GRC Consultant - Inside IR35 - MOD DV

GRC Consultant - MOD DV

• Location: Farnborough or Cambridgeshire
• Type: Hybrid (3 days on-site)
• IR Status: Inside
• Rate: £500 - £600
• Lenghth: Initial 6 months, scope for extension

Must have Active MOD DV Clearance

In this role, you'll be:

• Providing the Secure by Design risk and security assurance function within MOD as part of a managed service.
• Have an excellent understanding of risk management and assessment principles and frameworks, such as ISO27005 and the NIST Cyber Security Framework.
• Produce informative and succinct reporting that clearly articulates any identified vulnerabilities, associated risks, controls and risk treatment activity.
• Facilitate security and risk workshops with the various Authority departments, to align with wider customer transformational Security and risk management outcomes.
• Provide accurate and pragmatic remediation/risk management guidance/advice in balance with Business objectives and risk appetites.
• Have an understanding of risk assessment in an agile delivery environment.
• Exceptional team working ethic and interpersonal skills.
• Have a good understanding of modern IT technologies and services, such as Cloud Computing, AI (ISO42001), Mobile Computing, IT Security, Infrastructure technologies, Zero Trust, Data at Rest/In Transit Cryptography, Cross Domain Solutions and demonstrate an understanding of security architecture both physical and cloud (be able to read and understand HLDs/LLDs).

• Security Assurance Coordinator or Delivery Team Security Lead roles
• JSP440, JSP604/453 & JSP490
• MOD/GDS Secure by Design Principles
• Supplier Chain Assurance and Risks.
• Security related legislation (e.g. GDPR, PCI DSS, ICO requirements).
• Security Control Frameworks such as ISO 27001, NIST CSF and CIS Controls v8.
• HMG, NPSA and NCSC security policies, standards and guidance.
• Have experience building and implementing secure by design principals within the software development lifecycle (SDLC).
• Threat Modelling - Kill Chain - Attack tree analysis.

• Cloud security including Azure, Amazon Web Service, Key Management Systems, Containerisation, Network Security Groups, Host based firewalls, Web Application Firewalls
• Physical Network Infrastructure, Anti-Patterns, Network Firewalls, IDS/IPS, DMZs
• AI use cases, secure configuration (ISO42001 knowledge preferable)
• ITHC scoping and remediation action plans.

If you're interested in learning more - please apply or reach out to Adam.Seddaoui@sandersonplc.com

Reasonable Adjustments:

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.