Governance And Assurance Security Officer
Share
Job Location:
Portsmouth - UK
Monthly Salary:
Not Disclosed
Posted on:
12 hours ago
Vacancies:
1 Vacancy
Job Summary
Purpose.
1. Primary Purpose. The Governance and Assurance Security Officer (GASyO) is the first point of contact for members within their Area Of Responsibility (AOR) regarding cyber and information management and security and is responsible through their Chain of Command for providing their Commanding Officer/Head of Establishment with assurance of effective cyber and information security management whilst acting as the Unit Security Officer (USO) in the control of all aspects of security including counter terrorist and counter espionage measures at HMS EXCELLENT in peace and war.
2. Secondary Purposes.
a. Deputise for Establishment Security Officer as required.
b. To act as First/Second reporting officer for RN security team (OR 2-4).
c. Manage ITSO output and personnel.
d. Conduct the role of Information Manager.
e. Hold the Security Section AinU and provide all stores for the Security Section in order to carry out duties.
f. Member of the Families Day Committee for Security to include attendance on Families Day to act as part of ICP.
g. Act as Secretary at the Monthly Security meetings.
3. On taking up the appointment of GASyO:
a. The new incumbents first action will be to conduct 100% muster of all IT assets within their establishment and to reconcile the assets against the Navy Command Asset Register (NCAR) or equivalent.
b. Ensure you register your details with
c. Complete mandatory training as defined in paragraph 8.
Duties of the Governance and Assurance Security Officer (GASyO)
4 The GASyO is responsible for the day to day application of Information Technology and Information security management measures within HMS EXCELLENT and its Outstations the GASyO is specifically responsible for:
a. The maintenance of procedures for the physical security of HMS EXCELLENT.
b. To develop and implement local Cyber Security Policy and Procedures (CSPP) for their specific AOR where required. This will be in developed from MOD and Navy CSPP.
c. Manage the Cyber Security of all non-MODNET assets within their AOR and scope.
d. Updating and maintaining the Navy Command Asset Register (NCAR) ensuring that all non-MODNET assets including but not limited to Portable Electronic Devices (PEDs) Tablets Cameras Printers are recorded when they are received.
e. Understand the accreditation process and the Defence Assurance Risk Tool (DART) in order to guide submitters within their AOR through the process.
f. Ensure all ICT asset requests go through the Navy Digital Request For Change (RFC).
g. Act as focal point for triaging actioning and responding to MODCERT Directives.
h. Ensure that all the assets within their AOR are accredited and maintained throughout life. Retain a copy of all Accreditation Certificates and Security Operating Procedures (SyOPs).
i. Ensure anti-virus updates and patches are carried out within the required timeframe and in accordance with SyOPs. Contacting MCSU Service Desk with any issues.
j. Retain a copy of all master passwords for the assets within their AOR.
k. The GASyO will conduct a monthly 10% spot check of all Cyber assets within their AOR and by the end of the year a 100% check will have been carried out.
l. Ensure all Information and Cyber breaches are reported to Navy WARP through a Security Incident Reporting Form regardless of whether they were resolved at local level.
m. When required monitor and/or assist with investigations into significant Cyber incidents.
n. Ensure the unit has a Cyber Champion to act as an ambassador through upholding of good security hygiene and maintaining a positive security culture by providing security advice and guidance delivering education and awareness briefs.
o. Carry out annual Cyber assurance of holdings policy and procedures of subordinate units where applicable.
p. Provide support to all visits where Cyber assets are involved. These may be from but not limited to MCSU RN PSyA SCIDA.
q. Provide general IT security inclusive of CYBER and Social Media advice and guidance to the user community preparing and presenting annual security training and education. Assist ITSO on all security matters connected to social media
r. Arrange Technical Surveillance Countermeasures (TSCM) sweeps in accordance with JSP440 Leaflet 18.
s. Ensure that all Cyber related changes to PSyA RN Security Directives Security Advisory Briefs RN Temporary Memorandums are distributed to all department heads within their AOR.
t. Where necessary to produce up to date instructions for assets e.g. Printers scanners fax machines etc.
u. Liaising with the Data Protection Officer for maintaining their part of the Navy Command Information Asset Register (NCIAR).
v. Co-ordinate all aspects of physical documentary and personnel security within the -ordinate the preparations for external Security Assurance Visits and Inspections by the PSyA Security Assurance Team and carry out actions required for Self-Assessments.
w. Assist in the production and maintenance of the Establishment Security Risk Register.
Superiors.
5. The GASyO is accountable to 1st Lt and functionally accountable to the ESyO for Security related matters.
Authority.
6. The GASyO is authorised to take whatever measures are necessary to ensure that security rules are being observed. He may make spot checks of any department Lodger unit or section without prior warning to note security measures in force and impound any protectively marked material not properly secured.
Whole Ship Responsibilities
7. Participate in Whole Ships activities in support of the Executive Department.
Required Experience:
Unclear Seniority
Key Skills
- Security Management
- Vehicle Patrols
- Public Safety
- Law Enforcement
- Access Control
- Safety Procedures
- Security Measures
- Alarm System
- Crowd Control
- CCTV Monitoring
- Access Point
- Security Checks
- Detect Signs
- Safe Environment
- Security System
