Information Security Consultant
Gatwick, GB
Salary: Up to £70,000 - (dependent on experience)
Contract Type: Permanent – Full time
Security Level: SC - Vetting explained - GOV.UK (www.gov.uk)
Location: Gatwick – Hybrid – (UK wide candidates to be considered)
We are the UK's aviation regulator and recognised as a world leader in its field. Our activities are diverse, enabling the aviation industry to meet the highest safety standards, and we pride ourselves on our ability to adapt to the constantly evolving aviation environment.
This is an exciting time to join the security function at the CAA. We are about to conclude a multi-year security transformation programme which has changed the culture within the organisation and delivered many new solutions and improvements. You will be pivotal in helping us to apply, embed and enhance the updated tooling and procedures, while having plenty of scope to be influential and make a difference.
Our Benefits
This role has a focus on cyber and information security controls and assurance. It is considered vital in enabling the organisation to achieve our strategic objectives with an appropriate and known level of risk.
This is an exciting opportunity working in a fast-paced and dynamic environment which will provide plenty of variety. You will help us to ensure the protection of CAA systems along with the information held internally and by related third parties, specifically focused on the delivery of security by design through projects and business change.
The Information Security Consultants are a small team who work closely with our Architecture function; however, this is a highly collaborative role where you will engage with stakeholders across the CAA. The Consultants report into the Information Security Consultant Team Lead and are part of the CAA’s wider Information Security function, responsible for security policy, operations, risk, reporting and security awareness.
You will be working on a variety of projects to ensure appropriate information security requirements are identified, delivered, and assured. The role includes assessing the impact of projects on information security and working with the project team in delivering a secure design and solution within the organisation risk appetite.
You will be involved in reviewing project documentation including technical designs and ensuring that information security requirements are adequately tested by co-ordinating external and/or internal security testing.
While the role primary objective is to support projects and programmes, you may be asked, as a subject matter expert in Information Security, to support or lead other workloads which contribute to the organisational goals.
Core Accountabilities
- Establish and maintain standard CAA information security control requirements which will form the basis for security requirements for new projects to implement.
- Collaborate with the Security Architect to support the establishment of common security design principles and patterns to accelerate the provision of security designs for new projects.
- Collaborate with the Security Architect to tailor standard security requirements and agree designs for specific solution needs for projects. Monitor control design throughout the project lifecycle to ensure best practice aligned to the CAA’s standards.
- Act as the subject matter expert for security controls relating to the solution being delivered, providing guidance regarding technical and procedural security best practice to projects and internal teams.
- Conduct threat modelling of services and applications that tie to the risk and data associated with the service or application.
- Identify, capture, assess and effectively communicate security risks associated with proposed projects and solutions, escalating risks where they exceed appetite.
- Ensure that actions to address gaps in the management of security risks during project delivery are completed or transferred to corporate risk registers.
- Co-ordinate and scope penetration testing and any required security assurance, including tracking closure of any findings.
- Validate security configurations and access to security infrastructure tools, including firewalls, web application firewalls (WAFs), anti-malware/endpoint protection systems, etc.
- Provide second and third line support and advice to Security Operations and assist in response to major incidents.
- Review security technologies, tools and services, and make recommendations to the wider business for their use, based on security, financial and operational metrics.
- Liaise with Procurement and the supplier management function to conduct security assessments of existing and prospective suppliers, especially those with which the CAA shares intellectual property, PII, ePHI, regulated or other protected data, including:
- SaaS providers
- Cloud/infrastructure as a service (IaaS) providers
- Managed service providers
- Review and assess third party suppliers’ security posture and the creation of security management plans.
- Review and provide guidance on any relevant security related contractual clauses, including engagement throughout the Procurement process.
- Support the Information Security function to deliver a security strategy, governance framework and risk mitigation activity across the CAA.
About You
The following list of skills provides a broad guide to the type of profile we are looking for. This is not prescriptive, we are an equal opportunities employer who will look for potential in candidates and provide professional training and development for the right applicant.
Minimum essential requirements for the role:
- Ability to work under pressure, multi-task and prioritise your work
- Have experience in, and be able to demonstrate the practical application of information security concepts and practices
- Have practical experience and knowledge of reviewing technical designs and solutions to identify security risks and opportunities for improvement
- Practical knowledge and experience of implementing secure solutions within Cloud hosting environments.
- Excellent written and oral communication skills with a great attention to detail
- Ability to document and explain security principles and technical details in a concise and understandable manner
- A good understanding and experience in the application of controls and compliance with regulations, e.g. ISO27k family, NCSC Cyber Assessment Framework (CAF), GDPR, Cyber Essentials, CIS Critical Controls, NIST, OWASP, PCI-DSS.
Desirable skills for the role:
- Professional Information Security certifications (e.g. CISSP, CISA/CISM, CCSP, CISMP)
- An understanding of UK government information technology frameworks and systems
- Bachelor of Science degree in Engineering, Computer Science, or related technical field. Or equivalent knowledge achieved through demonstrable practical experience
- Excellent understanding of the current and emerging threats and countermeasures in information security.
- Have practical and demonstrable experience of working with Solutions Architects to deliver documented secure solutions
- Practical knowledge and experience of implementing secure solutions within Microsoft Azure and its services and components
- Familiarity with cloud-based solutions and infrastructure.
- Experience working with both Agile and Waterfall project methodologies.
Inclusivity
We are proud to be an equal opportunity employer and celebrate our diversity ensuring all are backgrounds included here at the CAA. As a member of the Disability Confident scheme, applicants who meet the minimum criteria for a role with us will be guaranteed an interview.
Our Benefits
We offer a range of excellent benefits such as:
- Flexible & hybrid working arrangements available
- 28 days annual leave + public holidays (additional 5 days leave purchase scheme)
- Generous pension scheme (Up to 12% employer contribution)
- Wellbeing Room at Gatwick
- Mental Health and Suicide First Aiders
- Employee Assistance Programme, talking therapies and neurodiversity support via Occupational Health & access to Headspace for colleagues and 5 dependents
- Free onsite gym at Gatwick or discounted gym membership for London
- EV charging points
- Employee Development courses internally and via Skillsoft
Our Values
Do The Right Thing, Never Stop Learning, Build Collaborative Relationships, Respect Everyone – For more information please Click Here
Closing Date: Wednesday 13th November 2024
Screening Calls: We will look invite shortlisted individuals to initial briefing calls to discuss the role and their experience in detail.
Interview Dates: w/c Monday 25th November 2024
We reserve the right to close this vacancy early if we receive sufficient applications for the role. Therefore, if you are interested, please submit your application as early as possible.
No recruitment agencies please.
Tags: Agile Azure C CCSP CISA CISM CISSP Cloud Compliance Computer Science Firewalls GDPR Governance IaaS ISO 27000 Malware NIST OWASP Pentesting SaaS Security assessment Security strategy Strategy
Perks/benefits: Career development Fitness / gym Flex hours Health care
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.