Security Architect April 2023 - April 2024

Description

Summary of the work Lead, deliver and support the technical and security architecture design elements of DWP Digital projects / initiatives. Own the security product architecture, develop security product roadmaps and represent product designs at governance forums. Provide clear communication of security architecture design and decision making. Specialist role Cyber security consultant Expected Contract Length Maximum contract length will be 12 months, initial statement of works will be for 6 months Latest start date Tuesday 25 April 2023 Who Speclialist Work With DWP Digital seek an exceptional experienced Security Architect to join a new function in the Digital Architecture team, creating a Secure Design team that will ensure security architecture considerations are built into all DWP Digital solution designs from the outset. These roles will engage with, and sometimes be embedded in, projects from the Discovery phase and throughout the life cycle through to disposal, and will be based across our Digital Hubs. What Specialists Work On Work with engineering teams, and other Digital colleagues, to create VFM solution designs. Own the security product architecture, develop security product roadmaps and represent product designs at governance forums. Provide clear communication of security architecture design and decision making, in order to gain approval to proceed with designs. Lead discussions with senior stakeholders to create security solution options and recommendations - during project discovery and inception phases. Provide expert advice to other Solution Architects to drive technology choice decisions. Contribute to, and build capability in, the DWP Architecture community, and in particular its security expertise. Skills & Experience • Application Architecture design and modelling techniques, tools and standards. • Application Security Testing e.g. OWASP and Secure Code Assessment tools, and security of container/cluster based solutions e.g. Docker, Kubernetes. • Identity Management and federation including SSO. • Cloud Acceleration, SD-WAN, DDoS and network based controls. • Cloud based assurance and risk models and their application, including NIST and other associated frameworks. • Information Security innovation as part of the future of Application Reference Architecture. Nice to Haves • • Azure/AWS Architecture certified. • • CCSK Certified /CCSP Certified. • • Certified Information Systems Security Professional (CISSP). • • Certified Information Security Manager (CISM). Work Location The supplier will work remotely however in line with DWP Hybrid working the supplier must be aligned to a DWP Technology Hub either Manchester or Newcastle Upon Tyne Working Arrangments In line with DWP Hybrid working policy the individual will be required to work from the DWP Technology Hub 2 days per week and remotely 3 days per week. Expenses will not be covered. Should the individual be required to attend another DWP Site than expenses will be covered in line with DWP Expenses policy Security Clearance The appointed individual will require a minim of SC Clearance Additional T&Cs N/A No. of Specialists to Evaluate 5 Cultural Fit Criteria • • Describe how your organisation would perform the contract to ensure staff mental health, is promoted, and how you would monitor and measure this? • Describe how your organisation would perform the contract to encourage increased representation of Black, Asian and Minority Ethnic representation in the workforce, and how you would measure this? Assessment Method Interview Evaluation Weighting Technical competence 60% Cultural fit 10% Price 30% Questions from Suppliers 1. The work setup section seems to give conflicting information, in one part saying the supplier can work remotely, and the next stating they need to be on site 2 days a week. Can you clarify if the work can be done fully remote? The activity can be undertaken fully remote however if there is an occasion to attend the buyer site for an internal meeting than the expectation is that the buyer will attend. 2. Is there an incumbent Yes there is an incumbent 3. Is this under DOS 5 or DOS 6? The reason we ask is because DOS 5 expires on 19th April but this opportunity has been published under DOS 5. Previously there was a rush by DWP to publish and sign contracts before the DOS 5 deadline but this opportunity seems to be extending beyond. This procurement is under DOS 5. DWP were notified yesterday that CCS had extended DOS 5 Until June. The last date to publish new opportunity is now 19.04.2023, contracts must be signed by 14.06.2023. CCS have advised that the DOS 5 webpage has beenupdated to reflect this. 4. What is the day rate? No day rate has been set. 5. Is this inside or outside IR35 Inside IR35 6. Is the incumbent applying? This is really important and will dictate if we apply because in the past we didn’t think we got a fair deal during the interview stage wherever there was an incumbent. The incumbent contract ends before the contract start date or any proposed new contract. The commercial process will be undertaken in accordance with the framework terms and Public Contract Regulations. 7. What is the budget please? No budget has been defined. 8. Is this a 6 month contract with potential to extend for another 6 months? No the contract is a 12 month contract with an initial 6 month statement of works. 9. With there being no set budget can you advise on what the daily rate charge is from the incumbent supplier? This will provide suppliers with at least a ballpark figure to have in mind. No, Suppliers should align the candidiate day rate to the market rate for the skills and experience specified. It is an expectation of the contracting authority that suppliers have an understanding of current market rates. 10. Can you advise if expenses will be available for the rare instance they are required to attend site? Yes expenses will be payable in line with DWP Travel and Expenses policy 11. Will you sponsor SC Clearance The candidiates must have existing Sc clearance or an SC clearance within the last 12 months. DWP will sponsor the required transfer of any clearance 12. Please confirm the number of days each week the Security Architect would be required 5 days