Security Compliance Auditor

Andover

Job Summary

The Ministry of Defence (MOD) employs over 50,000 Civil Servants. Within this, the Army Top Level Budget (TLB) employs around 9,000 MOD Civil Servants across more than 300 locations. Our workforce is incredibly diverse, with roles ranging from trainers and human resources professionals to teachers, firefighters, psychologists, storekeepers, financiers, project managers, and policy staff. Each function plays a crucial role in delivering key outputs for the Army, and understanding our workforce through data is essential.

You will be part of the Army Digital Services’ Security and Compliance Team, which operates within the Chief Technology Office at Army Headquarters in Andover. The Army Digital Services (ADS) organisation is part of the Chief Technology Office (CTO) pillar, which is part of the Directorate of Information within Army Headquarters Andover. ADS is the Army's supplier of choice for the design, development, and support of applications and services to provide digital enablement of the Army's processes. It therefore supports the Army’s ambitious and innovative modernisation and transformation agenda. ADS enables this digital transformation by developing bespoke software, hosting applications, including the Army Data Warehouse, and conducting data analytics. The British Army is on a mission to triple its operational effectiveness by the end of the decade through rapid investment in cutting-edge technologies. Central to this transformation is data and digital innovation, led by the Army’s Chief Technology Officer (CTO).

The Security and Compliance Team is responsible for governance, control, audit, and security measures supporting the Army Private Cloud. This includes developing and maintaining policies, standards, processes, and best practices.

We are seeking a dedicated and proactive individual who is passionate about digital transformation and security. You should be someone who thrives in a dynamic environment and is eager to contribute to the Army’s mission. If you are excited about leveraging data and technology to drive change and ensure compliance with policies and regulations, this role is for you.

This position is advertised at 37 hours per week.

Job Description

Join the Army Digital Services’ Security and Compliance Team as a Security Compliance Auditor and play a pivotal role in the British Army’s digital transformation.

In this critical role, you will provide first-line assurance and audit capabilities for the Army Digital Services (ADS) IT infrastructure, applications, and hardware. Your primary responsibility will be to ensure that all applications and hosting infrastructures comply with the HMG Security Policy Framework, including JSP 440, the Data Protection Act (DPA), General Data Protection Regulation (GDPR), and JSP 453. Your expertise will be essential in managing risks and securing our applications and infrastructures from potential threats, achieving security assurance from Cyber Defence and Risk (CyDR).

Key Responsibilities Include:

• Security Assurance: Validate applications & services, Undertake Supplier Security Audits, Security Training Audits, SyOps Checks and lead on the Information Security Management System (ISMS).
• Asset Management: Undertake Asset management Audits, Hardware and software checks and ensure destruction procedures of assets are in place. Assist with 102 audits.
• Technical: Ensuring Vulnerability assessments are undertaken, assist work on ADS BCDR to ensure it is continually tested. Assist Security Operations Centre (SOC) audits.
• Data: Undertake Data Obfuscation, Data Destruction, Data Transfers audits.
• Access: Undertake Server Room Access, System Administrator Access, User Access audits.
• CICD pipeline security: Assure Separation of duties, Regression testing.
• Support the delivery of the Security Assurance Contract and the Security Test as a Service Contract.
• Line Management Responsibilities.

Person Specification

We are looking for enthusiastic individuals who can handle the pressure of coordinating a wide range of activities and should be comfortable working within the service management profession, willing to challenge established norms and processes and be prepared to adapt to changing priorities.

Essential Criteria:

• Understanding of security processes for handling data.
• Experience of conducting assurance and audit activities.
• Effective written and verbal communication skills and display a positive and professional attitude.
• Stakeholder management and communication skills.
• Experience in using and exploiting MS Office 365 tools.

Desirable Criteria:

• Experience in using and exploiting MS Office 365 tools especially SharePoint and Teams.
• ITIL v4.0.
• Foundation Certificate in Information Security Management Principles.

Behaviours

We'll assess you against these behaviours during the selection process:

• Leadership
• Working Together
• Communicating and Influencing
• Making Effective Decisions
• Managing a Quality Service

Contact Point for Applicants:

• Name: Michael Pearson
• Email: michael.pearson220@mod.gov.uk

Recruitment Team:

• Email: DBSCivPers-Resourcingteam3@mod.gov.uk