SDA Cyber and Information Assurance Lead

Job summary

The Submarine Delivery Agency (SDA) is a part of the Ministry of Defence responsible for the procurement, in-service support, and disposal of the UK’s nuclear submarines. Our work is of unparalleled strategic importance nationally and internationally, ensuring the security of the UK’s continuous at-sea nuclear deterrent (CASD), and delivering some of the most technically complex programmes in defence. At least one of four nuclear-armed submarines, supported by smaller attack submarines, is on patrol at all times: 24 hours a day, 365 days a year.

At the SDA, we strive to Support, Deliver and Aspire and put out values at the heart of our recruitment process. We believe that everyone should feel comfortable to be themselves and be supported to do their best work. As part of a diverse and inclusive workforce, our team will find a community to belong to. We believe that, by celebrating different backgrounds and different perspectives, together we’ll achieve the extraordinary.

Job description

Are you passionate about safeguarding information and shaping the future of cyber security within the Ministry of Defence? Do you thrive in roles where precision, policy, and protection intersect?

This exciting opportunity places you at the heart of information assurance, where you'll support the Information Asset Owner in maintaining and developing key policy documentation used across the MoD and its supply chain. You'll play a vital role in ensuring that information is managed and protected in line with established policies, contributing to both internal and external audits and assurance activities.

As part of your journey, you'll also gain exposure to security incident reviews and collaborate closely with Project Security Advisors within the MoD. This hands-on experience opens the door to progressing toward a future role as a Cyber Security Assessor.

Occasional travel to other MoD sites will be required, with travel costs subsidised to support your mobility and engagement across the organisation.

Hybrid and flexible working can be considered for this post but will need regular workplace attendance due to security constraints. Candidates are encouraged to discuss options with the recruiting line manager before submitting an application.

Responsibilities:

• Lead a team of Information Assurance analysts to ensure high quality work is delivered that meets the needs of the business and required standards
• Provide expert advice and guidance in supporting the delivery of Information Assurance strategy, policy and solutions relevant to specialist area
• Provide expert advice and guidance in supporting the delivery of Business Continuity and Disaster Recovery planning
• Lead the testing of relevant controls on the implementation of any system, platform or infrastructure to ensure alignment with security architecture and policy
• Act as Security Accreditor/Assurer to ensure all networks and systems are compliant with policy. Providing appropriate advice and guidance when gaps are identified and escalate where appropriate
• Undertake information assurance reviews and lead audits and provide management information on reviews, both internally and externally with Industry Partners, presenting the findings across stakeholder groups
• Lead the development and delivery of the accreditation/assurance activity within projects, acting as a Security & Information Risk Advisor
• Review business processes, identify improvements, assess feasibility and recommend new approaches where appropriate and share in the community
• Manage the controls to ensure Information Management activities is managed in accordance regulatory and relevant legislation

Person specification

To be successful with your application, you'll need to show that you meet the following essential criteria:

• Degree in a related area or relevant experience within cyber or information assurance
• Experience of leading teams
• Demonstrable experience of leading cyber and information assurance in a complex project

While not required, your application would benefit from holding one or more of the following:

• Professional membership with a recognised body, supported by externally validated evidence of professional development
• ISO/IEC 27001 Information Security Management - Foundation
• NIST Cyber Security Professional (NCSP) - Foundation Certificate
• ISO/IEC 27001 Information Security Management - Practitioner, Lead Implementer, or Lead Auditor