Technical Security Assurance
Find out what the Technical Security Assurance role in government does and the skills you need to do the role at each level.
Role summary
The role of Technical Security Assurance is to identify technical security risks and highlight non-compliance and vulnerabilities to enable others to manage residual risk.
Role level
Typical role expectations
- Deliver Technical Security assurance processes, including providing audit information to risk owners
- Assess, record, and monitor the introduction, maintenance, through-life performance, and removal of technical services, systems, platforms and infrastructure
- Monitor and report on the delivery of Technical Security services against requirements, using key performance indicators
- Ensure alignment with government and industry objectives and standards, proactively reviewing and assuring security risk and highlighting non-conformance
Typical role expectations
- Manage delivery and life cycle of Technical Security assurance processes, including sharing audit information with senior leadership, and setting assurance standards
across government
- Manage the assessment, recording, and monitoring of the introduction, maintenance, through-life performance, and removal of technical services, systems, platforms and infrastructure
- Review reporting, including key performance indicators, and act as key decision maker for the delivery of Technical Security services against requirements
- Ensure alignment with government and industry objectives and standards, and liaise with senior stakeholders on how these can be met
Skills
| Skill | Lead | Principle |
|---|---|---|
| Applied Technical Security | Practitioner | Expert |
| Legal and regulatory environment and compliance | Practitioner | Expert |
| Risk understanding and mitigation | Practitioner | Expert |
| Protective security | Awareness | Working |
| Threat understanding | Awareness | Working |
Core learning
Lead
Forensic Awareness
Investigator/Regulator – Open Source Internet Investigations
Open Source Intelligence Training (OSINT) Introduction
Principal
Certified ISO27001 Practitioner
NEBOSH General Certificate
Certified in Risk and Information Systems Control (CRISC)