System Security Controller

JOB DESCRIPTION

Hewlett Packard Enterprise creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. HPE brings together a portfolio that spans software, services and IT infrastructure to serve more than 1 billion customers in over 170 countries on six continents. HPE invents, engineers, and delivers technology solutions that drive business value, create social value, and improve the lives of our clients.

Learning does not only happen through training. Relationships are among the most powerful ways for people to learn and grow, and this is part of our HPE culture. In addition to working alongside talented colleagues, you will have many opportunities to learn through coaching and stretch assignment opportunities. You’ll be guided by feedback and support to accelerate your learning and maximize your knowledge. We also have a “reverse mentoring” program which allows us to share our knowledge and strengths across our multi-generation workforce.

Enterprise Security supports our customers by providing IT Security-focused consultancy. Our customers utilize our extensive knowledge and experience of penetration, testing, governance risk and compliance, network security, and remote access. We are there for our customers – come join us!

Skills & Experience:

Detailed understanding of, and experience in, IT security;

  • Good overall understanding of Security management and assurance practices, with hands on experience
  • Ability to investigate aspects of IT systems and compare them to relevant standards (e.g. HMG/JSP 440, CIS, ISO27001)
  • Ability to identify solutions to resolve security gaps in systems and designs
  • Understanding and experience of using RMADS documentation for UK government and/or defence customers
  • Conversant with the HMG Security Policy Framework and Departmental government security policies
  • Strong interpersonal skills promoting customer and accreditor confidence in the consultant and in HPE
  • Ability to work in a high pressure team environment
  • Ability to pick up and understand new technologies
  • Understands the importance of total customer care and is able to demonstrate the ability to build longer-term business relationships. Has the ability to manage the customer’s expectations in addition to ensuring that a high level of service is delivered.
  • Able to build effective relationships at all levels of the organisation and plays an active part in the achievement of shared solutions and results. Leadership of assigned team members to ensure any work done is performed to defined standards.
  • Demonstrates a high level of energy, enthusiasm and tenacity to achieve a positive result. Is a self-starter, overcomes obstacles and is driven to succeed. Works well under pressure and deadlines
  • Holds SC clearance, or is willing to go through the SC or DV clearance process
  • Description:

This vacancy is for a security consultant with all-round information assurance security skills to join the HPE Enterprise Security Services Security Consulting (HMG) – UK&I practice. There will be some travel required for working at customer sites due to HMG security requirements but the consultant will be primarily based from our office in Erskine.

The consultant will be responsible to the System Manager (SysM) for the day-to-day management and control of all aspects of the Security of the IT system(s) for which they have designated responsibility. The SSO shall work closely with the SysM, and also provide guidance to the System Administrators when required. The SSO also has a wider responsibility to report to the security governance organisation any concerns which cannot be quickly resolved or any inability to meet the requirements of the system’s accreditation.

  • Responsibilities:

The SSO is responsible for all associated security, including the Personnel, Physical, Hardware, Software, Communication and Media security associated with the systems over which they have responsibility, including:

  • Maintaining or ensuring the maintenance of the relevant security documentation when changes to either hardware or software are implemented
  • Ensuring that relevant SyOPs are made available to all users, administrators and managers.
  • Preparing and maintain relevant SyOPs for the system roles for which they have responsibility.
  • Ensuring that actions required as a result of Security Inspections, Audits and Surveys are carried out.
  • Be involved in the change control activities and have access to information detailing the authorised users and the extent of their authorisation and responsibilities as defined in this document
  • Ensuring that all personnel having access to the system for which they have responsibility are appropriately security clearance for that system and the extent of access is the minimum necessary to undertake their present responsibilities.
  • Maintaining or have access to records of anyone authorized to use any part of the system and the extent of their authorization
  • Co-ordinating ITHCs and ensuring operations are fully briefed and aligned
  • Performing audits of software configurations annually against Configuration Management records
  • Managing the education and Awareness programme to ensure all staff are aware of their security responsibilities and tasks
  • Responding to security questions and queries from users and 3rd parties
  • Ensuring the proper physical control, storage and accountability of Classified documentation, media, material and equipment relating to the administration of the system.
  • Controlling the removal of defective hardware from buildings/sites.
  • Performing audits of hardware configurations annually against Configuration Management records.
  • Liaising with contractors to ensure that maintenance is carried out without endangering the security stance of the system.
  • Obtaining the prior approval of the Accreditor for any change that might affect the security functionality of the system, before authorising any such updates to system hardware.
  • Controlling and issuing master passwords or other access control devices, where relevant.
  • Controlling end-user devise encryption and lockdown tools deployed on the system.
  • Monitoring and implementing hardware, firmware and software modifications and enhancements to the system to ensure that security is not breached.
  • Ensuring that hardware logs are maintained and auditing/reviewing them at intervals not exceeding 3 months.
  • Controlling the removal of defective hardware from buildings/sites.
  • Performing audits of hardware configurations annually against Configuration Management records.
  • Fulfilling the functions of the Crypto Borrower, ensuring that all personnel holding, or having access to, cryptographic material are properly authorised by the Crypto Custodian.
  • Mustering all cryptographic equipment and keymat borrowings, in accordance with the requirements of Infosec Standard Number 4 (JSP490 for Defence accounts) at intervals not exceeding one calendar month.
  • Ensuring that magnetic media and USB devices are only authorised for use when supported by an approved business justification and security variance.
  • Ensuring carriage, musters and disposal meets the requirements of UKP4411. The SSO is to maintain records of all carriage, musters and disposals.
  • Making sure that before their (systems documents) release from the system; checks are made on documents which have undergone an approved process for release to a lower or non-Classified level. Checks are also to be undertaken to ensure such released documents do not, in fact, contain Classified data and that the external signs which might allow deductions to be drawn about previous usage are removed.
  • Keeping the security log and ensure that the system and maintenance logs are maintained and examined and countersigned by the SM at intervals not exceeding one month.
  • At least once each month, carry out a sample check of the logs at a randomly chosen location, and maintain records of all such checks for review by the Accreditor. The logs at each location are to be checked no less frequently than once in any 3 month period.
  • Monitoring and investigating potential and actual breaches of a systems security.
  • Initiating and processing incident reports concerning actual or potential breaches of security.
  • Reporting any identified system loopholes, infringements, and vulnerabilities to the SM and respective DSO.
  • Reporting to the HPE Group Security Controller all security relevant events and to assist in any initial investigation and drafting of any necessary reports.
  • In conjunction with the HPE Group Security Controller, shall conduct any necessary security investigation into potential and actual security breaches.
  • Ensuring that all users have read and signed the relevant SyOPs prior to their first use of the system.
  • Making sure that all users and staff re-read (and sign) SyOPs at intervals not exceeding 12 months or when the SyOPs are changed.
  • Providing system-specific security advice to management, staff and users.
  • Overseeing or conducting the briefing of staff on system security responsibilities.
  • Ensuring that the relevant Security Policies and procedures are produced and maintained
  • Liaising with the Accreditor, via the respective DSO or HPE Group Security Controller, on all aspects of system security.
  • In conjunction with the SM, shall seek authorisation and approval from the Accreditor via the HPE Group Security Controller for any proposed changes that may affect system security standards.
  • Undertaking any other security related tasks as required by the SM or HPE Group Security Controller.
  • Liaising with SSCs to ensure that site security risks are aligned to the Physical and Environmental (P&E) RA for the site and that the system(s) RA are indexed within the site P&E RA, so that during internal and external ISO27001 audits, the auditor has ‘ clear visibility of all security risks pertaining to the site.
  • Ensuring a suitable individual who is aware of the system (s) RA is available or contactable to brief internal or external ISO27001 auditors’ when required.

Key Competencies:

Customer Focus:

Understands the importance of total customer care and is able to demonstrate the ability to build longer-term business relationships. Has the ability to manage the customer’s expectations in addition to ensuring that a high level of service is delivered.

Communication Skills:

  • Able to demonstrate excellent communication skills, influencing the customer to achieve a desirable outcome.
  • Comes across open, clear and assertive, although able to build effective long-term relationships.

Teamwork:

Able to build effective relationships at all levels of the organisation and plays an active part in the achievement of shared solutions and results. Leadership of assigned team members to ensure any work done is performed to defined standards.

Decision Making:

Critically evaluates all available options and effectively executes conclusion to achieve desired result, working either independently or as part of a wider team.

Self Motivated and Resilient:

Demonstrates a high level of energy, enthusiasm and tenacity to achieve a positive result. Is a self-starter, overcomes obstacles and is driven to succeed. Works well under pressure and deadlines.

Planning & Organisation:

Applies a resourceful approach to work, using time management skills and prioritising a complex workload. Structured and methodical, yet additionally able to adapt style to maximise the achievement of a positive result.

Qualifications:

Professional Accreditations, (desirable)

Minimum of 2 years industry or HMG security experience.

CISSP

CISM

IISP

Bachelor’s degree in an IT related subject or can demonstrate sufficient industry experience

CCP SIRA/Architect

Candidates will be expected to agree to undergo a UK Security Check clearance and be able to drive.


Meet Some of Hewlett Packard Enterprise's Employees

Jeremy H.

Business Compensation Manager

Jeremy ensures all HPE employees are properly compensated for their contributions to the company, helping to retain top talent and market leaders for the organization.

Cat G.

Research Scientist

Cat works in the HPE lab, exploring and designing new devices that become the building blocks for the computation creations of the future.


Back to top