Job Description

Role Title: Cyber-security lead

Duration: contract to run until 22/01/2027 (but would contract a year at a time)

Location: Hybrid, Guildford 30% office, 70% remote

Rate: up to £708.75p/d Umbrella inside IR35

Clearance required: Active Security Clearance is essential

Role purpose / summary

Our Client is seeking an experienced Cyber Security Architect to join the team. This individual must have experience working with the Government. The role involves conducting a comprehensive security risk assessment, developing a security and data protection plan, and performing a security audit. These tasks must be executed within the framework of the client's Global Cyber Security Standard (GCSS), specifically following the client's "UK and Rest of World IT Security Control - IT Implementation Standard," which is based on NIST 800-53.

Key Skills/ requirements

Security Risk Assessment: Conduct a detailed security risk assessment for the project, utilizing internal Capgemini templates or other approved formats.

Security & Data Protection Plan: Develop and implement a comprehensive security and data protection plan, ensuring alignment with the client's GCSS.

Security Audit: Perform a thorough security audit using the client's Cyber Security Assessment Questionnaire (CSAQ), ensuring compliance with NIST 800-53 standards. This audit will typically occur during the 4-week Early Life Support (ELS) period post-go-live.

Security By Design Artefacts. The security architecture and design docs will need to be in line with Security By Design requests and be part of the approval process for the project

Cloud Controls: The Architect will need to build upon the controls provided by the proposed cloud infrastructure to mitigate customer risks in line with the documented risk profile

Requirements:

Experience: Proven experience in completing internal ISMS deliverables or similar external deliverables for clients. Familiarity with NIST 800-53 framework is preferred, but strong experience with ISO27001/ISO27002 frameworks is also acceptable.

Technical Skills: Deep understanding of cybersecurity principles, risk assessment methodologies, and data protection strategies. Ability to transfer skills from ISO27k frameworks to NIST 800-53.

Tools and Documentation: Ability to work with Capgemini templates and adapt them to client-specific requirements. Proficiency in preparing detailed security documentation and audit reports.

All profiles will be reviewed against the required skills and experience. Due to the high number of applications we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply