Dewislen

Project Security Lead

Manylion swydd
Dyddiad hysbysebu: 10 Medi 2025
Cyflog: £550 i £600 bob dydd
Oriau: Llawn Amser
Dyddiad cau: 16 Medi 2025
Lleoliad: Corsham, Wiltshire, X000XX
Cwmni: Experis
Math o swydd: Cytundeb
Cyfeirnod swydd: BBBH422465_1757456827

Gwneud cais am y swydd hon

Crynodeb

Job Title: Project Security Lead
Location: Corsham
Duration: Until 31/03/2026 with possible extension
Rate: Up to £600 per day via an approved umbrella company

The Project Security Lead (PSyL) is responsible for establishing and maintaining security activities, including implementing continuous assurance approaches for the system, in alignment with Secure by Design (SbD) guidance as part of the programme's ongoing cyber risk management strategy.

Reporting to the Programme Chief Information Security Officer (CISO), the PSyL ensures that the mandated requirements outlined in JSP 440 Lft 5C are applied throughout the capability lifecycle. By embedding security from the outset and proactively addressing potential risks, the PSyL that all information security risks are identified, scored, recorded, and managed. Key responsibilities include:

Risk Management

Provide subject matter expertise, advice and guidance on security activities relating to the continual risk management of the system(s).

Establish and maintain a continuous approach to risk management, within the designated risk appetite, across the system(s) linking into Programme and Organisation policy for the duration of the systems' lifecycle.

Identify and communicate current and emerging security threats and respond to in line with reporting requirements.

Governance and Compliance

Provide advice, guidance, and approval for all security controls on the system, including assessment for all architectural and design changes, as well as continuously monitoring their effectiveness.

Create, develop, and maintain security artefacts for the system that align with the clients cyber assurance processes and manage all associated JSP 440 and JSP 453 related compliance and standard requirements.

Responsible for all aspects of physical, procedural and personnel security related to the development systems operation and the identification, assessment, and continual monitoring of appropriate security controls.

Represent the project at the Project Security Working Group (monthly) and CISO standups (weekly).

Provide solutions that balance business requirements with information and cyber security requirements.

Stakeholder Engagement

Managing relationships with key stakeholder groups including Project Teams within Projects and other project assurance teams.

Effective communication skills across diverse audiences including the ability to translate Cyber Risks to business impacts for non-SMEs.

Continuous Assurance

Ensure all continuous assurance reporting requirements for Secure by Design are completed in line with programme reporting and auditing standards.

Manage all system assurance activity including CHECK IT health checks, SbD 2nd Line Assurance and the Cyber Compliance Framework Audits and the associated remediation activities.

Essential Skills and Experience

  • Proven demonstrable experience operating in a security risk role or working within a Cyber Security Framework such as the NIST RMF or CSF.
  • Detailed knowledge and understanding of defence policy and standards, particularly JSP 440, 453.
  • Experience of producing Security Management Plans, Security Instructions, and other security policy related documentation.
  • Knowledge of security risk reduction policies, processes, and procedures such as Incident Response, Vulnerability Management and Patch Management.
  • Delivery of Risk Assessments, Risk Treatment Plans, scoping and managing IT health checks and associated remediation activities.
  • Experience in stakeholder management and communication, particularly inside of the Defence sector or wider Government.

Desirable Skills

  • Professional registration with an appropriate licencing body such as Chartered IT Professional, Incorporated or Chartered Engineer or Principle or Chartered Cyber Security Professional.
  • Relevant Cyber Security certification such as CISSP, CGRC, CISM or CRISC.

Deliverables:

  • The key deliverable for the Project Security Lead (PSyL) is the overall implementation and continuous monitoring of cyber security controls, managed within a Cyber Security Framework to mitigate identified risks within the project. The PSyL ensures that security, including cyber security of suppliers, is addressed through governance and project processes to maintain Defence standards and address security issues. Documents will vary depending on the system and identified risks. An indicative list is provided below:
  • Risk Assessment and Management Plan.
  • Cyber Risk Assessment.
  • Security Management Plan (SMP).
  • Security Aspects Letter (SAL).
  • Digital Obsolescence Plan.
  • System Patching and Update Plan.
  • Data Protection Impact Assessment.
  • Vulnerability Management Plan.
  • Incident Response Plan.
  • Cyber Assurance Activity Tracker (CAAT) completion or DART(S) until CAAT(S) is released to service.
  • Approval of Code of Connection.
  • Completion of certification of conformity for all external bearers.
  • Produce briefs, attend meetings, and deliver additional documents as required.

Post deliverables are managed on a Sprint basis and will be agreed in Sprint and Programme Increment (PI) Planning. All agreed Sprint tasks will be completed by the end of the Sprint.

If this is the role for you please submit your CV at your earliest convenience

Gwneud cais am y swydd hon