SC Cleared Product Security Analyst | 12 months | Inside IR35 | Remote/3 days on site - Surrey
Jefferson Frank are proud to be supporting a London based consultancy who are looking for a Product Security Analyst.
Active Security Clearance is required!
You will be a focal point for security and information risk matters within the Product Security Engineering (PSyE) team and will be able to apply their deep level of subject matter expertise and experience to ensure that submarine systems and products are delivered and can be managed and supported through-life.
As a PSA you will provide subject matter expertise and advice to other functional and capability areas to support overall project delivery and performance and advice and consultancy to design authorities and interested stakeholders.
* Developing Risk Management Accreditation Document Set (RMADs)
* Performing risk assessments using multiple methods including IS1, ISO27001, NIST, Mitre, STRIDE.
* Selection of security controls, providing guidance on implementation and capture of compliance.
* Attendance at Security Working Groups (SWGs), design reviews and gate reviews
* Be able to contribute and influence the development of Product Security strategies, policies, guidance, good practices and awareness.
* Be able to recommend appropriate controls to mitigate identified risks in line with government and MOD policies and good practice, to provide more cost effective risk mitigation in the longer term.
Knowledge and Experience:
* Former CLAS consultant
* Strong experience of developing Risk Management Accreditation Document Set (RMADS).
* Current CISSP or CISM qualification
* Strong background in HMG and MoD Policies, SPF, JSP440, JSP 604, and TEMPEST
* Proven experience of assessing and managing information risk in line with industry good practice.
* Proven experience of applying Product Security/Information Security concepts to applicable technologies within the environment (or similar). Experience of Product Security Engineering activities in the defence, maritime or closely linked domain.
If you have the skills required, please apply with your CV at first instance