Information Assurance Technical Security Specialist

Location: Crawley United KingdomIn fast changing markets customers worldwide rely on Thales. Thales is a business where brilliant people from all over the world come together to share ideas and inspire each aerospace transportation defence security and space our architects design innovative solutions that make our tomorrows possible.Together we offer fantastic opportunities for committed employees to learn and develop their career with us. At Thales UK we research develop and supply technology and services that impact the lives of millions of people each day to make life better and keep us safer. We innovate across the major industries of Aerospace Defence Security and Space. Your health and well-being matters to us and thats why we offer you the flexibility to do whats important to you; whether thats part time hours job sharing home working or the ability to flex your start and finish times. Where possible we support a working pattern that suits your lifestyle and helps you reach your ambitions.THALES are looking to hire an Information Assurance/Technical Security Specialist to provide technical security advice and guidance on the efficient and effective secure through-life management of systems related to the use processing storage and transmission of Thales information or data.This includes but is not limited to the technical oversight of the physical technical and administrative security controls to conduct these tasks.Reporting to the Thales UK Deputy CISO the Information Assurance/Technical Security role involves the identification of applicable technical security requirements and their associated cost-effective security controls as well as through-life continual security assurance of Thales IS environments throughout their design implementation transition into service and operational lifespans.Location Crawley / Doncaster but will consider other Thales locations.What can we offer youOn offer is a competitive salary and benefits package which includes;Performance Related BonusHalf day every Friday usually finishing around 13:00pmHybrid WorkingPension Scheme28 days annual leave (Plus Bank Holidays)Life Cover24/7 Employee Assistance Program and access to mental wellbeing appEmployee discount shopping schemes on major brands and retailersGym membership discountsWhat will you deliverTechnical Security: Support Thales UK in ensuring all IS/IT technical security measures are implemented enhanced and developed where necessary to ensure successful and timely security assurance via on-going through-life continual assurance and compliance programmes.Technical Security Point of Contact (PoC): Provide a central PoC for all IS/IT technical security matters and concerns supporting delivery teams and businesses throughout project lifecycles.Change management: Conduct security reviews of internal/ externally connected platform related changes ensuring Security risks impacts and mitigations are managed appropriately.Cloud Security: provide security guidance around the secure deployment and usage of Thales adopted public cloud infrastructure and/or SaaS services (e.g. Azure) in compliance with government security guidelines Thaless policy and industry accepted good practices for security.Compliance & Governance: ensure Thales on-premises and cloud environments comply with government policies such as Cyber Essentials DefStan 05-138 UK GDPR NCSC guidelines and other applicable contractual and regulatory frameworks.Evidence Continual Security Assurance: Creation Maintenance and Review of all IS/IT technical security documentation policy and procedures associated with Thales IS/IT networks systems and applications as per Customer (primarily HMG UK MOD) and Thales Group policy and mandatory requirements.Incident Response: Be responsible for the reporting investigation and analysis of security incidents and potential breaches within classified environments working with the Thales UK Incident management team to ensure identified issues are resolved quickly.IS/IT Squad Engagement: Develop security requirements epics and stories along with guidance & governance to squads to ensure data protection and data security are included in the scope of new and existing IS/IT Squad activities initiatives and projects.Risk Focused Delivery: Able to work collaboratively with other team members to ensure proposed solutions provide the required level of security assurance in line with data processing requirements as well as Thales and customer risk appetites.Risk Management: Responsibility for developing and coordinating the implementation of formal and regular technical risk and compliance assessments of Thales IS environments recommending remedial action where required.Third Party CoCo Assurance: Provide assurance and ensure successful and secure delivery of all Code of Connections (CoCos) associated cryptographic products key material and required documentation.Training & Development: Engage in continuous learning and development both for yourself as well as supporting less experienced Thales UK staff in their development.Who are we looking forDemonstrable experience of applying security principles within an agile delivery framework.Evidential experience as subject matter expert in the evaluation and implementation of technical security products and solutions for Public or Private sector organisations.Evidential experience in the identification assessment and management of technical security risks developing risk mitigation strategies and tracking residual risk throughout the risk lifecycle.Demonstrable experience of managing assurance and/or compliance activities associated with a defined security standard (ISO 27001 Def-Stan 05-138 NIST SP 800-* NIST CSF).Experience developing security assurance frameworks and governance models.Experience in performing formal risk assessments and production of security reporting artefacts within both on-premises and cloud-based environments.Evidential experience as subject matter expert in the evaluation and implementation of technical security products for MS Office 365 Azure cloud based Public or Private sector organisations.Able to effectively communicate highly technical security concepts implementations and issues both verbally and in writing to management clients and staff at all levels.Able to interpret detailed system design documentation identifying potential security risks and recommend mitigations containing levels of security appropriate to the associated risk levels.Able to interpret security standards and derive solution specific security requirements from these and assess solutions against these standards for compliance for both new and changes to existing systems/applications.Able to provide analytical advice on the security implications of new and existing systems and for all proposed changes to said systems.Ability to provide technical security advice to business areas when required and to provide technical security input to the security risk registers.Demonstrable understanding of security across the full stack of information systems (network infrastructure and applications) both on-premises and cloud-hosted (MS Azure Oracle AWS; PaaS IaaS and SaaS).Ensure compliance with MOD/UK Government security governance frameworks.Ensure that the activities embody a compliancy approach such that Security Architecture and Services manage risk maximising business value with appropriate security.In-depth experience of technical security issues and remediation activities across a range of system and application platforms including cloud-based and on-premises.Working knowledge of UK Government and MOD security standards for defence suppliers (such as Def Stan 05-138 v4 DEFCON NCSC cloud security principles) is required.Info. Security Qualification: MSc (InfoSec)/CISSP/CISM or similar certificationsDesirable:Demonstrable understanding of Azure Stack including Security products.Current Cloud Security Qualification e.g. CCSK CCSPDemonstrable understanding of Office 365 Stack including associated Security Risks Threats and countermeasures.Understanding of current and emerging Security technologies.Qualifications: AZ-500 CCSP CISSP SABSAThis role will require SC Clearance. It would be advantageous if currently held however if not currently held it is a requirement that the successful applicant will undergo achieve and maintain SC Clearance. Please visit the UKSV website for further guidance.To be eligible for full SC you generally need to have resided in the UK for the last 5 some circumstances a minimum of 3 years residence in the UK over the last 5 years may be accepted with additional overseas checks.For further details of the evidence required to apply for Baseline and Security Clearance please refer to the National Security Vetting (NSV) Agency - United Kingdom Security Vetting - ()#LI-DOMIn line with Thales Baseline Security requirements candidates will be asked to provide evidence of identity eligibility to work in the UK and employment and/or education history for up to three years. Some vacancies may require full Security Clearance which can require further evidence to be provided. For further details of the evidence required to apply for Baseline and Security Clearance please refer to the Defence Business Services National Security Vetting (DBS NSV) Agency.At Thales we provide CAREERS and not only jobs. With Thales employing 80000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working.Thales UK is committed to providing an inclusive and barrier-free recruitment process. We will provide reasonable adjustments and support to ensure neuro-diverse applicants or those with a disability or long-term condition can be their best during the recruitment process. To request an adjustment if you need this job advert in an alternative format or if you have any questions about the recruitment process please contact Resourcing Ops for mid to senior roles or the Early Careers Teamfor graduate and apprentice roles.Great journeys start here apply nowRequired Experience:IC Key Skills Economics,Conveyancing Paralegal,Corporate Risk Management,Ftp,ITIL,Airlines Employment Type : Full-Time Experience: years Vacancy: 1