Sopra Steria is developing a new Managed Service utilising a multi–tenant private cloud to replace a complex legacy Enterprise infrastructure. This will require a high level of automation and repeatable component design patterns to allow the deployment of customer business solutions within short time frames. The project will make heavy use of Windows and VMware technologies, along with Ansible, Terraform and Scripting supported by niche infrastructure and applications.

The Security Consultant will work as part of Sopra Steria's security team, reporting to the Security Lead, and will be responsible for managing the accreditation of the networks, workplace, platform and applications services to ensure that the information security is proportionately maintained through the life of the system.

The role will require high attention to detail, working with the development teams, security architects and customer representatives to record the detailed implementation of security controls in the design and to define, scope and manage the security assurance testing. Throughout, the security consultant will be required to manage a clear timeline of accreditation activities against the wider project timelines to ensure that security is supporting delivery and minimising the risk of delays in accreditation.

Home based with travel for meetings.

What you will be doing:

• Migrate legacy security documentation to current security formats
• Manage security accreditation process for multiple targets of accreditation
• Support security architects with security control requirements and obtain required evidence
• Defining, scoping and managing security assurance activities
• Supporting the Security Lead in wider operational security delivery including advocating a strong security culture and training to new joiners
• Working with wider business stakeholders including customers, suppliers, and internal teams to ensure successful project delivery.

What you will bring:

• Information Security experience within a large organisation
• A clear understanding of UK Government Security Frameworks including the Security Policy Framework and NCSC Good Practice guidance
• Experience in providing advice on data protection, information security and business continuity
• A clear understanding of the Data Protection Act 2018
• Experienced in Risk Assessment methodologies such as IRAM, CRAMM, IS1&2 and/or NIST SP800 series.
• Excellent interpersonal and communication skills
• Strong enterprise risk management experience
• User and customer focussed

It will be great if you have:

• Experience working in MOD security delivery projects
• Security qualification such as CISSP or equivalent experience
• Experience using security risk management tooling
• Good working knowledge of security related JSPs

Employment Type: Permanent, full–timeLocation: Home–based, remoteSecurity Clearance Level: Must be eligible for BPSSInternal Recruiter: StinaSalary: GBP52,000 – GBP78,000Benefits: 25 days annual leave with the choice to buy additional days, life assurance, pension, car allowance and generous flexible benefits fund

Although this role is advertised as full–time, we believe that flexibility at work can promote work/life balance, increase your motivation, reduce stress and improve performance and productivity. We support different ways of working and can offer a range of flexible working arrangements. So, if you're interested and need to work flexibly, we encourage you to apply and talk to us about what might be possible.

Loved reading about this job and want to know more about our company?

Sopra Steria's Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client's goal of National Security, and we operate in a unique and privileged environment. We are given time for professional development activities, and we coach and mentor our colleagues, sharing knowledge and learning from each other. We foster a culture in which employees feel valued and supported and have pride in their work for the customer, delivering outstanding rates of customer satisfaction in the UK's most complex safety– and security–critical markets.

Our technical specialists deploy systems running many of the major operating systems such as Microsoft Windows, Mac OS, and multiple Linux distros. We also provide Messaging and Collaboration systems and support, Application packaging and deployment, along with supporting Infrastructure and Cloud services and support. Our time can be split between our services and project work, so we have the chance to be multi–disciplined and access to a range of technologies.

We embrace difference as a source of creativity, innovation and competitive advantage and are striving to become a more diverse organisation. We welcome applications from people with a diverse variety of backgrounds and identities. We are committed to equality of opportunity for all and do not discriminate on the basis of race, religion, colour, gender, age, disability, sexual orientation or marital status. We have partnered with Vercida , the UK's largest diversity and inclusion focused careers site, where all our vacancies are available in an accessible format.
If you require any adjustments to the recruitment process, to enable you to perform to the best of your ability, please let us know when completing your application. We participate in the Disability Confident scheme and are committed to offering an interview to any candidate with a disability, who meets the minimum criteria for the role. If you believe this could apply to you, please let us know when completing your application.