Homes and Communities Agency
Information Security Officer (to June 2017)
6 Incomplete applications
5 SME, 1 large
10 Completed applications
8 SME, 2 large
Important dates
- Published
- Friday 17 March 2017
- Deadline for asking questions
- Tuesday 21 March 2017 at 11:59pm GMT
- Closing date for applications
- Friday 24 March 2017 at 11:59pm GMT
Overview
- Specialist role
- Cyber security consultant
- Summary of the work
- Providing Information Security and accreditation expertise and support within the HCA. Ensure the HCA remains compliant with ISO27001 and the Security Policy Framework at our Data Centres, as well as ensuring the HCA remains secure against cyber attacks.
- Latest start date
- 03/04/2017
- Expected contract length
- This is a thirteen week work package
- Location
- North East England
- Organisation the work is for
- Homes and Communities Agency
- Maximum day rate
- £450
About the work
- Early market engagement
- Who the specialist will work with
- The specalist will be the only Information Security Professional in the organisation and will need to work closely with the IT Infrastructure and Support Teams to ensure compliance.
- What the specialist will work on
-
Providing temporary Information Security and accreditation expertise and support until permanent recruitment completed. Ensuring HCA remains compliant with ISO27001 and Security Policy Framework particularly for Gateshead and Warrington Data Centres.
Arranging Pen tests.
Monitor and record key metrics including cyber attacks, equipment loss, unusual staff internet access. Produce monthly Information Security Report.
Ensure completion of BPSS for new non-staff workforce and necessary SC/CTC checks for other staff.
Plan the 2017/18 ISMS system and process audits in agreement with the ISMS Management Team, and carry out first quarterly 2017/18 audit. Hand over smoothly to permanent role once they are in post.
Work setup
- Address where the work will take place
- The worker can generally choose where they work, however the team uses our Gateshead office as a connection point, and there is an expectation that the worker will use this office for project related activities that need their attendance in person.
- Working arrangements
- The worker will manage their own working arrangements as required to deliver the assignment. For reasons of security, the HCA will provide encrypted laptop loaded with secure software.
- Security clearance
- All team members are subject to Baseline Personnel Security Standards checks and for anyone working at the London office, must also be CTC cleared.
Additional information
- Additional terms and conditions
Skills and experience
Buyers will use the essential and nice-to-have skills and experience to help them evaluate suppliers’ technical competence.
- Essential skills and experience
-
- Public Sector Information Security Background
- Detailed knowledge of ISO27001
- Experience of ensuring security of the PSN, email, virus protection and Disaster Recovery
- A mix of management and technical skills
- CISSP Qualified
- Nice-to-have skills and experience
How suppliers will be evaluated
- How many specialists to evaluate
- 3
- Cultural fit criteria
-
- Work as part of a team with our organisation and other suppliers
- Transparent and collaborative when making decisions
- Flexible to changing requirements and needs
- Open to suggestions and open to make suggestions
- Driven for success with positive and professional attitude
- Assessment methods
-
- Work history
- Reference
- Evaluation weighting
-
Technical competence
40%Cultural fit
20%Price
40%
Questions asked by suppliers
- 1. From 6th April, responsibility for determining if an assignment is within IR35 will shift to the Public Sector organisation. [We] need to understand the client’s decision on the status of each contract assignment (including extensions) under IR35 and whether a new contractor assignment is deemed ‘Inside’ or ‘Outside’ of IR35 at the beginning of the recruitment process for hiring a contractor. There is an HMRC status portal available to help determine the status but we do require you to post a response as to whether the role is ‘inside’ or ‘outside’.
- This is an outside IR35 role.
- 2. How many days should the worker expect to be onsite at Gateshead? And how many days at other locations, and where are they?
- The person undertaking this work will need to agree with the wider team how best to deliver the outcomes and therefore the locations and activities associated. Gateshead is the main Data Centre hub and Warrington the secondary, therefore any additional travel could encompass Warrington. It is not expected that there would need to be any regular or frequent attendance to other sites.
- 3. Can you clarify whether this role will be subject to IR35 or is it out of scope?
- This is an outside IR35 role.
- 4. Can you confirm with regards to the IR35 legislation whether this role is inside or outside of the new legislation
- This is an outside IR35 role.
- 5. Is there a current incumbent in place.
- We have packages of work currently underway in this area, but this requirement is a new package of work.
- 6. What is the likelihood of the work package being extended or the supplier being offered additional work packages?
- We are actively recruiting a permanent ISO who would pick up this work in the future, as well as other responsibilities. Should this permanent role not be in place at the end of this work package, then those elements which can be delivered as a work package may be offered to the market for a further period
- 7. We have a consultant who can use local accommodation to deliver the project. However given distance between sites and the need to stay away from home, are we able to agree that where possible fridays would typically be ok for home working please?
- The worker can generally choose where they work, however because this is a ‘Security Role’ they need to be on-site as required in order to successfully deliver the work package. The exact arrangements will likely differ throughout the lifecycle of the work and therefore we cannot be prescriptive about this.
- 8. Could you please provide the exact location that the specialist will work.
- The worker can generally choose where they work, however the team uses our Gateshead office as a connection point, and there is an expectation that the worker will use this office for project related activities that need their attendance in person.
- 9. will this contract fall under IR35 please?
- This is an outside IR35 role.
- 10. Is BPSS & CTC both mandatory or either or ,if candidate has CTC not BPSS can such ones be considered.
- All team members are subject to Baseline Personnel Security Standards checks, this is mandatory. For anyone working at the London office, they must also be CTC cleared.
- 11. Can more than 1 candidates be submitted?
- Given the time limited and focussed nature of this assignment we are looking for a single individual.
- 12. What is the lead time for feedback once the application is submitted?
- We are looking to appoint by 03/04 at the latest, therefore are expecting to have made decisions by 30/03.
- 13. For "A mix of management and technical skills" any more information on any specific Technical Skills please
-
GSi – how the secure gateways work
Good understanding on Secure Email routing
Successful accreditation for the PSN controls – risk mitigation etc
Pen Testing/Health Checks
Accrediting systems/solutions