Technical Security Assurance
Role summary
The role of Technical Security Assurance is to identify technical security risks and highlight non-compliance and vulnerabilities to enable others to manage residual risk.
Role level
Typical role expectations
- Deliver Technical Security assurance processes, including providing audit information to risk owners
- Assess, record, and monitor the introduction, maintenance, through-life performance, and removal of technical services, systems, platforms and infrastructure
- Monitor and report on the delivery of Technical Security services against requirements, using key performance indicators
- Ensure alignment with government and industry objectives and standards, proactively reviewing and assuring security risk and highlighting non-conformance
Typical role expectations
- Manage delivery and life cycle of Technical Security assurance processes, including sharing audit information with senior leadership, and setting assurance standards
across government
- Manage the assessment, recording, and monitoring of the introduction, maintenance, through-life performance, and removal of technical services, systems, platforms and infrastructure
- Review reporting, including key performance indicators, and act as key decision maker for the delivery of Technical Security services against requirements
- Ensure alignment with government and industry objectives and standards, and liaise with senior stakeholders on how these can be met
Skills
| Skill | Lead | Principle |
|---|---|---|
| Applied Technical Security | Practitioner | Expert |
| Legal and regulatory environment and compliance | Practitioner | Expert |
| Risk understanding and mitigation | Practitioner | Expert |
| Protective security | Awareness | Working |
| Threat understanding | Awareness | Working |
Core learning
Lead
Forensic Awareness
Investigator/Regulator – Open Source Internet Investigations
Open Source Intelligence Training (OSINT) Introduction
Principal
Certified ISO27001 Practitioner
NEBOSH General Certificate
Certified in Risk and Information Systems Control (CRISC)