Cyber Security Specialist (CSC)

Closing date for applications: 13/07/2020

OVERVIEW OF ROLE

Specialist role	Cyber security consultant
Summary of the work	SE has recently completed a CyberEssentialsPlus(CE+) MaturityAudit and is seeking to progress to CE+accreditation in October2020. You will support the development and implementation of the actionplan to secure and maintain accreditation at level 3 – effective application of controls - across our systems and development across our Organisation
Latest start date	03/08/2020
Expected contract length	5 months with an optional 3 month extension
Location	Scotland
Organisation the work is for	Scottish Enterprise
Maximum day rate	£665

ABOUT THE WORK

Early market engagement
Who the specialist will work with	Working within an Agile service design, delivery and support team of circa 30 people responsible for digital transformation activities across the organisation. It’s a multidisciplinary team with software developers, testers, designers, user researchers, Dynamics developers, service designers, project managers and product owners. The Cyber Specialist will work on all areas of the security controls required to maintain and secure our real estate
What the specialist will work on	Will support the development and implementation of SE’s CE+ Implementation Plan to secure accreditation in October 2020. Primarily the role will initially focus on: Information Governance – this will include the relevant policies and procedures required and will work alongside our DPI Governance Officer Technical Development – this will include the requirements for our Solutions Architects, DevOps and QA teams to meet CE+ standards Policies and Procedures related to the secure management of our services – this will include both our existing services as well as the approach to new services including guidance for the procurement of goods and services.

WORK SETUP

Address where the work will take place	Initial work will take place remotely while offices are closed due to the Covid -19 pandemic restrictions. When available work will take place at Scottish Enterprise Atlantic Quay ( Security clearance required) 150 Broomielaw Glasgow G2 8LU Or Scottish Enterprise Atrium Court 50 Waterloo Street Glasgow G2 6HQ
Working arrangements	The supplier is expected to supply a resource to work as part of the Service Assurance team. A core team is based in Glasgow city centre and work standard working hours of 9-5 Mon-Fri. It is expected that the resource would be available for physical (post covid-19 restrictions) and online meetings and co-working at regular scheduled times, but remote working is available as long as delivery is not affected. This role is outwith IR35 (it doesn't apply)
Security clearance	Baseline Personnel Security Standard level clearance is required for this role.

ADDITIONAL INFORMATION

Additional terms and conditions	SE has identified that; the Supplier will be a controller for the purposes of the Data Protection Law, for any and all personal data it provides in support of its bid (including but not limited to contact details and CVs). Suppliers must therefore ensure that it has a lawful ground under the Data Protection Law to share such personal data with SE for the purposes of this bid and provision of the Services. SE will be the controller of any personal data it processes in accordance with this procurement process.

Additional terms and conditions

SE has identified that; the Supplier will be a controller for the purposes of the Data Protection Law, for any and all personal data it provides in support of its bid (including but not limited to contact details and CVs). Suppliers must therefore ensure that it has a lawful ground under the Data Protection Law to share such personal data with SE for the purposes of this bid and provision of the Services. SE will be the controller of any personal data it processes in accordance with this procurement process.

EVALUATION CRITERIA

How many specialists to evaluate	4
Cultural fit criteria	-Work as part of an agile team, helping others with priority tasks as required. -Be transparent and collaborative in decision making -Take responsibility and ownership of tasks -Challenge the status quo
Assessment methods
Evaluation weighting	Technical competence 50% Cultural fit 10% Price 40%

EXPERIENCE

Essential skills and experience

Experience and strong understanding and appreciation of a digital services design and development cycle
Expert knowledge of cyber security and cyber security technologies and experience of the Cyber Essentials Plus standards in digital service design and delivery
Proven track record and experience in developing cyber security policies and procedures, as well as successfully executing programs that meet business objectives
Establishing the requirements for ongoing service monitoring of threats and vulnerabilities
Excellent communication and engagement skills working at all levels from senior stakeholders to technical teams
Strong team player
Able to respectfully challenge and advise on ways to improve business practices where this impacts the effectiveness and security of ongoing service delivery
Excellent problems solving and analytical skills and able to collect information, analyse, report and advise on evidence-based changes
Strong risk management approach to delivery and able to apply risk methodologies within an agile development environment

Nice-to-have skills and experience

Experience and strong understanding and appreciation of Azure Cloud based environments and inbuilt security tools
Experience of the Umbraco web platform
Experience of Microsoft Dynamics
Understanding of Enterprise Architecture implications of information security controls
Experience of the preparation of security focussed procurement requests for goods and services
Experience of incident management processes
Knowledge of Digital First Service Assessment standards
Sound understanding of SE’s business objectives, processes and structure etc
Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
Professional security management certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials

EXPRESS INTEREST

Closing date for applications: 13/07/2020