Technical Security Asset and Service Life Cycle Security Management
Role summary
The role of Technical Security Asset and Service Life Cycle Security Management is to oversee and provide advice throughout the procurement cycle, minimising the security risks associated with the procurement of assets or services, from concept to disposal.
Entry route
Internal
Suitable for an individual from the Government Security Profession or other relevant government profession. For example, Commercial or Procurement.
External
Suitable for an individual who has worked in contract management.
Typical role expectations
To support:
- identification and management of assets developed, processed or shared with suppliers, including with domestic and international partners
- supplier compliance with all relevant security legislation and regulatory requirements
- governance structures to manage all security risks from conception to disposal of assets, products or services, and the wider supply chain
- implementation of secure logistics of assets in development, transportation and at rest
Typical role expectations
- Identify and manage the assets developed, processed or shared with suppliers, including with domestic and international partners
- Ensure acquisitions, service programmes and suppliers comply with all relevant security legislation and regulatory requirements
- Implement governance structures to manage all security risks from conception to disposal of assets, products or services, and the wider supply chain
- Act on intelligence that indicates any risk to the supply chain, including providing advice and assurance on supplier’s security across acquisitions and services, and encourage continuous improvement
- Develop and maintain effective stakeholder relationships with both internal and external stakeholders in order to influence and change security decisions and manage thedelivery of the required security assets
Typical role expectations
- Oversee life cycle standards for assets developed for the organisation, processed or shared with suppliers, including with domestic and international partners
- Create and manage standards for acquisitions, service programmes and suppliers that comply with all relevant security legislation and regulatory requirements
- Oversee the implementation of governance structures to manage all security risks from conception to disposal of assets, products or services, and the wider supply chain
- Aggregate and prioritise intelligence that indicates any risk to the supply chain, including providing advice and assurance on supplier’s security across acquisitions and services, and encourage continuous improvement
- Develop and maintain effective stakeholder relationships with both internal and external stakeholders in order to influence and change security decisions and manage the delivery of the required security assets
Skills
| Skill | Associate | Lead | Principal |
|---|---|---|---|
| Applied Technical Security | Working | Practitioner | Expert |
| Risk understanding and mitigation | Working | Practitioner | Expert |
| Secure supply chain management | Working | Practitioner | Expert |
| Applied Technical Security | Awareness | Working | Practitioner |
| Protective security | Awareness | Working | Working |
| Threat understanding | Awareness | Working | Working |
Core learning
Lead
Certificate in Digital Forensics Fundamentals
Regulation of Investigatory Powers Act (RIPA) Senior Authorising Officer
IoT (Internet of things) security standards for government
Principal
EMSEC – TEMPEST Advanced Engineer
TSCM-ARBS: TSCM Advanced Rising Building Security
ISO 27005 Practitioner
EMSEC – TEMPEST Advanced Engineer