Information Systems Security Auditor
Location: Norfolk, Onsite, some hybrid working
Salary: £28,916 + depending on experience
What you’ll be doing:
- Working with the Team Leader to promote a mind-set of secure IT systems and practices transferring knowledge of security standards and processes to the wider user community.
- Support the Team Leader to work with security and accreditation stakeholders to obtain approval for security aspects of design and the project security deliverables.
- Perform continuous monitoring activities to ensure defined security standards are maintained.
- Supporting system accreditation activities, maintaining accreditation documents in line with identified changes to the organisation threat profile ensuring stakeholder satisfaction.
- Ensuring all activity and compliance audits on systems and processes are completed within specified timescales; all documentation updated accordingly so to ensure regulatory compliance.
- Assisting with the compilation of system security plans; standard operating procedures and work instructions; ensuring all F35 Training system components are installed, configured, secured, operated, maintained, and disposed of in line with pre-defined security policies, practices and procedures as specified in the security plan.
- Investigating and managing any anomalies with the relevant subject matter expert (SME) to resolution and assisting in wider investigations as required.
- Ensure the proper handling, security control, inventory, sanitation and disposal of IT hardware and media.
- Provide security administration support to the training community including (but not limited to): media and hardware control; inventory coordination; physical escorting of personnel; physical checks of relevant test and IT equipment; delivery of the End User Security training packages; providing general ITC customer support relating to cyber security.
- Contribute to the management of any changes to the logical and physical technology so that security considerations are understood and ensure the approved security environment is maintained or enhanced with all changes recorded accordingly.
Your skills and experiences:
Essential:
- The successful candidate must hold (or have the ability to attain) a Developed Vetting (DV) clearance.
- The successful candidate must hold (or be working towards the attainment of) CompTIA Security+ certification.
- Knowledge of backend IT system functions, security policies, technical security safeguards and operational security measures.
- Previous Audit experience within an IT environment.
Desirable:
- Experience in using commercial auditing tools such as SPLUNK, Event Log Analyser (ELA), Windows Event Viewer, McAfee etc.
- Knowledge of the Risk Management Framework (RMF), JSP 440, NIST or US DoD regulations.
Benefits:
You’ll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You’ll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts – you may also be eligible for an annual incentive.
The IM&T team:
This is an exciting opportunity to join a dynamic team in the UK’s F35 training facility based at RAF Marham. You will be responsible for safeguarding the Training infrastructure against cyber and other IT Security threats.
This role involves dealing directly with staff, students, industry partners and our customer (MoD) at all levels. The ability to explain security concepts in a clear, friendly manner across all levels of the organisation and a “can do” attitude to quickly respond to the changing needs of the business and security concepts are key to this role.
This role is ideally suited to individuals with a strong IT / System Administration background and are looking to move into their first cyber security role. The percentage of auditor’s role to hands-on technical role has been deemed at around 80% Audit and 20% Technical.
There will be a requirement for the successful candidate to participate in a flexible working rota/shift. The working rota/shift is likely to cover the period between 07:00 and 23:00 Mon – Fri.
Why BAE Systems?
This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you’ll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals. We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.”
Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation.
