Personnel Security Assurance
Role summary
The role of Personnel Security Assurance is to establish the appropriate Personnel Security organisational posture to deliver an effective risk-based approach to mitigate the
insider risk.
Entry route
Internal
Suitable for an individual from the Government Security Profession or other relevant profession (e.g. HR, Behavioural Sciences or Research and Development).
External
Suitable for an individual who has worked as a Personnel Security consultant in industry.
Role level
Typical role level expectation
- Deliver Personnel Security assurance processes, including providing audit information to risk owners
- Monitor and report on the delivery of Personnel Security processes against requirements, with the use of key performance indicators
- Review current personnel risk reduction methods, including those which are technological or procedural, and highlight areas of concern
- Ensure alignment with government and/or industry objectives and standards, proactively reviewing and assuring security risk and highlighting non-conformance
Typical role level expectation
- Manage delivery and life cycle of Personnel Security assurance processes, including sharing audit information to senior leadership, and setting assurance standards
across government
- Manage the assessment, recording and monitoring of Personnel Security processes
- Review reporting, including key performance indicators, and act as key decision maker for the delivery of Personnel Security processes against requirements
- Ensure alignment with government and/or industry objectives and standards, and liaise with senior stakeholders on how these objectives and standards can be met
Skills
| Skill | Lead | Principle |
|---|---|---|
| Applied Personnel Security | Practitioner | Expert |
| Legal and regulatory environment and compliance | Practitioner | Expert |
| Risk understanding and mitigation | Practitioner | Expert |
| Protective security | Awareness | Working |
| Threat understanding | Awareness | Working |
Core learning
Lead
Certified ISO27001 Practitioner
NPSA – Security Culture and Behaviour Change
QACSRM (Certified Security Risk Manager)
Principal
Certified ISO27001 Practitioner
Risk in the Boardroom
(ISC)2 Certified Information Systems Security Professional Training (CISSP)