Information Assurance Manager
- Newmarket Rd, Cambridge, UK
Marshall Aerospace and Defence Group is one of the largest independent aerospace and defence companies in the world delivering innovation and excellence in engineering, support solutions and services in the air, on land and at sea.
Since 1909, we have been valued for our integrity, performance and customer focus which we have demonstrated through our innovative solutions and ability to deliver on time and to cost.
We specialise in the conversion and modification of military, civil and business aircraft, alongside defence vehicle engineering and shelter manufacture. Our capabilities include engineering design, manufacture, test and the provision of personnel, training and advice, whilst providing maintenance, integration and product support.
Marshall Aerospace and Defence Group is part of the Marshall Group of Companies that employs over 6,000 people with a turnover in excess of £2.7bn.
We are a respected total solutions provider for the military and commercial sectors.
The Information assurance manager plays an instrumental role in the developing, communicating, implementing, and updating of documentation relating to the management of the confidentiality, integrity and availability of valued or protected data.
In particular (but not limited to the following): -
The Information Security Management System and its policies (ISMS)
- Systems Operating Instructions (SyOps) in the form of Acceptable Policies (AUP)
- Risk Management Accreditation Document Sets (RMADS) or their equivalents.
- Code of Connections submissions to the MoD (CoCo)
- Defence Standard 05-138 (DCPP)
- Defence Assurance Risk Tool (DART)
Effective management of these responsibilities will assist in providing all the necessary and essential framework for assuring high levels of information security.
The information assurance manager working in conjunction with the Cyber Security Manager will provide guidance and insight for developing strategies as well as promoting information security.
The Information assurance manager is responsible for safeguarding the company's vital information
Liaising with external auditing organisations to support compliance with.
Cyber Essentials Plus
DAIS (Defence Assurance Information Service)
Information Technology Health Checks (ITHC)
Regular Company Audits (AFNOR & LRQA)
Information Assurance teams at external stakeholder organisations.
- In collaboration with the Information Asset Controllers
- Identify and mitigate the risks associated to information assets based on their type, and value.
- Standardise and simplify the application of controls associated to information assets.
- Ensure the usage of the information assets are compliant with policies as defined by the Information Asset Controllers
- Responds to requests for information from identified, approved and authorised channels relating to information assets.
- Analyses data for other opportunities of utilisation.
Essential Skills and Abilities
The information assurance manager should possess strong interpersonal and communication skills and should be able to manage their internal and external stakeholders effectively.
They should be able to function independently, but keep the ICT Team and other stakeholders aligned to their activities in information assurance.
Excellent time management and organisation skills are vital.
Experience of information governance standards as such as ISO27001, HMG SPF, HMG IA standards, the NCSC standards and guidance, are essential.
Being able to demonstrate previous involvement in introducing an Information Asset library and the associated governance would be particularly relevant.
Due to the nature of our business, all employment is subject to satisfactory references being obtained, attainment of either a SC (Security Check), Disclosure Scotland Criminal Record Check or Foreign Police Check (whichever is applicable depending on duration of UK residency) and, as applicable, a medical assessment. Access to US technical data by employees requires prior Trade Control function approval. Clearance must be carried out against all applicable US export control authorisations.