Overview
The Security Lead serves as the accountable security owner for a managed service associated with Oracle ERP in the UK Public Sector, ensuring compliance with UK Government security policies while handling sensitive HR, Finance, and Project data. This role requires collaboration with various stakeholders, including client security teams and third-party vendors, to maintain and improve the security posture of the service. The candidate must hold DV clearance and be a UK national, with a preference for pre-cleared individuals.
Responsibilities
- Lead day-to-day operational responsibility for service security across OPERATE and DEVELOP.
- Advise the client on security status, identify and address risks, and improve the security posture.
- Manage the clearance pipeline ensuring all staff handling client data are appropriately vetted.
- Support the SOC in resolving security incidents and document use cases.
- Provide client auditors with access to security documentation and standards.
- Define and maintain Standard Operating Procedures for system administration and maintenance.
- Ensure all Supplier work is conducted exclusively from within the UK and in client-approved secure areas.
- Communicate regularly with the client on security matters and promptly report any major incidents.
Requirements
- Substantial experience as a security owner on UK Central Government managed service contracts.
- Deep knowledge of NCSC HMG IAS5, Cyber Assessment Framework, and GDPR/DPA 2018.
- Hands-on experience with UK Government SOC integration and incident response coordination.
- Practical experience in Oracle Cloud security and SaaS application security.
- Proven track record in managing UK Government clearance pipelines for SC and DV sponsorship.
- Strong written communication skills for audit and governance reporting.
- Must possess DV clearance and be a UK national, with willingness to work on-site as needed.
- CISSP, CISM, or equivalent senior security certifications are desirable.