At Shire, we are proud and grateful to employ military veterans and thank them for their contributions to our company and our country. See where your military experience can play a role at Shire by using our military skills translator job search tool below:
Title:
Security Information Risk Advisor
OVERVIEW
The Programme and Project Partners (PPP) model was mobilised in 2019 with the purpose of transforming major project delivery at the Sellafield nuclear site.
The partnership brings together KBR, Jacobs, Morgan Sindall Infrastructure, Altrad Babcock and Sellafield Ltd to deliver a 20-year pipeline of major infrastructure projects to support the decommissioning of Sellafield and to create a clean and safe environment for future generations.
In delivering its pipeline of large-scale infrastructure projects, PPP is creating opportunities for its people, supply chain, economy and communities.
KBR’s rapidly growing nuclear team of teams is working at the forefront of the UK’s nuclear space on some of the most exciting new-build, defence and decommissioning programmes.
KBR was recently named a “Great Place to Work-Certified” company in 2023, an honour that underscores the company’s commitment to being a UK employer of choice for people who want to do work that matters.
Job Title: Senior Information Risk Advisor (SIRA)
Reporting to: Head of IT / ITSO
Location: Warrington / Cumbria, 2 / 3 days per week on site with travel to opposite site potentially once per month
Job Description:
The Senior Information Risk Adviser (SIRA) is an autonomous risk role to support the PPP ITSO and Head of IT with understanding the technology risks and propose mitigations to assist in establishing and maintaining an enduring cyber security and information assurance posture. The role’s primary function is to conduct formal risk assessments on the PPP IT environment that supports PPP business needs whilst satisfying SL and ONR/ICO Regulatory requirements. The role’s secondary function is to assist in developing the “secure by design” approach for the delivery of programmes and projects by PPP.
Role Responsibilities:
The role has a broad scope spanning technical and process risk across the cyber security, information security and privacy space and will necessitate engagement with SL CS&IA (Cyber Operations, Assurance, Risk, Data Protection), SL ISO (Architecture, Service and Knowledge Management), SL Cyber Programme and PPP Partners. The output will include (but is not limited to) the production of formal risk assessments conducted to the standards acceptable to SL, including but not limited to HMG IS1, IRAM 2 or other ISO27005 assessments as agreed. The output will be used to determine the exposure to risks and likelihood of materialisation, required mitigations and support to PPP CS&IA planning necessary to support correctness of posture, satisfy Regulatory matters.
Main duties include:
Formal risk assessment of the PPP O365/Azure security configuration and other systems.
Recommendations around mitigations necessary to minimise the materialisation of identified risks in line with the SL risk framework.
Production of risk reports to support the PPP ITSO with the PPP CS&IA Plan.
Represents PPP cyber risk exposure in any security related working groups within SL, Regulatory or internal PPP environs.
Analysis of system configurations and in cognisance of NCSC guidance, determination of associated risk in relation to systems or solutions developed or implemented by PPP Partners for SL.
Assists with input to the risk tracking of PPP related cyber risks and the management of a PPP Cyber and Information security/privacy risks by the PPP ITSO for the PPP ICT Manager.
Formal determination of cyber and information security/privacy related risks and issues.
Specific:
The Senior Information Risk Adviser (SIRA) is an autonomous risk role to support the PPP ITSO and Head of IT with understanding the technology risks and propose mitigations to assist in establishing and maintaining an enduring cyber security and information assurance posture. The role’s primary function is to conduct formal risk assessments on the PPP IT environment that supports PPP business needs whilst satisfying SL and ONR/ICO Regulatory requirements. The role’s secondary function is to assist in developing the “secure by design” approach for the delivery of programmes and projects by PPP.
Experience, Skills and Knowledge:
Essential:
Qualification or membership of a professional body in Information Security.
Qualification as an NCSC Cyber Certified Practitioner (CCP) at SIRA level, or a former GCHQ CESG CLAS consultant.
Significant experience in applying Cyber Security Standards.
Experience in applying technical information technology and information assurance controls to business information models.
A good understanding of:
Cyber Security threats and exploitation.
ICT (both IT and OT) architecture.
NCSC architectural approach.
Ability to interpret business requirements and technical ICT documents into Cyber Security requirements.
Good understanding and knowledge of ICT systems (software, hardware and networks) and applications both legacy and current.
Good communication skills across all levels of the business and able to talk to non-specialists, specialists, and senior stakeholders.
Ability to work independently and unsupervised.
Excellent problem-solving skills.
Methodical and logical approach.
Self-motivated and can demonstrate high levels of resilience, honesty, and integrity.
Hold or be capable of obtaining government clearance (SC/SL – Nuclear).
Desirable:
Ideally qualified at a minimum of degree level in an IT, Cyber Security, or associated technical or engineering studies.
CISSP or equivalent.
Experience of working with operational cyber security teams.
Experience of working with Regulators/in a Regulated environment.
Behaviours:
Detail oriented.
Communicator and Collaborator
Passion for Success
Team Player
Empathetic and Considerate
Due to the nature of our work and security requirements, KBR does not offer sponsorship. We can only consider applicants with the right to live and work in the United Kingdom
We are an Equal Opportunities employer and strive to build a workforce that truly reflects the communities we represent. We welcome candidates from all backgrounds, regardless of age, disability, gender, gender identity, gender expression, race, religion or belief, sexual orientation, socioeconomic background, and any other protected characteristic. If you decide to apply for an opportunity with us, your application will be assessed based purely on your experience, the essential and desirable criteria, and your suitability for the role.
#LI-JI1 #LI-HYBRID