Security Assurance Lead

** SC CLEARED CANDIDATES ONLY **

Cloud Security Assurance Lead   Job Description

As the Cloud Security Assurance Lead for the our clients Enforcement Cloud Programme with a specific focus on AWS, your mandate is to safeguard cloud-based services and infrastructure that are crucial for public sector functions.

Your responsibilities include ensuring that AWS cloud environments conform to the highest echelons of security and compliance, particularly those requirements unique to governmental services. You will spearhead the formulation, assessment, and execution of cloud security strategies, policies, and practices designed to protect sensitive government data against contemporary threats. 

• Key Responsibilities: Develop and manage a cloud Security Assurance framework specifically designed for AWS environments, addressing the unique security and compliance demands.
• Perform thorough security evaluations and audits on AWS platforms to pinpoint vulnerabilities, guaranteeing strict compliance with governmental security norms and guidelines. 
• Work in collaboration with cloud security architects, cloud architects, developers, and IT teams to embed advanced security mechanisms and best practices throughout the cloud service lifecycle. 
• Achieve and uphold compliance with pertinent governmental regulations and standards (e.g., ISO 27001, GDPR, NCSC Cloud Security Principles), tailored for the Government Home Office operations. 
• Oversee continuous monitoring and reporting on AWS cloud environment security statuses, ensuring swift identification and rectification of security issues. 
• Serve as a principal advisor on AWS cloud security technologies, tools, and methodologies, spearheading cloud security initiatives within the organization. 
• Create and deliver AWS cloud security best practice training programs, elevating the security proficiency of internal teams. 
• Manage external security assessments and audits, aligning third-party evaluations with governmental standards and organizational security objectives. 
• Qualifications Certification in Computer Science, Information Security, or related fields, with an emphasis on cloud computing and cybersecurity. 
• Professional certifications ideal such as AWS Certified Security - Specialty, CISSP, or CISM. 
• Experience in cloud security roles, demonstrating an understanding of AWS services, security functionalities, and best practices. 
• Proven track record of engaging with government agencies or departments, with a profound comprehension of the specific security and compliance requisites pertinent to government data and IT ecosystems. 
• Acquaintance with governmental security standards, frameworks, and regulatory mandates relevant to public sector cloud service operations. 
• Possession of CRISC or equivalent Security Risk Management certification is desirable. 
• Experience, preferably within the Home Office or in policing/enforcement environments, managing the Security Risk Register using professional tools like Jira. 
• Expertise in advising on risk positions, prioritising, and rating risks, and conducting detailed risk position briefings to stakeholders. 
• Familiarity and experience with ISO27001/2 and ISO27005, alongside a significant role in drafting and designing policies, procedures, and documentation. 
• Skills and Experience Understanding of AWS cloud architecture, security services and securing AWS environments. 
• Mastery in governmental cybersecurity frameworks and standards, relevant to cloud computing and public sector IT operations. 
• Exceptional leadership and communication abilities, capable of steering cross-functional teams and liaising with governmental entities on security and compliance matters. 
• Skilled in formulating and implementing tailored security policies, procedures, and controls for AWS cloud environments and government operational requirements.