ID&T Cyber Security Assurance Contractor

The Contracting Authority is seeking to put in place a 24-month Contract that provides for the provision of an Augmented Resource to deliver Cyber Security assurance across multiple teams. At a high-level the resource is required to augment teams to support ongoing activity in Identity and Trust Services (ID&T) to deliver specific digital outcomes, which will require specific digital capabilities and capacity. The Contracting Authority requires resources with the skills and experience to deliver a suite of high-level service outcomes, accompanied with generic cyber security services as follows: - Consultancy and Advice: o Provide security architecture advice to the product delivery squads in ID&T, blending security, technical (public cloud development and architecture) and behavioural (leadership and communication) skills. o Work with and advise the Lead Security Architect, and solution architects within ID&T and across the wider department to ensure that solutions are secure, consistent, strategically aligned, and interoperable. Actively participate in the ID&T Technical Forum, applying security architecture input to inform decisions and outcomes that apply across the ID&T development teams. o Identify and advise on the appropriate mitigations for cyber security risks within ID&T products and work with the department's Digital Security Risk Management (DSRM) teams to ensure solutions meet security and risk governance controls. Identify security issues in system architectures and provide advice and guidance on the risk impact of vulnerabilities in our existing and future designs and systems. o Demonstrate accountability for the security aspects of product architectures, contributing to product roadmaps and represent product designs at governance forums, providing clear communication of security architecture design and decision making, to gain approval to proceed with designs. o Identify new technologies and work with DWP Digital Design Authority (DDA) and broader security community to look at opportunities to exploit them in business areas. Ensure that solutions meet the Departmental Security Architecture standards, re-using patterns where possible, and support presentation of solutions to the Digital Design Authority (DDA) at various stages of the product development. - Penetration Testing and IT Health Check.