Our world-leading Time & Frequency department are seeking an Information Security GRC & Assurance Manager with hands-on experience of new product development, related to Position, Navigation and Timing (PNT).
You're joining us at a very exciting time - we maintain the UK’s National Time Scale, UTC (NPL), and are currently developing a new resilient Time Scale facility that will underpin our Critical National Infrastructure. This will address the risks associated with our dependency on global navigation satellite systems (such as GPS) that are vulnerable to both natural and intentional interference.
Key responsibilities:
You will enjoy providing guidance and oversight toward governance, risk, compliance, and assurance, in alignment with standards and regulations. You will have a pivotal role in ensuring the NCSC Cyber Assessment Framework (CAF) is applied to projects throughout their lifecycle.
This role offers exciting opportunities to collaborate with subject-matter experts across and industry-leading professionals within NPL’s Cyber Security / CIO division; including (though not limited to) day-to-day information, risk consultancy, advice, and guidance. You'll jointly prioritise risk mitigation, tracking of risk tolerance, and reporting.
At least ONE of the following certifications:
- Certified Information Security Systems Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
At least TWO of the following certifications:
- CompTIA Security+
- Certified Cloud Security Professional (CCSP)
- Systems Security Certified Practitioner (SSCP)
- GIAC Security Essentials Certification (GSEC)
- Certified in Risk and Information Systems Control (CRISC)
- ISO 27001 Lead Auditor
- ISO 27001 Lead Implementer
- Experience of NCSC’s Cyber Assurance Framework (CAF), NIST Cyber Security Framework (CSF), NIST SP 800-53, ISO 27001 and HMG regulations, or alternative IT in defence and security
- Knowledge of IT Security risk assessment processes and ability to identify a proportionate set of IT Security controls aligned with business objectives.
- Cross-security domain approaches and solutions
- Experience of operating in Critical National Infrastructure (CNI) and the requirements around cyber security and operational resilience
- Understanding of threats in a government, mission and critical national infrastructure environments.
- In-depth assessment of IT systems, cloud offerings (IaaS, PaaS and SaaS), services and IT Security controls to provide an independent view of their compliance and effectiveness with Security Policy, IT Security standards and external regulatory requirements.
- Assessing architectural designs to determine whether the relevant IT Security controls have been identified in line with business objectives and risk mitigation.
- Analysis, creation and compilation of relevant documentation determining the compliance level of systems and services, technical security controls with applicable certification, accreditation, and internal policy requirements
- Stakeholder engagement; promoting a mind-set of developing secure systems, transferring knowledge of security standards / processes and acting as a subject matter expert (SME)
We actively recruit citizens of all backgrounds, but the nature of our work in specific departments means that nationality, residency and security requirements can be more tightly defined than others. You will be asked about this throughout the recruitment process. To work at NPL, you will need to obtain BPSS security clearance.
Please note: Applications will be reviewed, and interviews conducted throughout the duration of this advert therefore we may at any time bring the closing date forward. We encourage all interested applicants to apply as soon as practical.
The National Physical Laboratory (NPL) is a world-leading centre of excellence that provides cutting-edge measurement science, engineering and technology to underpin prosperity and quality of life in the UK. Find out more about what it is like working here - The measure of us - Overview
NPL and DSIT have strong commitments to diversity and equality of opportunity, and welcome applications from candidates irrespective of their background, gender, race, sexual orientation, religion, or age, providing they meet the required criteria. Applications from women, disabled and black, Asian and minority ethnic candidates in particular are encouraged. All disabled candidates (as defined by the Equality Act 2010) who satisfy the minimum criteria for the role will be guaranteed an interview under the Disability Confident Scheme.
At NPL, we believe our success is a result of the diversity and talent of our people. We strive to nurture and respect individuals to ensure everyone feels valued by treating everyone on the basis of their own individual merits and abilities regardless of their own or perceived identity, as part of our commitment to diversity & inclusion, we ensure we’re creating an environment where all our colleagues feel supported and welcome. More about this on our Diversity & Inclusion page.
We are committed to the health and well-being of our employees. Flexible working and social activities are embedded in our culture to create a positive work-life balance, along with a broad range of rewards, benefits and recognition. Our values are at the heart of what we do, and they shape the way we interact, develop our people and celebrate success. To ensure everyone has an equal chance, we’re always willing to make reasonable adjustments to the recruitment process. If you would like to discuss, please contact us.
