Any Defra Office
£35,895 - £43,847
16th March 2021
This is a critical role coordinating and delivering security risk management activity within the supplier assurance environment, enabling a clear and realistic view of security risk within our supply chain.
You will be a member of a team managing the day to day security risk of the supply chain through all stages of the Defra supplier lifecycle: from supplier selection and on-boarding, ongoing supplier assessments, supplier issue management and status reporting, through to end of contract.
Successful candidates must be willing to undertake SC clearance prior to taking up duty. Please see below for additional Security Clearance details.
• Ensuring that suppliers of IT services to Defra effectively risk manage departmental information. Postholder will be involved in the design and Management operation of our overarching assurance framework and processes towards supplier security assurance:
o Focussing attention and resources onto the highest impact suppliers/contracts
o Improving supplier compliance with recognised security standards and best practice
o Identifying potential information risks that can arise from contracting with a specific supplier, so that proportionate and appropriate arrangements are put in place
• Ensure that all business areas include proportionate and appropriate security requirements and due diligence within supplier bid/procurement processes.
• Involvement in setting up and operating mechanisms to monitor the effectiveness of the supplier security assurance framework, adjusting these as necessary
• Collaborate with the business in order to provide suppliers with early insight into the mandatory minimum security requirements expected of them during the life of a contract.
• Conduct assurance activities post contract award to ensure suppliers maintain compliance with minimum security requirements throughout contract lifecycle.
• Production of regular Management Information/reporting
• Conduct supplier security assessments (via remote questionnaire or on-site visits).
• Supporting the review of supplier contract compliance with Defra’s security schedules and clauses.
• Establishing and maintaining excellent relationships with internal and external partners to influence their activities and promote and enhance supplier security assurance.
Skills and Experience
• Experience of undertaking technical and information risk assessments/ using good practice standards such as ISO 27001
• A clear understanding of Information Security and Risk Management.
• Experience of analysing disparate sources of security information quickly and providing sound advice and recommendations on requirements to stakeholders at all levels.
• Proven excellent written and verbal communication skills with a range of stakeholders at different levels and the ability to build strong working relationships internally and externally.
• Effective decision making, using evidence, available data and personal knowledge to provide clear, accurate and professional decisions.
• Able to assess business context and apply it to security assurance.
• Understanding of and/or experience of working with security audit techniques.
• Good knowledge of security controls.
• Understanding of and/or experience of working with Legal and Commercial teams to deliver security outcomes.
• An advocate of continuous improvement, enjoying the challenge and benefits that this can bring to your own work and that of the team.