Information Security Governance and Risk Manager

NPL is currently seeking an Information Security GRC& Assurance Manager to join the team dedicated to development of newproducts related to PNT. This role provides guidance and oversight togovernance, risk, compliance, and assurance with the appropriate standards andregulations. Focused on ensuring the NCSC Cyber Assessment Framework (CAF) isapplied to projects throughout their development and program lifecycle.

This specialist position will be supported by NPL’sCyber Security Team and CIO division with day-to-day information riskconsultancy, advice, and guidance. It will also support with prioritisation ofrisk mitigation activities, tracking of risk tolerance and reporting whilesupporting the design and implementation of the assurance framework.

We are now working in a hybrid way, with a mix ofremote and office working. We strive to offer a great work life balance - ifyou are looking for part time or flexible options, we will try to make thiswork where business possible. This will be dependent on the kind of role you doand part of the business you work in.

Key Requirements:

One of the following certifications:

• Certified Information Security Systems Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)

Two or more of the following certifications:

• CompTIA Security+
• Certified Cloud Security Professional (CCSP)
• Systems Security Certified Practitioner (SSCP)
• GIAC Security Essentials Certification (GSEC)
• Certified in Risk and Information Systems Control (CRISC)
• ISO 27001 Lead Auditor
• ISO 27001 Lead Implementer

Other Requirements:

• Experience of NCSC’s Cyber Assurance Framework (CAF), NIST Cyber Security Framework (CSF), NIST SP 800-53, ISO 27001 and HMG regulations and other departmental IT in defence and security.
• Ability to work in small teams, highly specialised technology areas across diverse projects.
• Experience of cross-security domain approaches and solutions
• Experience of operating in Critical National Infrastructure (CNI) and the requirements around cyber security and operational resilience
• Understanding of threats in a government, mission and critical national infrastructure environments.
• A working knowledge of IT Security risk assessment processes and ability to identify a proportionate set of IT Security controls aligned with business objectives.
• In depth assessment of IT systems, cloud offerings (IaaS, PaaS and SaaS), services and IT Security controls to provide an independent view of their compliance and effectiveness with Security Policy, IT Security standards and external regulatory requirements.
• Assessing architectural designs to determine whether the relevant IT Security controls have been identified in line with business objectives and risk mitigation.
• Analysis, creation and compilation of relevant documentation determining the compliance level of systems and services, technical security controls with applicable certification, accreditation, and internal policy requirements
• Stakeholder engagement; promoting a mind-set of developing secure systems, transferring knowledge of security standards / processes and acting as a subject matter expert (SME)

• The National Physical Laboratory (NPL) is a world-leading centre of excellence that provides cutting-edge measurement science, engineering and technology to underpin prosperity and quality of life in the UK. 

  NPL and DSIT have strong commitments to diversity and equality of opportunity, and welcome applications from candidates irrespective of their background, gender, race, sexual orientation, religion, or age, providing they meet the required criteria. Applications from women, disabled and black, Asian and minority ethnic candidates in particular are encouraged. All disabled candidates (as defined by the Equality Act 2010) who satisfy the minimum criteria for the role will be guaranteed an interview under the Disability Confident Scheme. 

  At NPL, we believe our success is a result of the diversity and talent of our people. We strive to nurture and respect individuals to ensure everyone feels valued by treating everyone on the basis of their own individual merits and abilities regardless of their own or perceived identity, as part of our commitment to diversity & inclusion, we hold memberships and accreditations to ensure we’re creating an environment where all our colleagues feel supported and welcome, please see our Diversity & Inclusion page.

  We are committed to the health and well-being of our employees. Flexible working and social activities are embedded in our culture to create a positive work-life balance, along with a broad range of benefits. Our values are at the heart of what we do, and they shape the way we interact, develop our people and celebrate success. 

  To ensure everyone has an equal chance, we’re always willing to make reasonable adjustments to the recruitment process. If you would like to discuss, please contact us.