The Submarine Delivery Agency (SDA) is an Executive Agency of the Ministry of Defence responsible for the procurement, in service support and disposal of the UK's nuclear submarines. Our work is of unparalleled strategic importance nationally and internationally, ensuring the security of the UK's continuous at-sea nuclear deterrent, and delivering the most technically complex programmes in Defence. We employ over 1500 people and have an annual spend of c. £3.5 billion.
The SDA team is seeking a Cyber Security Specialist to lead, coordinate and assure all activities towards achieving Information Assurance (IA)/cyber security accreditation on its HM Submarines.
Please note, due to the nature of the projects involved, this role is open to SOLE UK NATIONALS only, and whilst initially requiring SC level clearance, the successful candidate may be required to obtain Developed Vetting in the future.
The SAC (Security Assurance Coordinator) monitors and reports to the Accreditor, Information Asset Owner (IAO) and Delivery Team on all security matters relating to a project.
The primary tasks of the SAC are to:
- Lead & establish the programme of work to work to ensure information assets are adequately protected at the platform assurance level.
- Ensure all appropriate actions are taken to achieve cyber security accreditation;
- Provide advice on security policy covering both policy that is already in place eg, HMG SPF, Departmental Policy (JSP440), IEC/ISO 27001 controls and the creation of new security-related documents for the project, such as a Risk Management Accreditation Document Set (RMADS), relevant legislation (eg Data Protection Act, Freedom of Information Act), technical solutions, risk management and Information Assurance
- Lead the activities required to maintain security accreditation throughout the Submarine equipment's project life cycle. This will involve the liaison and provision of an interface between the relevant accreditor(s), the primary and sub supply chain, the project team and the end user community, ensuring that all aspects of security are delivered throughout the Submarine equipment's project life cycle.
- Lead on the work required to prioritise and maintain Security Cases and keep the User informed on any changes that may impact on Operational aspects.
- Prioritising and implementing security measures within the maintenance periods set for each Submarine.
- Ensure that security stakeholders roles required for the project have been identified, are aware of their responsibilities, and understand the levels of risk appetite for the different Classes of submarine and ensure the IA activities control risk within these appetites.
- Lead & establish the governance required to link Safety-Security procedures and audits to ensure Cyber risks are addressed within safety management processes
- Coordinate, consider, witness, manage and report on all security requirements for a project, ensuring they are completed professionally, efficiently, to schedule, and that they are fit for purpose and compliant with relevant policy and legislation;
- Conduct Data Protection Impact Assessments;
- Ensure all project cryptographic requirements are met;
- Monitor and report on project security requirements and issues as they arise
- Organise the project security meetings such as the Security Working Group and chair them on behalf of the Project Manager, if required;
- Be responsible for the production of all security deliverables (eg, security documentation, testing witness reports) and ensuring they are fit for purpose and delivered on schedule
- Create, update and manage the Security Risk Register and ensure it is reviewed at the security meetings
- Set teams strategic direction towards achieving cyber security accreditation across the large and complex submarine programme, maintaining oversight and holding to account all suppliers across the Nuclear Enterprise
- Provide, leadership, representation and intervention as appropriate at Security Working Groups at all tiers of the programme, sometimes down to individual sub-tier suppliers in high-risk areas.
- Provide advice and support on cyber security (policy, implementation, risk management, technical testing etc.)
- This role involves engaging effectively with a large stakeholder base, including the capability customer; in-service community; intelligence community and UK Subject Matter Experts in IA/cyber and involvement in early activities to understand how to better integrate the cyber and safety domains within the programme.
- Provide expert advice and guidance in supporting the delivery of Business Continuity and Disaster Recovery planning.
- Lead the testing of relevant controls on the implementation of any system, platform or infrastructure to ensure alignment with security architecture and policy.
What you will be assessed against
To be found successful you must demonstrate the following essential criteria:
- The ability to evidence a substantial range of cyber and information security knowledge.
- Experience, knowledge and/or qualifications in one or more of the following: Information risk management, information security (eg CISSP), cyber security of networks, engineering interfacing, product security life cycles, penetration testing.
- Experience in RMADS (risk management and accreditation and document set) or security cases
It would benefit your application should be able to demonstrate the following desirable criteria:
- Experience in implementation of cost-effective and pragmatic security enforcing functions within systems or equipment and at system-of-systems design levels.
- Experience in leading and managing cyber security on complex engineering programmes.
- Experience and knowledge of cyber security in the defence environment, including knowledge of JSP440 and current defence policies and practices.
- Experience of working on submarine projects, and an understanding of submarine systems.
- Experience of leading/managing across a broad range of stakeholders and regulators
Networkers acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers and is part of Gattaca Plc.
Gattaca Plc provides support services to Networkers and may assist with processing your application.