Secure Design Lead & Information Assurance Services for Dataworks re-platforming (CSC)

Specialist role	Cyber security consultant
Summary of the work	Develop & document security-architecture & data-handling approach. Develop & maintain security policies and procedures. Security representation to senior stakeholders. Identify, document and manage security risks. Security input to project-planning. Conduct internal security-audits and remedial activities. Manage external security-audit (e.g.ITHC) and remedial-activities. Manage implementation of security-tooling. Ongoing skills-transfer to DWP staff.
Latest start date	31/03/2020
Expected contract length	6 Months
Location	Yorkshire and the Humber
Organisation the work is for	Department for Work and Pensions
Maximum day rate	£790

Early market engagement	None
Who the specialist will work with	You will provide security direction & support to the DataWorks team including a broad mix of engineers, architects & specialist roles covering the full spectrum of big-data, cloud infrastructure and business analysis You will engage with other DWP teams, eg: UCFS, Data Warehouse & RIS for service integration. Design Authority for design sign-off. Data Protection team for data governance. ESRM for Risk Assessment. DWP Security Architecture team. D&A security team. CRC for vulnerability management. SRE for acceptance into service. Stakeholder teams, e.g. data analysts & scientists. You will also engage with 3rd party suppliers and auditors (e.g. IT Health-Check teams).
What the specialist will work on	Data ingestion from Universal Credit Full Service (UCFS), surfacing of data to users of DataWorks new AWS Data Platform and data transfer to downstream systems which consume this data (e.g. Data Warehouse & RIS).

Address where the work will take place	DWP Offices - Quarry House, Leeds, LS27UA
Working arrangements	Flexible working, at the discretion of the supplier, to deliver the service. Some travel to other sites may be required in line with DWP travel and expense policy.
Security clearance	DV clearance is required, due to the sensitive nature of some of the work.

Additional terms and conditions	-

How many specialists to evaluate	3
Cultural fit criteria	Demonstrate experience of working in a multi-disciplinary team where Design, build and support are the whole team’s responsibilities. Demonstrate ability to work collaboratively with existing internal teams and other supplier teams. Demonstrable experience of working in and ea 'no-blame' culture environment whilst encouraging people to learn from their mistakes. Demonstrable experience of remaining delivery focussed whilst working in an agile way.
Assessment methods
Evaluation weighting	Technical competence 65% Cultural fit 15% Price 20%

EXPERIENCE

Essential skills and experience

Membership of a relevant professional body (e.g. BCS, CIISec)
At least 10 years of broad security experience, with a relevant general security qualification (e.g. CISSP, CRISC, CISM)
At least 10 years of experience in interpreting & implementing HMG security policy
At least 10 years of experience developing security architecture, with a relevant senior security architecture qualification (e.g. CCP Senior Security Architect)
At least 5 years of experience in risk assessment and risk management, with a relevant risk management qualification (e.g. CCP SIRA)
Demonstrate extensive experience in providing board-level representation of security within the last 2 years
Demonstrate extensive experience in the development and implementation of security strategy, policies and procedures within the last 2 years
Demonstrate extensive experience in provision of Security Education & Awareness Training (SEAT) within the last 2 years
Demonstrate extensive experience in security incident response within the last 2 years
Demonstrate extensive experience of managing security within agile teams within the last 2 years
Demonstrate extensive experience in managing the conduct of Security IT Health Checks (ITHC) and remedial activities, ideally having led an ITHC engagement within the last 2 years
Demonstrate a solid understanding of securely handling sensitive data, including data valuation and interpretation of GDPR, DPA and other relevant legal instruments within the last 2 years
Demonstrate experience of managing security in the context of open-source code repositories and products within the last 2 years
Demonstrate extensive knowledge of working with the AWS cloud platform within the last 2 years
Demonstrate extensive knowledge of AWS Identity and Access Management (IAM) within the last 2 years
Demonstrate extensive knowledge of AWS security and monitoring tools (e.g. AWS Security Hub, AWS Config, AWS CloudWatch) within the last 2 years
Demonstrate experience in the practical hands-on implementation and management of security tools within the last 2 years

Nice-to-have skills and experience

Senior membership of a relevant professional body (e.g. FBCS, FCIISec)
Demonstrate experience of implementing systems of record within the last 2 years
Demonstrate knowledge of AWS networking concepts within the last 2 years
Demonstrate experience of using and securing AWS Key Management Service (KMS) within the last 2 years
Demonstrate experience of using and securing AWS Cloud Hardware Security Module (CloudHSM) within the last 2 years
Demonstrate experience of using and securing AWS Certificate Manager Private Certificate Authority (ACM PCA) within the last 2 years
Demonstrate experience of using and securing AWS Simple Storage Service (S3) within the last 2 years
Demonstrate experience of using and securing AWS Elastic Cloud Compute (EC2) within the last 2 years
Demonstrate experience of using open-source security tools (e.g. Snyk)within the last 2 years
Demonstrate experience of Continuous Integration and Continuous Deployment (CI/CD) within the last 2 years
Demonstrate experience of using Infrastructure as Code to provision and manage cloud infrastructure using terraform within the last 2 years
Demonstrate experience of using Git and GitHub, GitLab or Bitbucket within the last 2 years
Demonstrate practical experience of configuring physical network and security tools (firewalls, switches, load balancers, etc) within the last 2 years
Demonstrate experience of managing service migration from on-premise to cloud-hosted platforms within the last 2 years
Demonstrate experience working in Data Centres within the last 2 years

Secure Design Lead & Information Assurance Services for Dataworks re-platforming (CSC)

Closing date for applications: 03/03/2020

OVERVIEW OF ROLE

Specialist role

Summary of the work

Latest start date

Expected contract length

Location

Organisation the work is for

Maximum day rate

ABOUT THE WORK

Early market engagement

Who the specialist will work with

What the specialist will work on

WORK SETUP

Address where the work will take place

Working arrangements

Security clearance

ADDITIONAL INFORMATION

Additional terms and conditions

EVALUATION CRITERIA

How many specialists to evaluate

Cultural fit criteria

Assessment methods

Evaluation weighting

EXPERIENCE

Essential skills and experience

Nice-to-have skills and experience

Secure Design Lead & Information Assurance Services for Dataworks re-platforming (CSC)

Closing date for applications: 03/03/2020

Specialist role:

Cyber security consultant

Location:

Yorkshire and the Humber

Organisation:

Department for Work and Pensions

Maximum day rate:

£790