Falcon Programme Information Security Specialist

**Falcon Programme Information Security Specialist - **Inside IR35**

**Contract Term: 6 Months**

**Contracting Authority: Cabinet Office CDIO**

**Location: Bristol/Hybrid (2 Days per week)**

**Description**

As part of ensuring the Cabinet Office is a Great Place to Work, improve technology services within the Cabinet Office and improve how the Cabinet Office uses technology to interoperate with its partners across government, broader public sector and industry: Cabinet Office Digital has launched a broad transformation programme called ‘Falcon’.

This role is a part of Falcon, which aims to deliver across 2 workstreams over the next 2 years a modern, flexible, high quality and cost efficient official IT platform to all users across the Cabinet Office and its wider 44 organisations through migration away from the Google Workspace environment to an alternate platform. The second workstream will develop a new modern, secure, and flexible official IT platform that meets the modern demands of the Cabinet Office. Falcon is the Cabinet Office’s priority digital programme.

The programme will work with two primary commercial technology partners, to deliver each of these workstreams. The Falcon team produces all the programmatics, steering the programme through the range of required assurance and approvals whilst coordinating overall activity between users, Cabinet Office Digital and the commercial partners.

**As the Principal Information and Cyber Security Specialist you will**
- Chair the programme’s security assurance working group
- Act as the principal coordination point with the Cabinet Office CISO, and their team, including security architecture and cyber
- Bring together and lead a matrix team of technical and business user representatives to review and agree recommendations raised by the commercial partners and users on cyber and security issues.
- provide technical leadership and consultancy, through the development, operation and ongoing improvement of internal and cross-government enterprise technology services
- Act as the Falcon programme’s principal information security specialist for all of the Falcon programme systems and services
- Identify and select appropriate technical solutions based on a deep understanding of user needs, CISO, Cabinet office and business requirements
- Collaborate with other working group chairs, managers, business analysts, delivery managers and others as part of cross-functional delivery teams
- oversee or lead the technical evaluation of proposals from third party suppliers, as part of government procurement processes
- work closely with external suppliers to ensure that their proposed services are robust, scalable, open and secure and meet other internal standards
- forge close working relationships across the cross-government technical security and cyber community
- contribute and engage with the Cabinet Office cyber and security team policy, process and standard development.
- Review and input to technical risk assessments from suppliers on behalf of the wider programme and business community.

**Experience**
- A good knowledge of a range of associated vendors, products and services usually used within enterprise IT technology systems, and the associated information security considerations
- Modern security architecture within enterprise IT technology systems
- Familiarity with enterprise IT and risk management related guidance and standards from the UK National Cyber Security Centre (NCSC, a part of GCHQ)
- Familiarity with UK government security standards and policies
- Conducting comprehensive risk assessments, including using standardised assessment methodologies (such as ISO27005)
- Completing Data Privacy Impact Assessments (DPIA) in line with the UK Data Protection Act (2018) and embedding privacy by design into technology system designs
- Building secure enterprise IT systems that balance user needs with security, flexibility, proportionality, risk appetite and complex threat profiles
- Communicating highly technical matters to non-technical colleagues across the department
- Working in dynamic fast paced agile environments, collaboratively and openly with others
- Leading and influencing highly specialised technical teams, including steering decision making and improving how those decisions are made and technical systems are operated
- Managing and chairing a security working group in a complex environment including multiple suppliers and internal business communities.

**It’s desirable that you have experience of or familiarity with**
- Applied information management & records management within enterprise IT systems
- Building IT services that scale efficiently
- Working with senior management to define directorate priorities based on medium-long term strategies and organisational direction, including developing forecasted costings and businesses cases for new technology programmes- Please be aware that this role can only be worked within the