eCAF/NIS Application Consultant

eCAF/NIS Application Consultant

Posted 1 day ago by Morson Edge

Apply
Negotiable
Inside
Hybrid
Glasgow, Lanarkshire, G2
Apply
Agile Methodology Amazon Web Services (AWS) Application Design Architecture Framework Business Strategies Cloud Computing Cloud Technology Continuous Integration and Continuous Delivery Cyber Resilience Cyber Risk Cyber Security Cyber Threat Hunting Data Security DevOps Information Technology Architecture Management Microsoft Azure Network Information Systems Release Management Security Strategies Stakeholder Management Version Control

Summary: The eCAF/NIS Application Consultant role at Scottish Power Energy Networks (SPEN) focuses on enhancing cyber resilience and compliance with NIS regulations through the implementation of security solutions and standards. The position involves collaboration with various stakeholders to ensure applications are secure and resilient against cyber incidents. The consultant will contribute to the development of security capabilities and support the overall security strategy of the organization. This role requires a proactive approach to managing cyber risks and ensuring alignment with industry regulations.

Key Responsibilities:

  • Input to the COE Cyber Programme Plan, identifying new security capabilities for applications to support overall NIS compliance.
  • Develop fully defined cost-effective security services at the application level.
  • Ensure alignment between security architecture frameworks and standards with overall business strategy.
  • Build strong and collaborative relationships with key stakeholders inside and outside of the organization.
  • Support the creation of security design documents and architecture artifacts.
  • Provide security guidance to teams and ensure consideration of asset management and data security best practices.
  • Drive the adoption of secure designs, patterns, and best practices.
  • Keep abreast of the latest intelligence from sources of cyber threat information and brief stakeholders with actionable information.

Key Skills:

  • Experience of Secure by Design Solutions Application Design and architecture.
  • Experience of cyber security, monitoring and reporting tools and solutions.
  • Experience in understanding and managing aspects of cyber risk, including assessment, analysis, and reporting.
  • Experience in defining and/or implementing security controls across multiple layers of the IT architecture stack.
  • Highly developed problem-solving and delivery skills.
  • Excellent communication skills for distilling technical issues for non-technical managers.
  • Technical Delivery expert with experience in Agile and DevOps.
  • Good knowledge of the IT lifecycle and experience with the business's suite of applications.
  • Knowledge of Service Management/ITIL for effective operational service management.
  • Understanding of release management tools, version control systems, and CI/CD pipelines.
  • Familiarity with cloud environments (e.g., AWS, Azure).

Salary (Rate): undetermined

City: Glasgow

Country: United Kingdom

Working Arrangements: hybrid

IR35 Status: inside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Job Description Job Title eCAF/NIS Application Consultant Location: Glasgow HQ/hybrid style working (3 days pw in office) Duration: 12 month initial contract Rate: Negotiable, inside IR35, PAYE or UMB

Job Purpose Statement Cyber security is one of the defining topics of our age, and cyber risk represents one of the most significant strategic risks to the UK's critical national infrastructure. At Scottish Power Energy Networks (SPEN) you will have the opportunity to approach this risk head on. SPEN have invested significantly in an ambitious security transformation programme to transparently reduce risk, achieve compliance with NIS regulations and deliver a cyber resilient business.

The Cyber Assessment Framework (CAF) / NIS Programme will enhance cyber resilience, compliance and assurance across the organisation's IT applications estate in line with NIS Regulations and the UK Cyber Assessment Framework (CAF).

Reporting into the COE Leadership, the Application Consultant role is a critical role in ensuring delivery against the strategic security vision and development and maintenance of associated security standards and documentation across COE owned applications. The role will ensure that applications are protected, resilient and prepared against cyber incidents.

This role will be dedicated to implementation of cyber security solutions, configurations and tools. You will be responsible for proposing, planning and managing changes to align with SPENs security strategy and comply with industry regulations such as NIS.

This role may require occasional working out of normal hours as implementation schedules require.

Accountability Statements The Applications Consultant works closely with project managers, business analysts, end users and external vendors to ensure that applications meet the functional and non-functional requirements of the business while also ensuring that we continue to support and develop our applications with minimal impact on business as usual.

  • Inputs to the COE Cyber Programme Plan, identifying new security capabilities for applications to support overall NIS compliance.
  • Takes responsibility for the development of these capabilities into fully defined cost-effective security services at application level.
  • Feed into the SPEN security strategy. Ensuring alignment between security architecture frameworks and standards with overall business strategy.
  • Customer focused with a demonstrable track record of building strong and collaborative relationships with all key stakeholders inside and outside of the organisation.
  • Ensure that security architecture supports each stage of the delivery of new projects as indicated by the 'Secure by Design' process.
  • Supports the creation of security design documents and architecture artefacts
  • Interfaces with the relevant Design Authorities, providing security guidance to teams.
  • Ensure consideration of asset management and data security best practice in relation to NIS regulations.
  • Drive the adoption of secure designs, patterns and best practices.
  • Keeps abreast of the latest intelligence from sources of cyber threat information and briefs stakeholders with actionable information.

Skills, Knowledge & Experience Required:

  • Experience of Secure by Design Solutions Application Design and architecture
  • Experience of cyber security, monitoring and reporting tools and solutions
  • Experience of understanding and managing aspects of cyber risk, including the assessment, analysis, and reporting of cyber risk in a business context
  • Experience in defining and/or implementing security controls across multiple layers of the IT architecture stack
  • Highly developed problem solving and delivery skills with the ability to analyse complex issues, recommend appropriate solutions and manage calls with many vendors and teams to deliver these.
  • Excellent communication skills, with an ability to distil technical issues into a form that can be digested by non-technical managers.
  • Technical Delivery expert, with demonstratable experience in Agile and DevOps.
  • Good knowledge and understanding of the IT lifecycle and experience of the business and its suite of applications.
  • Knowledge and experience of Service Management/ITIL to ensure the operational service is maintained and managed effectively and efficiently.
  • Understanding of release management tools, version control systems, and CI/CD pipelines.
  • Familiarity with cloud environments (e.g., AWS, Azure).

Minimum Criteria (Mandatory)

  • Experience of Secure by Design Solutions Application Design and architecture
  • Experience of cyber security, monitoring and reporting tools and solutions
  • Experience of understanding and managing aspects of cyber risk, including the assessment, analysis, and reporting of cyber risk in a business context
Apply
Similar Jobs
Loading data...