Security Architect CCMP

Description

Summary of the work Lead, deliver and support the technical and security architecture design elements of DWP Digital projects / initiatives. Own the security product architecture, develop security product roadmaps and represent product designs at governance forums. Provide clear communication of security architecture design and decision making. Specialist role Cyber security consultant Expected Contract Length Maximum contract length will be 12 months, initial statement of works will be for 6 months Latest start date Tuesday 3 May 2022 Who Speclialist Work With DWP Digital seek an exceptional experienced Security Architect to join a new function in the Digital Architecture team, creating a Secure Design team that will ensure security architecture considerations are built into all DWP Digital solution designs from the outset. These roles will engage with, and sometimes be embedded in, projects from the Discovery phase and throughout the life cycle through to disposal, and will be based across our Digital Hubs. What Specialists Work On Support the production and adoption of the DWP’s Enterprise Security Architecture, including: · Security architecture policies, principles and standards for application across the organisation · Alignment to industry standards and regulations e.g. ISO/IEC 27001/27002/27005 · Defined as-is and to-be security architectures to be adopted to the Programme · Security architecture specific tools and methodologies • Provide advice and guidance to Technical and Technical Specialist Architects and delivery teams, to support the delivery of the future security architecture through solutions that are consistent with the domain roadmap, security standards, patterns and blueprints, and which balance the contribution to business value. Skills & Experience • Application Architecture design and modelling techniques, tools and standards. • Application Security Testing e.g. OWASP and Secure Code Assessment tools, and security of container/cluster based solutions e.g. Docker, Kubernetes. • Identity Management and federation including SSO. • Cloud Acceleration, SD-WAN, DDoS and network based controls. • Cloud based assurance and risk models and their application, including NIST and other associated frameworks. • Information Security innovation as part of the future of Application Reference Architecture. Nice to Haves • • Azure/AWS Architecture certified. • • CCSK Certified /CCSP Certified. • • Certified Information Systems Security Professional (CISSP). • • Certified Information Security Manager (CISM). Work Location The supplier will work remotely however in line with DWP Hybrid working the supplier must be aligned to a DWP Technology Hub either Manchester or Newcastle Upon Tyne Working Arrangments In line with DWP Hybrid working policy the individual will be required to work from the DWP Technology Hub 2 days per week and remotely 3 days per week. Expenses will not be covered. Should the individual be required to attend another DWP Site than expenses will be covered in line with DWP Expenses policy Security Clearance The appointed individual will require a minim of SC Clearance Additional T&Cs N/A No. of Specialists to Evaluate 3 Cultural Fit Criteria • • Describe how your organisation would perform the contract to ensure staff mental health, is promoted, and how you would monitor and measure this? • Describe how your organisation would perform the contract to encourage increased representation of Black, Asian and Minority Ethnic representation in the workforce, and how you would measure this? Assessment Method Interview Evaluation Weighting Technical competence 60% Cultural fit 10% Price 30% Questions from Suppliers 1. Is there an incumbent supplier who is currently (or recently been) delivering these services? There is no incumbent currently delivering these services. No incumbent has recently delivered these services. 2. Would you consider 1 day pw on-site and 4 day pw remotely? Yes DWP would consider this but it should be noted that DWP will not reimburse expenses for hybrid working and attendance to offices. 3. Do DWP have a budget for this requirement. DWP decline to answer this question. 4. Declining to answer a question on day rate / budget makes absolutely no sense. How are we supposed to provide you a candidate for a role like this one where candidates rates can range from £500 to over £1000 per day? We need to work to budget – why would we waste our time providing you with a candidate that is a fit for the role if we are not assured that you have the budget? DWP decline to answer this question as we have done in previous competitions and have still been able to secure resource requirements. The technical requirements carry a heavier weighting for this role and as such ensuring that a candidate meets the technical requirements fully is more important.