Cyber Security Consultant at Home Office (PPPT), South East England, 6 Months Initial, to £650 per day
£550 - £650 per day
Contract Spy Diocesan House, Quarry St, Guildford GU1 3XG, UK
Oct 16, 20196 Months or more
Important dates Published Tuesday 15 October 2019 Deadline for asking questions Thursday 17 October 2019 at 11:59pm GMT Closing date for applications Tuesday 22 October 2019 at 11:59pm GMT Overview Specialist role Cyber security consultant Summary of the work Reporting to the Programme Delivery Manager the Specialist will provide technical security and assurance support to the Law Enforcement Community Network. Latest start date Monday 11 November 2019 Expected contract length Up to 12 months. Initial Statement of Work will be for 6 months. Location South East England Organisation the work is for Home Office Police & Public Protection Technology (PPPT) Maximum day rate £650 per day maximum. Higher day rates will not be considered due to budget constraints. About the work Early market engagement Who the specialist will work with The specialist will work as part of the Law Enforcement Community Programme team reporting to the Programme Delivery Manager and will engage with the different stakeholders from GDS (PSN / FN4G), NCSC, NPTC, NEP and the wider DDaT directorate as well as all relevant portfolios / programme projects / work streams. What the specialist will work on Develop/manage a new Security Risk Assessment strategy, policy and process. Perform hands-on gap and risk assessments associated with: o Applications (Home Office Open Systems and Police-to-Police); o Data Centres (WAN-NNI); o Cloud and physical IT infrastructure; o Vendors, suppliers and other third parties. Map controls to policies, standards, procedures and process. Review and monitor IT Security controls to identify operational effectiveness. Interface with CSOC and IAM teams. Interface with security architects, National Information Risk Management, NCSC and other security stakeholders. Provide and contribute to risk assessments. Maintain broad knowledge of standard methodologies and trends in the field of Information Security. Work setup Address where the work will take place Bernard Weatherill House, 8 Mint Walk, Croydon, CR0 1EA. There will also be a requirement to work at Home Office, 2 Marsham Street, London SW1P 4DF. Working arrangements A typical working day is 9am-5pm, however working outside of these hours may be required due to business/project need. The role requires flexibility as individuals may be required to work at any of the Customer premises and/or at supplier sites. The role is currently deemed out of scope of the IR35 regulations. However, at the point of contract award to a successful supplier, the IR35 assessment will be re-visited based on the individual circumstances of the DOS Specialist. Security clearance Must be prepared to obtain SC level security clearance, required for access to Home Office facilities/deliverables, if not already SC cleared. Must also be prepared to undergo NPPV-3 (Non-Policing Personnel Vetting Level 3). Additional information Additional terms and conditions T&S will not be payable for travel to sites within the M25. Travel outside of the M25 will be subject to Home Office T&S policy. Skills and experience Essential skills and experience Experience implementing or assessing security in a PSN network and cloud-as a service environment. Experience of Cyber Assurance assessments. Experience of working in a Policing environment. Extensive knowledge of security technologies and risk assessment methodologies, policies and processes. 4+ years' experience working within the technical arena with 2 plus years of information security work experience. Solid technical background in IT systems and networking in both on-premise and cloud environments. Knowledge &experience of: AWS (or similar) cloud security &infrastructure Web-infrastructure security (Applications &APIs) Network-security tools (IDS/IPS, firewalls etc.) Network-visualization (SD-WAN-Networks, network function virtualisation etc.) Encryption technology & implementation SC security cleared Nice-to-have skills and experience Experience using vulnerability assessment tools and writing risk mitigation plans resulting from the assessment. Excellent analytical, evaluative, and problem-solving abilities. Demonstrable ability to collaborate with technical and non-technical teams to further the goals and mission of the programme. Excellent written and oral communication skills, as well as interpersonal skills including the ability to articulate to both technical and non-technical audiences. Experience in security standards such as ISO 27001, 27002, 27005; NIST. Certifications within the security area are a strong plus (CISSP, CRISC, CCSK, CCSP, GIAC or equivalent). Experience in the alignment of solutions with NCSC guidance. Ability to work independently and multi-task effectively. A bachelor's degree in Cyber Security, Information Security, or Computer Science. How suppliers will be evaluated How many specialists to evaluate 3 Cultural fit criteria Seek constructive outcomes in discussions. Actively involve colleagues and partners to deliver an outcome. Challenge assumptions but remain willing to compromise when it's beneficial to progress. Make recommendations for decisions and options. Additional assessment methods Reference Interview Evaluation weighting Technical competence 60% Cultural fit 10% Price 30% Questions asked by suppliers 1. Is there an incumbent? No. 2. What is the IR35 status? It is outside of IR35.