Sitec are currently looking to recruit 2 Cyber Business Analysts for a private nuclear MoD establishment in Reading. The posts are for an initial 3 month contract with likely extension and are paying competitively on an hourly basis.
Job Role / Purpose
* Carry out the methodical investigation of all or part of a business in terms of business functions, information and processes, in order to identify cyber-related vulnerabilities in a variety of Information Technology (IT) and Operational Technology (OT) systems and systems-of-systems.
* Suggests and defines cyber mitigation strategies to overcome vulnerabilities.
* Create viable requirements, specifications and acceptance criteria in preparation for projects which will deliver the mitigations.
* Work with the local teams and owners of affected systems in order to communicate the issues and ensure smooth implementation of mitigations.
* Manage and work with internal and external providers to ensure effective implementation.
* Investigate and analyse business IT and OT systems to make them more secure by the use of proven defensive measures.
* Work as a change agent with senior business stakeholders playing a key part in shaping and fostering continuous cyber improvement by way of procedural and technical mitigations
* Acts as a bridge between the business as usual need and the consequence of the delivered solution
* Provide customer engagement at all levels internally and externally with 3rd party partners and suppliers
* Understand the problem and document the requirements that the solution must address
* Identify systems in need of assessment, and make necessary contacts to facilitate investigation
* Carry out cyber vulnerability investigation on target system - identifying the attack surfaces and possible vectors, and considering the risks posed by internal and external actors.
* Develop robust documentation that clearly defines the cyber issue, need for change, and recommended approach, for presentation to the CIO Delivery Governance Board.
* Elicit mitigation requirements through the effective use of requirements gathering workshops and resolve any complex requirement conflicts through effective stakeholder engagement
* Work with the project Delivery Managers to identify stakeholders who are affected by a proposed mitigation.
* Work closely with Project Delivery Managers and Solution Architects to understand, at a high level, the potential impacts and costs associated with a mitigation
* Can identify and document mitigation project risks, issues, assumptions and dependencies
* Can effectively present options and recommendations to stakeholders
* Understands legal regulatory and compliance aspects of information systems and can advise on implications on IT and OT systems.
* Relevant cyber-related formal IT or business qualification, or appropriate hands on experience which negates the need for formal qualifications.
* Vocational qualifications.
* Broad knowledge of IT and OT systems
* Knowledge of the cyber threat landscape and evolving techniques
* Understanding of the range of defensive measures and mitigations available
* Use of information modelling tools and proficient in information capture techniques
* Awareness of worldwide cyber hygiene guides (SANS, Aus DoD etc) and standards (ISO27001 etc)
* IT & Information Assurance related principles, standards, and requirements when operating within MoD and UK legislative environments
The following are desirable but not essential
* Project Management techniques & processes
* Technology project delivery techniques e.g. Waterfall, Agile, Iterative
* Experience of working with both IT and OT systems
* Experience in dealing with ageing legacy systems
* Experience in managing or implementing cyber vulnerability mitigations
* Use of a requirements management system such as DOORS
* Managing delivery and implementation of defensive cyber measures
* Information capture and presentation
* Ability to understand and balance the trade space between effective cyber security and the need for end users to be able to work without impediment
* Strong communication skills to translate technical solutions into non-technical based inter departmental explanations
* Business analysis techniques, including requirements capture
* Experience in preparing capability requirements
* Able to work well with both internal and external clients
* Good presentation skills, and ability to communicate with various audiences, including end users, managers and members of the IT team
* Team player who works toward the realisation of personal, team and departmental goals
* Excellent listener and have a thorough understanding of what is important to the business
* Self-starter with leadership skills in order to take charge of or facilitate requirement gathering sessions
Willing and able to obtain and maintain a high level of security clearance necessary for the role
This vacancy is being advertised by Sitec, part of the Sitec Group. The services advertised by Sitec are those of an Employment Business
This vacancy is being advertised by Sitec.