Her Majesty's Passport Office - Information Assurance Architect

Description

Summary of the work Supporting development & maintenance of Security architecture Developing Information Risk Assurance Reports Risk discovery, treatment & analysis Technical assessments and assurance of IT products & services Specialist role Cyber security consultant Expected Contract Length 24Months total-Initial 12months-further period up to 12months depending on business need&performance Latest start date Tuesday 5 June 2018 Who Speclialist Work With You will work as part of a Technical Design Authority who are responsible for specific domains. They will need to collaborate closely with delivery teams in a multi-supplier environment. HMPO is moving from a large outsourced SI arrangement to an in-house, largely cloud based and open source based solutions delivered iteratively. Legacy technologies inc Oracle and Tibco. Strategic technology stack is based on Microservices architecture including Java, Node JS, ELK, Postgres, MongoDB, AWS, Puppet, Chef What Specialists Work On The resource will be required to: 1. Ensure that specified security controls or other counter-measures they specify to mitigate, minimise, or treat discovered risks are pragmatic (in order to meet the requirements of the business), appropriate (i.e. commensurate with the classification and sensitivity of information assets) and cost effective (whilst appropriately technically mitigating threats to assets) 2. Lead information assurance activities against solution designs to ensure they are appropriately secure. Skills & Experience • Have proven track record of risk assessing and assuring cloud based architectures for large and complex organisations ensuring information assets are securely managed • Have in-depth understanding of cloud based and traditional security technologies and an in depth understanding of security specific protocols (e.g. TLS, Kerberos and SAML) • Experience with using attack tree methods for conducting risk assessments • Have in-depth understanding of outcome based approach to risk identification, management and mitigation using techniques such as risk trees • Good understanding of Identity management, identity lifecycle management • Hold CCP IA Architect and LCCP Nice to Haves • Experience of Home Office/ HMPO systems or similar government operational systems • Experience of GDS best practices Work Location London, Westminster Working Arrangments Typically on-site with wider team and clients in an Agile environment. Some site visits. Use of Confluence, Jira and ardoq are the tools used to track progress against deliverables. Security Clearance SC Clearance is required. HM Passport Office will support the clearance process. No. of Specialists to Evaluate 3 Cultural Fit Criteria • Work as a team with our organisation and other suppliers • Be transparent and collaborative • Be comfortable standing up for their discipline • Have a no-blame culture and take responsibility for their work Evaluation Weighting Technical competence 65% Cultural fit 15% Price 20% Questions from Suppliers 1. Is this the same task that was removed yesterday? What is the IR35 status? Is there a current incumbent? Yes - Minor changes to the skills and summary section. We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis.There is currently an incumbent in the role. 2. Please can you confirm if there is an incumbent in this position ? If so, is the incumbent looking to leave or will they be re-tendering for this position? There is currently an incumbent in the role. 3. Can you confirm if this role has been assessed as inside or outside of IR35? We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis. 4. Can you confirm if this role is inside or outside of the IR35 regulations? We expect this engagement to be outside IR35, however status is assessed on a case-by-case basis. 5. Is this a new requirement or is there an incumbent in place? There is currently an incumbent in the role. 6. Can you confirm that the Lead CCP is for the Security & Information Risk Adviser (SIRA) role, as this is not listed. If not, to which IA role does it relate? That is confirmed it is for a lead SIRA role. 7. Can you clarify the qualification required. Hold CCP IA Architect and LCCP Does the architect no longer need to be a lead? In which qualification discipline is LCCP referring to. This refers to the NCSC CCP scheme, LCCP refers to a SIRA. 8. Can the Authority please confirm what is meant by "hold LCCP"? It is referring to a SIRA. 9. Can the Authority please confirm whether 'Lead CCP' is a requirement? It is referring to a SIRA.