Security and Information Risk Advisor

This is a Contract role until August 2020. Candidates who are CESG Certified IA Professionals will be paid a higher rate than candidates who do not hold the certificate. Document all aspects of the DAIS Lab to enable accreditation and maintenance of the capability over time. Document the procedures used to test and assess equipment and software so tests can be repeated and carried out on similar equipment or applications in future by client staff who have completed to level three of the DAIS Lab Training and experience Plan. Provide on-going support to DAIS SACs and attend SWGs where possible to help ensure informed decisions are being made with regards to each element (feature) being incorporated during the projects lifecycle. Continue support to DAIS accreditors as an SME for mobility projects ensuring that educated risk acceptance is being made in line with the SIROs risk appetite. As well as reviewing, current and upcoming ITHCs and penetration tests guidance documents will be generated under this contract with a list of 'must haves’ to ensure that a true risk posture can be ascertained from the security assessments performed. The document set produced from this will include sample work flows to generate robust, appropriate and repeatable ITHC Scoping documents, sample penetration test workflows and reports that can be used as a baseline to compare current and future tests against. Specifically, for mobility projects, document each element that should be tested during a penetration test, why it should be done, what the expected results should be, how the results may affect the devices risk posture, and how it could potentially be done for the most common devices. Develop monitoring guidance specifically for mobility projects that can then be applied to current and future capabilities. This will drive a capability that allows the GOSCC to ingress feeds giving a proactive capability to monitor both on device and network activities. Help and where possible/required lead the process of developing a cloud security policy that outlines the core requirements for a solution to be accreditable by DAIS. Work closely with the relevant teams (specifically the newly adopted yellow team) in mustang to ensure that any software solutions that are developed are developed in line with industry best practice secure coding principles. This process would also involve holding brown bag sessions where secure coding principles are discussed and demonstrated. It would also involve looking through code snippets developed in house to try and identify any weaknesses in the current development process. Develop a process whereby source code for software solutions developed in house are checked against a set criteria to ensure all code has been developed to protect the data passing through the application.