Techincal Security Assurance
Role summary
The role of Technical Security Assurance is to identify Technical Security risks and highlight non-compliance and vulnerabilities to enable others to manage residual risk.
Entry Route
Internal
Suitable for an individual from the Government Security Profession.
External
Suitable for an individual who has worked within Technical Security in industry.
Typical role expectations
- Deliver Technical Security assurance processes, including providing audit information to risk owners
- Assess, record, and monitor the introduction, maintenance, through-life performance, and removal of technical services, systems, platforms and infrastructure
- Monitor and report on the delivery of Technical Security services against requirements, using key performance indicators
- Ensure alignment with government and industry objectives and standards, proactively reviewing and assuring security risk and highlighting non-conformance
Typical role expectations
- Manage delivery and life cycle of Technical Security assurance processes, including sharing audit information with senior leadership, and setting assurance standards
across government
- Manage the assessment, recording, and monitoring of the introduction, maintenance, through-life performance, and removal of technical services, systems, platforms and infrastructure
- Review reporting, including key performance indicators, and act as key decision maker for the delivery of Technical Security services against requirements
- Ensure alignment with government and industry objectives and standards, and liaise with senior stakeholders on how these can be met
Skills
| Skill | Lead | Principle |
|---|---|---|
| Applied Technical Security | Practitioner | Expert |
| Legal and regulatory environment and compliance | Practitioner | Expert |
| Risk understanding and mitigation | Practitioner | Expert |
| Protective security | Awareness | Working |
| Threat understanding | Awareness | Working |
Core learning
Assurance lead
Forensic Awareness
Source Intelligence Training (OSINT) Introduction
Open Source Internet Investigations
Assurance Principal
Certified ISO 27001 Practitioner
Risk in the boardroom
NEBOSH