Security Controller - UK

Full Time
London, UK
8 months ago

Elastic is a free and open search company that powers enterprise search, observability, and security solutions built on one technology stack that can be deployed anywhere. From finding documents to monitoring infrastructure to hunting for threats, Elastic makes data usable in real-time and at scale. Thousands of organizations worldwide, including Barclays, Cisco, eBay, Fairfax, ING, Goldman Sachs, Microsoft, The Mayo Clinic, NASA, The New York Times, Wikipedia, and Verizon, use Elastic to power mission-critical systems. Founded in 2012, Elastic is a distributed company with Elasticians around the globe. Learn more at elastic.co.

We’re looking for a Security Controller based in a London office but with distributed working part of the time to manage the security operations within a close knit team supporting Public Service colleagues. Working to the UK Director responsible for security, the incumbent will act in an executive manner to secure the business by implementing Company and Public Service Client security requirements relating to employees, contractors, infrastructure, information and assets. You will provide day-to-day operational support, guidance and advice to staff with regards to all aspects of protective security less digital, in the UK and global enterprise as required, and ensure security policy is adhered to and/or risk managed appropriately. The ideal candidate will take ownership of their responsibilities in securing the facility(s) 24/7/365, and must be able to manage time, individuals and infrastructure to ensure the integrity of the site, its classified areas and globally as required. Working on their own initiative, and as part of a team, they must have the ability to liaise with key stakeholders on sensitive matters.

Responsibilities

  • As Security Controller be specifically responsible for interpreting and implementing contractual, Security Aspects Letters and legislative requirements ensuring they are adhered to as required while monitoring and reporting company compliance.
  • Responsible for ensuring operational protection of government classified assets in accordance with Facility Security Clearance (FSC) [formally List X] security controls.
  • Be the first point of contact for site security and security accreditation related issues.
  • Maintain relationships with client Contracting Authorities, liaising within the company, and between the company and client DSO or security officials of relevant Contracting Authorities to include notification of company internal changes of FSC requirements.
  • Be a prime mover developing and maintaining a strong security culture, collaborating with the Public Service team and general enterprise as required.
  • Conduct site specific and corporate Security Awareness training in various formats.
  • Maintain the UK master vetting register and act as the UK Clearance Contact, coordinating with HR, appropriate arrangements for personnel security clearance of employees involved and overseas visitors to the UK where appropriate.
  • Provide relevant threat information as the basis for a risk management decision process specifically for the UK, but also corporate travel and globally as required.
  • Conduct site specific security compliance audits and maintain a regular risk based audit programme to provide verifiable security compliance.
  • Provide management requirements input of AACS, IDS, and CCTV across the site and global estate as required.
  • Respond to, and investigate security incidents in a timely manner to provide  Security Intelligence data.. Ensuring incidents are dealt with appropriately or escalated if necessary, dealing with appropriate Agencies and law enforcement as appropriate. 
  • Highlight and escalate any risks to the site or Company to the UK company Security Director.
  • Drive actions within the incident/crisis management and business resumption team, acting as an SME ensuring protection of company assets and reputational issues.
  • Carry out risk assessments, manage security related incidents and lead on investigations.
  • Site specific control of visitors within ‘need-to-know’ and control of access requirements.
  • Collaborate with company INFOSEC team as required to ensure that the Company’s networks remain physically secure and compliant with UK legislative policies and relevant ISO accreditation by formulation and implementation of company physical security instructions, Risk Management and Accreditation Document Sets (RMADS) and Security Operating Procedures (SyOPs).

What we're looking for:

Essential

  • Eligible to receive UK National Security Vetting to the required level.
  • Knowledge and experience of UK Government Security requirements such as:
    • Government Functional Standard GovS 007: Security;
    • MOD Joint Service Publication 440;
    • Information Assurance Standards.
    • Cabinet Office Security Policy Framework
  • Experience undertaking risk assessments and implementing security policies.
  • Design and requirement identification of physical security components and  Integrated Security Management Systems.
  • Experience of physical security component requirements and design application on site.
  • Ability to work with the highest level of discretion and integrity as the role involves working with a considerable volume of sensitive and personal information.
  • Sound written and verbal communication skills, with experience of delivering briefs and presentations to employees and clients.
  • Membership of accredited UK professional security body with demonstrated CPD requirements i.e. RSES, Security Institute, CSyP.
  • Positive and professional attitude with an ability to work independently.

Desirable

  • Previous experience working within a List X/FSC company or Government Protective physical security role.
  • Management of Company vetting register requirements.
  • Knowledge of approved security products and build standards.
  • Working knowledge of ISO 27001 is advantageous.
  • Experience of security asset management and quality assurance.
  • Ability to multitask and prioritise workload in a dynamic working environment without compromising requirements.
Additional Information - We Take Care of Our People

As a distributed company, diversity drives our identity. Whether you’re looking to launch a new career or grow an existing one, Elastic is the type of company where you can balance great work with great life. Your age is only a number. It doesn’t matter if you’re just out of college or your children are; we need you for what you can do.

We strive to have parity of benefits across regions and while regulations differ from place to place, we believe taking care of our people is the right thing to do.

  • Competitive pay based on the work you do here and not your previous salary
  • Health coverage for you and your family in many locations
  • Ability to craft your calendar with flexible locations and schedules for many roles
  • Generous number of vacation days each year
  • Double your charitable giving - We match up to $1500 (or local currency equivalent)
  • Up to 40 hours each year to use toward volunteer projects you love
  • Embracing parenthood with minimum of 16 weeks of parental leave

Different people approach problems differently. We need that. Elastic is an equal opportunity/affirmative action employer committed to diversity, equity, and inclusion. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, pregnancy, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, disability status, or any other basis protected by federal, state or local law, ordinance or regulation.

We welcome individuals with disabilities and strive to create an accessible and inclusive experience for all individuals. To request an accommodation during the application or the recruiting process, please email candidate_accessibility@elastic.co We will reply to your request within 24 business hours of submission.

Applicants have rights under Federal Employment Laws, view posters linked below: Family and Medical Leave Act (FMLA) Poster; Pay Transparency Nondiscrimination Provision Poster; Employee Polygraph Protection Act (EPPA) Poster and Know Your Rights (Poster)

Please see here for our Privacy Statement.