CCP Consultant - Outside IR35

CCP Consultant (SIRA) - Outside IR35

Contract Term: 12 Months

Contracting Authority: Sellafield NDA

Location: Remote/Hybrid

To support the Head of Cyber Risk as a Subject Matter Experts (SME) in Cyber Security risk for the delivery of risk specific elements of the Cyber Security & Information Assurance (CS&IA) plan.

The Senior Information Risk Adviser (SIRA) is an autonomous risk role to support the Head of Cyber Risk with understanding the technology risks and propose mitigations to assist in establishing and maintaining an enduring cyber security and information assurance posture.

The role has a broad scope spanning technical and process risk across the cyber security, information security and privacy space and will necessitate engagement with Sellafield Ltd CS&IA (Cyber Operations, Assurance, Risk, Data Protection), Sellafield Ltd ISO (Architecture, Service and Knowledge Management), Sellafield Ltd Cyber Programme and other partners/suppliers.

The output will include the production of formal risk assessments conducted to the standards acceptable to Sellafield Ltd, including but not limited to HMG IS1, IRAM 2 or other ISO27005 assessments as agreed. The output will be used to determine the exposure to risks and likelihood of materialisation, required mitigations and support CS&IA planning necessary to support correctness of posture, satisfy Regulatory matters.

As a CCP Consultant (SIRA) your main responsibilities would be: 

Formal risk assessment of Sellafield Ltd Information Technology/Operational Technology applications, Cloud environments O365/Azure security configuration and other systems.
Recommendations around mitigations necessary to minimise the materialisation of identified risks in line with the Sellafield Ltd risk framework.
Production of risk reports to support the CS&IA Plan.
Analysis of system configurations and in cognisance of NCSC guidance, determination of associated risk in relation to systems or solutions developed or implemented by Sellafield Ltd.
Assists with input to the risk tracking of related cyber risks and the management of a Cyber and Information security/privacy risks for the Head of Cyber Risk.
Formal determination of cyber and information security/privacy related risks and issues.
Produce the following deliverables - Requirement’s documents/specifications, Policies and procedures, Risk assessments/reports, Security cases and Risk Treatment plans.

You’ll have relevant experience in:

Qualification as an NCSC Cyber Certified Practitioner (CCP) at SIRA level, or a former GCHQ CESG CLAS consultant
CISSP or equivalent Qualification or membership of a professional body in Information Security.
Significant experience in applying Cyber Security Standards.
Experience of CSA CCM v3 cloud controls.
Experience in applying technical information technology and information assurance controls to business information models.
Ability to identify vulnerabilities when assessing information systems architectures and designs.
Demonstrable experience of implementing projects based upon Microsoft-based Public PaaS and SaaS based solutions at UK Official or above. (E.g., E3 and E5 licensing models, licensing bolt-on’s such as SCP & EMS, O365 & M365, Microsoft Teams, Information Protection, Sentinel, MCAS etc).
Knowledge and use of security and privacy policy (including but not limited to ISO27001, ISO 27005, ISO22301, NIST 800-53, EU GDPR and DPA 2018)
Knowledge of Cyber Security models and frameworks (NIST PDRR, Mitre ATT&CK, ONR Security Assessment Principles (SyAPs).
Thorough knowledge of Cyber Security risk methodologies including but not limited to HMG IS1, IRAM 2 and others such as NIST RMF (800-37).
Ability to interpret business requirements and technical ICT documents into Cyber Security requirements.
Good understanding and knowledge of ICT systems (software, hardware, and networks) and applications both legacy and current.
Good communication skills across all levels of the business and able to talk to non-specialists, specialists, and senior stakeholders.
SC Clearance is an essential requirement for this role, as a minimum you must be eligible and willing to undergo these checks.

Desirable:

Active SC Clearance.
Knowledge of Civil Nuclear Information security requirements and NCSC good practice.
Working with operational cyber security teams.
Working with Regulators/in a Regulated environment.
Knowledge and experience of network and systems management.

If this CCP Consultant (SIRA) role sounds like something that you would be interested in, please click the link to apply and get in touch with one of our PSR team now.

"In applying for this role, you acknowledge the following: this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different."

Please be aware that this role can only be worked within the UK and not Overseas.

We value the unique differences that each of our colleagues bring to work every day and are committed to creating an environment where everyone feels respected, included, and able to perform at their best. At NDA we are committed to creating a workplace that is diverse and inclusive. We value the diversity of our people and actively seek to have a workforce that represents the rich diversity of the communities we support. Currently we are underrepresented in some areas, and would particularly welcome applicants from Women, Black, Asian and Ethnic Minorities, LGBTQ+ and candidates who have a disability.

In promoting equal opportunities, NDA welcomes applications from all sections of the community. We select people according to their abilities and our needs. As users of the disability confident scheme, we guarantee to interview all disabled applicants who meet all the essential criteria for the vacancy. In cases where we have a high volume of disabled candidates who meet all the essential criteria, NDA will interview the best candidates from within that group.