Security Systems (previously ‘Process’)
Role overview
This oversees certain specialist security processes, including processes related to STRAP assets and the provision of oversight of communications device security throughout the organisation, to facilitate compliance with security procedures and safeguard organisational information and technology assets.
Role level
Typical role expectations
- Support adequate protection of assets by rigorous controls and audit, ensuring procedures for controlling access, use, and decommissioning of equipment and
information are robust
- Ensure communications devices and STRAP and CRYPTO materials are appropriately secured where necessary, and support user access management processes and technologies
- Document procedures for administration and use of communication security equipment, STRAP and CRYPTO materials
- Support operation of appropriate improvement plans and work with organisations to establish STRAP and CRYPTO requirements to achieve their objectives
- Support the secure use, custody, movement or destruction of classified STRAP material, and account for communications security material and associated key material
- Support the organisation’s regular inventory and audit of communications and communication security equipment, and carry out cryptographic security tasks, including ordering key materials from the Key Production Agency and co-ordinating with National Cyber Security Centre on IS4 audit
Typical role expectations
- Manage protection of assets by rigorous controls and audit, ensuring procedures for controlling access, use, and decommissioning of equipment and information are robust
- Manage a team in ensuring communications devices and STRAP and CRYPTO materials are appropriately secured where necessary, and lead on user access management
processes and technologies
- Manage the documentation procedures for administration and use of communication security equipment, STRAP or CRYPTO materials
- Lead operations of appropriate improvement plans and lead organisations to establish STRAP or CRYPTO requirements to achieve their objectives
- Manage and lead the use, custody, movement or destruction of classified STRAP material, and account for communications security material and associated key material
- Oversee a team’s support to organisation’s regular inventory and audit of communications and communication security equipment, and manage cryptographic security tasks
Skills
| Skill | Associate | Lead |
|---|---|---|
| Legal and regulatory environment and compliance | Working | Practitioner |
| Compliance monitoring and controls testing | Awareness | Working |
| Risk understanding and mitigation | Awareness | Working |
| Secure operations management | Awareness | Working |
| Protective security | Awareness | Awareness |
| Threat understanding | Awareness | Awareness |
Core learning
Associate
Certified ISO27001 Practitioner
NPSA – Security Culture Digital Learning
NPSA – Reducing Insider Risk
Lead
Certified ISO27001 Practitioner
NPSA – Reducing Insider Risk
NPSA – Security Culture Digital Learning