Search All Jobs

Information Assurance Practitioner (6 Month FTC)

Requisition ID: R10047680

  • Category IconCategory: Engineering
  • Location IconLocation: Cheltenham, Gloucestershire, United Kingdom
  • Citizenship IconCitizenship Required: United Kingdom Citizenship
  • Clearance IconClearance Type: Developed Vetting (DV)
  • Telecommute IconTelecommute: No- Teleworking not available for this position
  • Travel IconTravel Required: No
  • Positions IconPositions Available: 1

At Northrop Grumman, our employees have incredible opportunities to work on revolutionary systems that impact people's lives around the world today, and for generations to come. Our pioneering and inventive spirit has enabled us to be at the forefront of many technological advancements in our nation's history - from the first flight across the Atlantic Ocean, to stealth bombers, to landing on the moon. We look for people who have bold new ideas, courage and a pioneering spirit to join forces to invent the future, and have fun along the way. Our culture thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work — and we have an insatiable drive to do what others think is impossible. Our employees are not only part of history, they're making history.

The IA Practitioner contributes to strategic business objectives and governance.  They will use subject matter expertise to influence across a senior information risk owners (SIRO) area of responsibility.

This is a customer facing role reporting to the UK Cyber Security Manager and you will have a holistic perspective relating to the delivery of programmes utilising established NG on premise and cloud architectures in the EMEA Region.

In conjunction with the UK Cyber Security Manager act as the authority for UK sovereign aspects and collaborate with NG Information Security (Infosec) on impacts of using NG infrastructure while considering UK contractual obligations and UK Government rules, accreditation requirements and NCSC/MOD guidance. 

Key Responsibilities

Strategic Governance

  • Provide oversight for secure programmes to adhere to International/UK standards, compliance with Security Policy Framework (SPF), OGD security requirements, MOD security requirements and UK legislation. Provide direction on UK sovereign aspects to NG DevNet/Cloud CCBs in order to comply with UK rules and contractual stipulations.
  • Collaborate with Infosec on potential solutions for any UK or contractual stipulations that differ from NG standards or Infosec best practices. Attend customer SWGs and provide feedback on specific customer stipulations to Infosec. Assist in internal/external programme/classified audits where necessary.
  • Provide advice, guidance and review against UK sovereign requirements in the design, build and operation/monitoring of C&I/NSS Off-nets.
  • Provide advisory support to Infosec relating to programme/classified projects to inform Systems Security Plan fulfilment.
  • Notify ES Team of any vulnerability notifications from the customer to prioritise remediation.
  • On behalf of the DevNet CCB review DevNet Exceptions for Low Trust PvDCs

Risk Management:

  • Engage in programme workshops where necessary representing UK sovereign requirements. Generate programme risk analysis in support of programmes to fulfil UK sovereign security commitments and contractual requirements
  • Manage relationships with the External Customer accreditation authorities, engage in activities to achieve signoff/agreements and waivers to operate. Any change stipulations levied by the Accreditors to achieve accreditation are cascaded back to for review/implementation.

On Premise Architecture

  • Engage in programme workshops representing UK sovereign requirements linked to Northrop Grumman infrastructure changes/modifications.
  • Work with programmes/projects on justifying any changes/updates to DevNet build templates. Review ISG audits of Northrop Grumman on premise infrastructure from UK sovereignty perspective.
  • Be provided with extracts of iCSOC scans of DevNet PvDC VM infrastructure as part of vulnerability policing requirement within the environment on behalf of the DevNet CCB. Undertake engagements with programme projects regarding exceptions pertaining to whitelisted URLs (e.g. DevNet context).

Cloud Security

  • Have a holistic perspective relating to the programme delivery utilising established NG cloud architectures.
  • Engage with the programmes regarding requirements for projects to operate in the NG and client Cloud environments providing advice on any anomalies/unique requirements. Review justifications and at Cloud CCB vote on decisions relating to the utilisation of cloud services. 
  • Work with programmes/projects on justifying any changes/updates to Cloud build templates. Engage in programme workshops on UK customer requirements to utilise cloud platforms and raise requirements/security implementations for use with Infosec. Collaborate with Infosec on waivers/exceptions that may be in place.
  • Review ISG audits of NGUK Cloud environment. Review iCSOC vulnerability scans of Programme VPCs.
  • Discuss findings with Infosec and any agreed waivers/exceptions that may be in place.

Incident Management

  • In the event of a cyber-incident situation where there has been an overspill of UK sovereign data into the incorrectly classified or unaccredited system engage with the UK Cyber Security Manager in the first instance.
  • Coordinate with the UK Cyber Security Manager where the UK Cyber Security Manager has started an investigation, working together on investigations and to remediate challenges. Provide advice and guidance on approaches needed to safeguard UK sovereign data on NG infrastructure.


  • Undertake any other reasonable task as requested.
  • Recognised certification for IA professionals or relevant qualification.
  • Experience as a Practitioner in IA (SFIA responsibility level 6)
  • Recent experience providing IA activities in a large public sector organisation.
  • Strong analytical as well as verbal and written communications skills are required.
  • Good interpersonal skills for written, oral and face to face communications.
  • Skills in influencing and negotiation methods and techniques.
  • Capable of dealing with conflicting priorities between different specialist groups.
  • Experience of UK Government working practices

Desirable criteria:

  • A basic understanding of available and emerging IT technologies.
  • An ability to understand how the IT technology supports the business.
  • Ability to communicate effectively at different levels within the organisation, which includes security working group level, operations personnel and customers.

Additional Information:

  • Travel requirements: Occasional UK travel may be required to attend team/customer meetings and training activities
  • Northrop Grumman offer Hybrid working, please speak to us at application stage to see what is possible
  • Clearance requirements: Post-holder must hold and maintain UK Government SC clearances and UK citizenship

Northrop Grumman is committed to equality and diversity in our workplace. Northrop Grumman provides equal employment opportunity to all employees and applicants without regard to an individual's protected status, including race/ethnic origin, color, nationality, national origin, ancestry, sex/gender, gender identity/expression, gender reassignment, sexual orientation, marriage/civil partnership, pregnancy/maternity, religion or belief, creed, age, disability, genetic information, or any other protected status or characteristic.

Apply Now

Search All Jobs

What's great about
Northrop Grumman

  1. Be part of a culture that thrives on intellectual curiosity, cognitive diversity and bringing your whole self to work.
  2. Use your skills to build and deliver innovative tech solutions that protect the world and shape a better future.
  3. Enjoy benefits like work-life balance, education assistance and paid time off.

Did you know?

Northrop Grumman leads the industry team for NASA’s James Webb Space Telescope, the largest, most complex and powerful space telescope ever built. Launched in December 2021, the telescope incorporates innovative design, advanced technology, and groundbreaking engineering, and will fundamentally alter our understanding of the universe.