Security Architect

Overview

CRP is a transformation programme focused on comprehensive change over 10 years to achieve material risk reduction against the unacceptable Cyber Security Defence Board risks and fix known cyber gaps and vulnerabilities. The aim of the programme is to build resilience into the delivery of Defence Outcomes. A constant assessment of risk and continual assurance ofcapabilities will inform priorities and drive focus to the right places. It is important that plans evolve to counter, and rapidly recover from, an effective cyber-attack. The focused pursuit of experimentation and innovation will underpin a ‘learn fast’ and ‘fail fast' approach which will allow Defence to securely adopt disruptive technologies that allow us to compete decisively with our adversaries. The aim of the programme is to engage with colleagues across Defence and Government, alongside those from science, technology, industry, academia, and with our partners/allies around the world, to deliver this ambitious and exciting agenda. Cyber resilient Defence is fundamental to delivering the singular secure, modern digital backbone this domain. Future success will be shaped by how Defence prepares itselfto protect against, and respond to, cyber adversaries.

Specific job skills

• The Security Architect will be accountable for all technical support and assurance activities associated with the CARP Project. This will include but limited to:
• Recommend controls and identify solutions that support the MoD in improving its ability to recover from cyber incidents.
• Provide specialist advice and recommend approaches across team plus stakeholders.
• Support supplier facilitated "Pre-mortem" workshops focused on helping system/service teams in developing CARP compliant Cyber Recovery Plans.
• Support supplier facilitated workshops focused on testing/exercising system server teams Cyber Recovery Plans to measure and improve their effectiveness.
• Provide technical assurance of SORs commercial artefacts and supplier proposals.
• Review refine and maintain all cyber recovery policy guidance and other documentation.
• Work closely with teams from complex interconnected interdependent systems to support them in applying CARP guidance and developing recovery plans at an enterprise level.

Essential skills and experience

• Candidate must be UK Nationals and hold a current SC clearance. DV clearance is preferable.
• Understand security implications of transformation.
• Able to interpret and apply an understanding of policy and process.This will include an understanding of business architecture and legal (including political) implications to assist the development of technical solutions and controls.
• Apply an analytical approach to real problems and consider all relevant informaiton.
• Able to apply appropriate rigour to ensure a full solution is designed and achieves the business outcomes required.
• Demonstrate a deep understanding of security concepts and can apply them at a technical level.
• Effectively translate and accurately communicate security and risk implications to both technical and non-technical stakeholders.
• Successfully respond to challenges and manage stakeholder expectations by implementing a flexible approach to tasks.
• Advise on developments to security properties in technology and able to identify new technologies plus design their use in a business context.
• Able to work with risk owners to advise and give feedback on risk impact and risk tolerances.

Desired skills and experience

• Hold CISSP Certification.

Security Clearence

Candidates must be SC cleared UK nationals.

Aurora framework

Please note: We cannot accept any applications from candidates currently working on the Aurora framework unless the contract is due to finish within the next month.