Security Assurance Coordinator; Risk Management, Govt, SC Cleared

Security Assurance Coordinator; risk management, RMADS, NIST, DEF STAN, Govt, SC cleared

SC Candidates required
Bristol/Andover travel 2 days a week
Permanent/Excellent Salary plus benefits

Relevant security certifications (eg, CISSP, CISM, ISO 27001 Lead Auditor, CCP SIRA) are highly desirable.

Experience

• Proven experience in security assurance and risk management with government or high-security environments.
• Strong knowledge of security frameworks and standards such as RMADS, NIST, DEF STAN.
• Experience with accreditation processes and developing security risk balance cases.
• Familiarity with codes of connection (CoCo), Secure by Design, and security impact assessments (SIAs).

Key Responsibilities

1. Documentation & Security SME Advice
   • Security Documentation Management: Prepare, review, and manage comprehensive security documentation to support project security objectives.
   • Subject Matter Expert (SME) Review: Assess supplier security outputs to ensure alignment with security requirements and best practices.
   • RMADS Management: Collaborate with suppliers to ensure the Risk Management and Accreditation Document Set (RMADS) is appropriate for the current stage of the programme.
2. Security Impact Assessments & Integration
   • Security Impact Assessments (SIAs): Support the identification, assessment, and mitigation of security risks associated with system changes.
   • Codes of Connection (CoCo): Assist in developing Codes of Connection to enable secure data exchange across defence platforms.
   • System Integration Support: Provide security oversight for integration activities between Project and other target platforms.
3. Drafting Security Requirements
   • Security Requirements Definition: Draft detailed security requirements for project Outline Business Case (OBC2), Invitation to Tender (ITT), and Full Business Case (FBC) submissions.
   • Associated Security Documents: Produce supplementary security documentation, such as Security Assurance Levels (SALs) and Security Grading Guides.
4. Procurement & Bid Evaluation
   • Security SME Support: Provide expert security input throughout the procurement process to ensure compliance with defence security frameworks.
   • Bid Evaluation: Assist in reviewing supplier bids to assess their adherence to security requirements and accreditation standards.
5. Accreditation & Risk Management
   • Accreditation Documentation: Prepare required documentation to achieve accreditation for applications hosted in defence on-premise, cloud, or hybrid environments.
   • Risk Balance Cases: Develop and justify risk balance cases, ensuring a pragmatic approach to risk management and system assurance.
6. Ensuring Coherence & Interoperability
   • Programme Integration: Ensure security coherence and interoperability across sensor projects within the Programme.
   • Wider Digital Programmes: Support integration with broader defence digital transformation initiatives.
7. Compliance & Reporting
   • DART & 604 Entries: Maintain and update security compliance records in DART and 604 for Project.
   • Secure by Design: Undertake Secure by Design and 604 Compliance tasks aligned with SFIA Level requirements.