Working within the Network Services & Rail business’s, this function provides support for BIDs, project and programme governance and formal risk reviews. Individuals must interpret and apply appropriate standards whilst adhering to respective frameworks such as HMG SPF, NIST CSF, NCSC IA standards and guides.
Individuals will be working across critical areas of infrastructure, technology, applications, whilst expected to apply policy and procedural alignment against central ISO27001 standards across business units were applicable.
The Information Assurance Practitioner will have minimum of NCSC CCP Practitioner, Senior desirable.
- Must be a NCSC certified professional - Practitioner (minimum)
- ISO27001 internal auditor, other CISA an advantage
- Desirable background and or qualification such as: CISSP, CISM, CompTIA CASP+
(Minimum experience 5 years)
Background ideally within Rail, Public Sector. HMG or within Critical National Infrastructure (CNI).
Successful appointment will be subject to having or being granted Security Clearance
- High documentation standard
- Strong knowledge & understanding of, & experience in, IT security
- Industry experience of undertaking and leading Risk Assessments, Risk Treatment & implementing practice countermeasures for pragmatic remediation
- Experience & knowledge to apply NIST, CSF, HMG SPF, ISO27001 standards and frameworks
- Working knowledge of List X, List N, IEC62443-3-3 related standards & industry experience advantageous.
- penetration testing/ethical hacking
- Experience of running vulnerability scans and understanding the security risk review process
- Appreciation of trends in IT security
- Knowledge and understanding of the current and developing strategic information requirements of a Technology Services business
- Knowledge of current trends and developments in information technology
- Strong interpersonal and communication skills
- Skill in organising resources and establishing priorities
- Proven team player
- Strong technical background / understanding
- Must be strong to steer on regulatory, compliance matters
- Excellent verbal and written communications
- Leadership qualities
- Functional skills
- Technical skills
- Problem solving skills
- Technical learning
- Customer & Business Awareness
- Subject matter expert in your security field