Head of Security Assurance

The Head of Security Assurance is responsible for leading the Security Assurance Department primarily made up of Security Assurance coordinators. The Head of Security Assurance is responsible for the co-ordination of all security assurance activities to ensure that SecureCloud+ services and supporting internal Information Technology meets the highest security standards and requirements of our customers. The role will support the delivery of a variety of innovative, accreditable, cost efficient and profitable solutions to comply with HMG’s security classification system, and will also lead on the transformation of delivery of services to the MOD’s secure by design methodology.

The Head of Security Assurance will encompass two key areas of Information Assurance and Information Security. Implementing measures focused on protection and safeguarding of the Company’s critical information and relevant information systems, assuring the integrity, availability, authentication, confidentiality and non-repudiation. As well as the protection of information and information systems from illegitimate access, usage, revelation, alteration, disruption and destruction to achieve the objectives of data integrity, availability and confidentiality.

Role Responsibilities

Key responsibilities for this role may include:

• Lead and Manage all members of the Security Assurance department.
• Mentor junior members of the Security Assurance department.
• Promote a strong security culture within the company.
• Co-ordinate the security accreditation and assurance processes for new and enhanced services which the organisation offers to our customers.
• Co-ordinate and support the organisation with the completion of IT Health Checks (ITHC)
• Co-ordinate and support with MOD and other authority assurance activities
• To support the Development and maintenance of our Information Security Management System (ISMS) to best support the Company’s activities, including Risk Management and Accreditation Document Sets (RMADS) and Company Security Policies.
• To examine any risks to the Company's information security and work with the Senior Information Security Manager to put policies and procedures in place to manage those risks.
• Plan and maintain information security compliance activities with the variety of security requirements that the Company meets.
• Support with monitoring Information Assurance
• Coordinate and implement all protective security activities including physical security.
• Co-ordinate information governance, including annual Service assessments and risk management.
• Co-ordinate investigations involving security; to prepare reports and note follow up action.
• Support the delivery of the Company’s Information Security awareness, education and training programme.
• Co-ordinate actions with appropriate suppliers, including consultants and service providers.
• Represent the security team on any relevant project workgroups and project boards.
• Co-ordinate a process of continual Audit, to ensure that compliance is maintained with the various requirements on the Company, and to support continuous improvements.
• Under the guidance of the CISO, Co-ordinate periodic review of policies and procedures.
• Co-ordinate the completion of follow up actions.
  
  

Education And Experience Requirements

As the Head of Security Assurance you will have:

• Bachelor's degree in computer science, information security, or a related field. Master's degree or relevant certifications (e.g., CISSP, CISM, CISA) are highly desirable.
• Proven experience in a security assurance role working with UK Ministry of Defence or Defence Industry, with a minimum of 5 years as a security assurance co-ordinator (SAC).
• An understanding of MOD Secure by Design policy and process.
• Deep technical expertise in security technologies and solutions, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, encryption, identity and access management (IAM), and security information and event management (SIEM) systems.
• Strong understanding of security frameworks, standards, and regulations, including ISO 27001, NIST Cybersecurity Framework, GDPR , NCSC Cyber Essentials Plus, with experience in implementing and maintaining compliance with these requirements.
• Excellent leadership and communication skills, with the ability to effectively communicate security-related concepts and risks to executive leadership, board members, and technical teams, and build consensus around security initiatives.
• Analytical mindset with strong problem-solving skills, able to analyse complex security issues, evaluate potential solutions, and make informed decisions to mitigate risks and protect the organisation's assets and reputation.
• Ability to work collaboratively in a cross-functional environment, building relationships with internal and external stakeholders, fostering a culture of security awareness and accountability, and driving security initiatives to successful outcomes.
  
  

SecureCloud+ is an equal opportunities employer and does not discriminate on the basis of age, sex, colour, religion, race, disability, or sexual orientation. Our hiring decisions are based on an individual’s experience and qualifications for the job advertised.