Vacancies - Information Assurance Specialist


Our Vacancies

Information Assurance Specialist

Location: Dorking Salary: Competitive + Excellent Benefits

Industry: IT, Security/Resilience

Job Description

The Information Assurance Specialist is a key role in the Frazer-Nash Consultancy IT Security Group and critical to the success of the company. The IT Security Group is the lead for all cyber security related activity within Frazer-Nash and its functions are split into two areas;

  • Governance, Accreditation and Compliance - providing security advice and guidance to the wider IT Department to support IT projects and change management and to the business with regard to accreditation, customer requests, service requests and general user queries
  • IT Security Operations - providing effective security monitoring, testing and analysis of the Frazer-Nash IT infrastructure

Although individual specialists may have specific lead responsibilities, they will be expected to undertake any of the duties across each of these functional areas when required.

Primary duties

  • Understand the different compliance frameworks required by the business (including, but not limited to, ISO 27001, MOD DAIS, Cyber Essentials, MOD Cyber Profiles, Australian DoD, etc)
  • Engagement with the broader security industry and community to ensure Frazer-Nash is aware of current and future threats, and is aligned with industry best practise.
  • Develop contacts with relevant IT Accreditors and key customer IT Security functions.
  • Review and update of the adequacy and completeness of IT Security documentation against changing customer and regulatory requirements including defence, civil nuclear, commercial, and data protection, and in the light of emerging risks.
  • Support the accreditation processes, working with internal and external stakeholders to acquire and maintain all required security certifications.
  • Liaise with other governance process holders, both in the IT department and the wider business, to ensure security best practise is correctly included in applicable procedures.
  • Creation and maintenance of the IT security standards and other documentation to enable delegation of day to day IT security tasks to the IT Operations Group.
  • Provide advice and guidance to IT Department projects, reviews, change requests and development processes
  • Provide advice and guidance to the wider business regarding customer requests, service requests and general user queries
  • Manage 3rd party cyber security audit processes
  • Undertake security audits across IT systems, applications, processes and projects.
  • Keep current with the latest threats, vulnerabilities and developments in cyber security.
  • Taking an active part in security incident response
  • Taking an active part in the continuous improvement processes with the wider IT department to ensure that security improvements are completed

Requirements

The Information Assurance Specialist will be familiar with the following:

  • Developing IT security department processes and procedures
  • Understanding and developing controls in line with ISO 27000, Cyber Essentials, CIS (SANS) cyber controls & CSA Cloud cyber controls
  • Conducting, or participating, in internal and external audit processes
  • Broad IT knowledge to be able to provide security input into a range of projects

The secondary role of the Information Assurance Specialist will require a knowledge across the following:

  • Understanding and analysing system vulnerabilities
  • Identification of remediation activities, working alongside IT Operations and Infrastructure Groups
  • Understanding attack vectors and exploitation of vulnerabilities
  • Understand firewall, network and server logs
  • Network traffic capture and analysis.
  • Understand the features of modern security monitoring systems
  • The ability to analyse events and reported incidents

The Information Assurance Specialist should have experience in the following types of security tools

  • Vulnerability scanning and analysis
  • Enterprise SIEMs
  • Network and host Intrusion Detection Systems
  • Endpoint security and monitoring solutions
  • Digital Forensics & Incident Response (DFIR) tools

Relevant cyber security qualifications are desirable, but not obligatory. Candidates will be assessed on their experience and capability. Relevant qualifications include:

  • 27000 Lead Implementer or Auditor
  • CISSP
  • SANS GCIA & GCIH
  • Certified Ethical Hacker (CEH)
  • CCSP
Apply for this position How to apply
 
 

SERVICES


Our engineering and technical services include:

 
 
 

© Copyright 2013 Frazer-Nash Consultancy

Close  Close