Site Security Controller

Job Description:

Site Security Controller – This role is full time onsite at DXC Farnborough / Mon-Fri office hours.

*Candidates must be a UK national/British citizen and have resided in the UK for the past 5-10 years to meet current SC and future DV security clearance requirements*

The Site Security Controller (SSC) acts as the lead security representative for the Facility and functionally report to the Group Security Controller (GSC). The SSC is responsible for a dedicated DXC site but may also have security responsibilities for satellite sites in a wider geographical area.

The primary role of the SSC is to ensure their site(s) align with Government Functional Standards such as GovS 007 (Security) Industry Security Notices (ISN’s) Facility Security Notices (FSN’s) and comply with the DXC and UK Secure Accounts security policy with a focus on Protective Security, physical security policies, processes, procedures and activity that relate to certification for our HM Government sponsored facilities.

The SSC also performs the role of site Crypto Custodian. The Crypto Custodian is responsible to the Group Security Controller for the safe custody, registration, mustering, amendment, issue, safe handling, arranging secure carriage and disposal of Cryptographic items held at their locations.

Responsibilities:

• Ensure that DXC, UK Secure Accounts and account-specific security policies relating to protective security are implemented.
• Produce, maintain, issue, and ensure compliance with local site security instructions or briefings.
• Act as the principal security point of contact for the site during internal or external security audits.
• Manage a local site Risk Register that covers physical and environmental security risks pertinent to the site.
• Manage a Surreptitious Threat Mitigation Process (STaMP) assessment for each secure area within the site.
• Maintain a register of all security cabinets on their site.
• Ensure that the combinations of secure cabinets are changed according to policy.
• Perform an oversight of the operation and administration of site security equipment, including CCTV, alarm systems, locks, AACS, and any other equipment used for protective security purposes to ensure that they meet Secure Accounts requirements.
• Perform an oversight of guarding and reception services.
• Implement and maintain a documented Automated Access Control System (AACS) security zoning policy and authorisation process.
• Implement and maintain a documented Technology Zoning Policy for all UKSA areas on the site. Regularly review access lists to sensitive areas on site.
• Perform or supervise the registration and control of locally held classified assets.
• Conduct musters and spot checks of classified assets.
• Act as the on-site security contact for any changes to new or existing office space and the liaison with external authorities regarding any certification requirements.
• Ensure the processes for visitors to the site complies with both DXC security policy and Secure Accounts policy.
• Investigate any reported security incidents in accordance with Security Incident Management policy and act as the escalation point as required.
• Deliver security induction training to new starters.
• Confirm that IT that is used on the site is accredited and operated in accordance with their respective System Operating Procedures (SyOPs).
• Confirm that all security measures with respect to joiners, movers and leavers are carried out on the site including all passes and access rights being issued, amended or revoked in accordance with DXC and Secure Accounts policies.
• Maintain good working relationships with the Site Lead and other departments on the site.
• Maintain regular contact with local Counter Terrorism Security Adviser (CTSA).
• Perform any other security tasks directed by the GSC.

Crypto Responsibilities:

• Experienced with the minimum national and departmental baseline measures described in JSP 490 for the secure storage, handling, movement, and routine destruction of Cryptographic material.
• Maintain an accurate and up to date system of Central Accounting for all Cryptographic items issued to their location using a register of Cryptographic items with supporting vouchers to record transactions.
• Ensure that all personnel employed on COMSEC duties hold the appropriate level of vetting.
• Issue Cryptographic items on loan to holders and users. Including issuing orders detailing the baseline security measures for the safe handling of Cryptographic items on loan, ensuring that all holders/users have signed and understood these orders.
• To review the holdings of Cryptographic items at regular intervals.
• To comply with key management procedures relevant to their holdings as detailed in JSP 490 and company policy.

Required Skills:

• Demonstratable experience of information and/or physical security controls in a Defence or Government capacity, including familiarity with the full range of associated guidance and policy documentation.
• Ability to obtain National Security clearance.
• Good Knowledge of NPSA, NCSC, HMG standards.
• Good knowledge of ISO 27001 (2022) NIST Cybersecurity Framework (CSF)
• Good Analytic Skills.
• Ability to communicate well at all levels.
• Evidence of Attending a recognised Crypto Custodians course such as UKNDA.
• Experience of handling Cryptographic material.

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.