Job Description
Background
The Information Assurance Security Manager (IASM) is the primary point-of-contact for risk management within a given business unit, and acts as the liaison between the business area and key Framework Stakeholders in relation to IA and risk management issues.
Their primary aim is to help those staff involved in developing systems to understand associated Information Security, Legal and Policy risks, and to identify suitable mitigations within, and related to, the relevant Frameworks.
What will I be doing?
You will provide impartial Information Assurance advice to your business area and Framework Stakeholders (in partnership with the wider IASM and Risk Management communities, where necessary) – ensuring ongoing engagement through timely and concise updates on relevant Security / Legal / Policy risks, issues and actions, covering the complete lifecycle of the systems.
You will risk-assess more complex or non-standard systems, and provide appropriate Information Risk Management (IRM) support / advice / guidance to the relevant business management teams, engineers and user communities regarding all aspects of Framework IRM relating to Security, Legal and Policy.
Some other responsibilities include:
- Co-ordinating, authorising, delegating and performing a range of ‘Through Life’ end-to-end lifecycle assurance requirements covering a diverse range of capabilities, systems and services (as defined by the Framework Support Group)
- Proactively assessing, managing, maintaining and challenging (if appropriate) business and IRM/security-related policies, processes, proposals and procedures, as well as any proposed system changes, balancing these against desired business outcomes
- Informing key business stakeholders of new IRM and security policies, standards, guidelines and initiatives that may affect the business area
- Contributing to the wider IASM and Risk management communities, including supporting the technical development of less experienced IASMs (including contributing to the Skills Assessment process)
This contract position is offered as a part-time engagement (minimum 22.5 hours per week, which can be spread across any combination of days to suit your needs), initially for a 12-month term, but with strong possibility for extension. A detailed job description with expanded duties and responsibilities can be provided on request.
What skills and aptitudes will I need?
- Previous experience in an Information Assurance risk management role
- Ability to advise on the application of technical and process controls to mitigate IA risk
- Ability to conduct IA risk assessments
- Eligible and willing to undergo Developed Vetting (security clearance)