AMS PSR

On behalf of the MOD we are looking for a Cyber Security Consultant (Inside IR35) for a 12 month contract. Hybrid working with 3 days per week required in London. 

The Ministry of Defence (MOD) is a central government department with a mission to protect our country and provide the ultimate guarantee of its security and independence, as well as helping to protect its values and interests abroad.

To do this we have an annual budget of almost £40 billion and a workforce comprising 193,000 people, almost 59,000 of whom are civilians. We currently manage more than £11 billion of spend every year.

Our work really matters; we offer engaging roles which have a direct impact on the quality of services we provide. We employ people in many different roles and in many locations across the UK and abroad. We have jobs in policy, finance, HR, IS/IT, commercial and project management and all the types of jobs you would expect to find in a government department, or indeed in the private sector. We also employ doctors, dentists, teachers, police, fire service, quantity surveyors, and engineers to name a few. There are many opportunities to develop and progress both within MOD and across the wider Civil Service, whether you’re a permanent appointee or an interim.

The role of Cyber Security Consultant will typically provide advice on security requirements from the JSPs to ensure departmental security requirements are being met and provide ongoing monitoring of services delivered by and provide support to TSLD team, covers testing or assurance to ensure that security is embedded in all stages of the application development life cycle, and that there is continuous monitoring through use. You will advise, monitor and report on security matters relating to the project/programme and should chair the Security Working Group (SWG). You will ensure that the SWG is appropriately established, managed, ensure security functions are appropriately agreed, allocated and carried out by the members of the SWG under effective governance and assure the delivery of decisions made by the SWG.

As a Cyber Security Consultant your main responsibilities will be to:

• Develop and implement technical and process improvements.
• Identify and mitigate technical risk.
• Lead IT systems and capability owners in preparation for Cyber Compliance framework (CCF) audits based on NCSC and NIST framework to ensure security practices are compliant and overseeing any remedial activity.
• Support governance structures to manage all cyber security risks and maintain up to date cyber risk register.
• Act as cyber security support consultant and Delivery Team Security Lead (DTSL) with respect to any new IT projects, ensuring that Secure by Design (SbD) is embedded in system design and configuration from the outset.
• Provide assurance support to Head Office, Defence Digital and Cyber Defence & Risk by supporting risk assessments and cyber vulnerability assessments with capability owners and Defence Digital.
• Liaise relevant Cyber and Security Incident teams to support and response to cyber security incidents.
• Monitor Daily cyber security to maintain constant awareness.
• Lead the embedment of ‘Secure by Design’ principles into application development by providing advice and internal consultancy on highly complex criteria and contexts.
• Lead multi-team assessment of application resilience throughout an IT estate, reviewing regular application security reports, holding accountability and responsibility for secure design implementation.
• Lead and assure processes, and provide SME thought leadership on tooling and dynamic and static analysis in the product development life cycle.
• Lead development teams alongside senior cross-government decision makers to embed secure development life cycle and security awareness, and ensure appropriate tools and skills exist.
• Conduct risk assessment to provide an informed opinion on protective security adequacy of controls in place.
• Maintain awareness of current and emerging guidance on threats and vulnerabilities and their impact on existing security practices.
• Lead and manage the accreditation process within the project/programme including leading the development and maintenance of a fit for purpose Accreditation Plan and/or other supporting documentation and evidence for the review and approval of the SWG.
• Obtain from an authoritative source advice and guidance on applicable security related legal obligations, security policy, standards, guidance, and the validity of proposed security controls.

Essential:

• An active DV Clearance is an essential requirement for this role, as a minimum you must be willing & eligible to undergo checks. (Please note, due to the exceptional requirements of this position (short-term nature of this role and speed at which we require a postholder in situ) preference may be given to candidates who meet all of the essential criteria and hold active security clearance.)
• Experience of standardised Cyber Security Control Frameworks such as NIST CSF 2.0, NCSC CAF, ISO 27001 appropriately, with an awareness of their strengths and limitations.
• Relevant UK industry qualifications/accreditations e.g. Certified Information Systems Security Professional, Certified Information Security Management Principles, ISO 27001, etc.
• Ability to communicate effectively to a variety of audiences, distilling information to portray key messages and facilitate effective decision making.
• Proven experience in risk management including communicating risk to technical and non-technical stakeholders.
• Experience of using local and strategic threat information in decision making and planning.
• Awareness and enthusiastic in cyber security developments, current trends, analysis.
• Understanding of the systems and basic-level architecture which underpin corporate IT systems, and the techniques deployed to compromise these assets.
• Experience of using Security Information and Event Management (SIEM).
• Experience of using a variety of analytical tools and methods to identify security compromises within large and complex data sets.

Desirable:

• Understanding of digital forensics, skills, techniques and tools to perform forensics and root cause analysis on enterprise IT systems.
• MOD / Defence experience.

Please be aware that this role can only be worked within the UK and not Overseas.

Disability Confident 

As a member of the Disability Confident Scheme, the MOD guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. This scheme encourages candidates with a disability and/or neurodivergence to apply.

In applying for this role, you acknowledge the following “this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different.