, Network File Share and SSH.

*Web application vulnerabilities - OWASP Top 10

*Application Fuzzing.

*Database - Including Microsoft SQL server, Oracle,

*Messaging - Microsoft Exchange, Outlook, internet facing SMTP architectures.

*Desktop - Client/server and Citrix based processing, Windows 98 through to Vista, Microsoft COTS applications

*New and Developing technologies - remains abreast of all current and future ICT and Security technologies.

Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment which can take up to a minimum 10 weeks.

LA International Computer Consultants Ltd is an HMG Approved Consultancy and operates as an IT & Engineering Consultancy or as an Employment Business & Agency, depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, we welcome applications from all sections of the community and from people with diverse experience and backgrounds. Award Winning LA International Computer Consultants Ltd (Recruiter Awards for Excellence - Best IT, Best Public Sector & Gold Awards) and the most prestigious award that any business can receive The Queens Award for Enterprise: International Trade 2015.