Overview
The Security Lead is responsible for managing the security of a service that handles sensitive HR, Finance, and project data within the UK. Working closely with the client's Information & Security function, the Security Operations Centre, and other teams, the Security Lead will ensure compliance with government regulations while overseeing day-to-day operations, security incidents, and technical controls related to the service. This role requires a DV-cleared individual with extensive experience in security leadership and government contracts.
Responsibilities
- Lead the day-to-day operational responsibility for service security.
- Advise the client on security matters and continuously improve security posture.
- Act as the authoritative voice in security forums for impact assessments.
- Provide reports to the client SOC and support in resolving security incidents.
- Coordinate responses to security incidents according to the Cyber Security Incident Response Plan.
- Collaborate on annual PenTests and regular Disaster Recovery exercises.
- Maintain control measures to secure data and ensure compliance with GDPR and DPA 2018.
- Establish communication with the client regarding security changes and incidents.
Requirements
- 5+ years of experience in a security leadership role on UK government contracts.
- Substantial knowledge of NCSC HMG IAS5, Cyber Essentials Plus, and ISO/IEC 27001.
- Hands-on experience with UK Government SOC, including SIEM and incident response.
- Practical expertise in Oracle Cloud security and SaaS application security.
- Experience in overseeing PenTesting, vulnerability management, and disaster recovery.
- Strong written communication skills for government audit and reporting.
- Must hold current DV clearance and UK nationality.
- Willing to work within the UK and travel to client secure areas as necessary.