Essential:
- Referenceable, in-depth knowledge and experience in Cyber Security and IT; including business process design
- Ability to work with Enterprise Security Architecture frameworks (SABSA / TOGAF)
- Designing and constructing business processes, functions and organizational structures using appropriate tools/modelling languages
- Significant knowledge of cloud architecture and integration technologies
- Understanding of IT, networking and virtualisation technologies
- Proven ability to define architecture roadmaps, associated strategies, including design analysis.
- In-depth assessment of IT systems, cloud offerings (IaaS, PaaS and SaaS), services and IT Security controls to provide an independent view of their compliance and effectiveness with Security Policy, IT Security standards and external regulatory requirements.
- Assessing architectural designs to determine whether the relevant IT Security controls have been identified in line with business objectives and risk mitigation.
- Experience of cross-security domain approaches and solutions
- Excellent communicator, verbal and written, with the ability to explain complex issues to a variety of stakeholders; technical and non-technical.
Desirable:
- Secure delivery of scale national infrastructure and subsequent managed service; including the ability to design and build practical security infrastructure within this environment, based on a contextualised understanding of risk.
- Experience of operating in Critical National Infrastructure (CNI) and the requirements around cyber security and operational resilience
- Understanding of threats in a government, mission and critical national infrastructure environments.
- Analysis, creation and compilation of relevant documentation determining the compliance level of systems and services, technical security controls with applicable certification, accreditation, and internal policy requirements
- Stakeholder engagement; promoting a mind-set of developing secure systems, transferring knowledge of security standards / processes and acting as a subject matter expert (SME)
- Experience of leading and mentoring colleagues
- Ability to work in small teams, across highly-specialised technology areas with diverse projects
Essential Cyber Security Certifications:
One of the following:
- Certified Information Security Systems Professional (CISSP)
- SABSA Chartered Security Architect (SCF)
- Certified Information Security Manager (CISM)
Two or more of the following certifications:
- CompTIA Security+
- Certified Cloud Security Professional (CCSP)
- Systems Security Certified Practitioner (SSCP)
- GIAC Security Essentials Certification (GSEC)
- Certified Ethical Hacker (CEH)
- Certified in Risk and Information Systems Control (CRISC)
- ISO 27001 Lead Auditor
- ISO 27001 Lead Implementer
- Certified Information Systems Auditor (CISA)
We actively recruit citizens of all backgrounds, but the nature of our work in specific departments means that nationality, residency and security requirements can be more tightly defined than others. You will be asked about this throughout the recruitment process. To work at NPL, you will need to obtain BPSS security clearance. However, to work in this role in the Time & Frequency department, you will need to have an SC clearance with no restrictions, or you must have the ability to obtain an SC clearance.
Please note: Applications will be reviewed, and interviews conducted throughout the duration of this advert therefore we may at any time bring the closing date forward. We encourage all interested applicants to apply as soon as practical.