Reporting to the Senior Director, Head of Commercial Legal for EMEA, we are hiring a Security Controller with 12+ years’ experience, based in our London office and with part-
time distributed working to manage security operations.  This role will support our growing Public Sector business in the U.K. and the EMEA region, partnering within a strong support system of our Legal and cross functional teams, including Information Security, Human Resources, Sales and Facilities.  The ideal candidate is a self-sufficient and resourceful leader who will assume responsibility for securing the business by implementing Elastic’s and its Public Sector Customers’ security requirements relating to employees, contractors, infrastructure, information and assets. This position is for an individual that must have the ability to liaise with key stakeholders on sensitive matters within a fast-paced technology company covering SaaS, Licensing and Managed Packages.

 

• Implementing Elastic’s security requirements relating to Elastic Sites, employees, contractors, infrastructure, information and assets as they relate to Elastic’s Public Sector Customers.
• Providing day-to-day operational support, guidance and advice to Elastic personnel with regards to all aspects of Security (including Site Security and Site Audits), as required, ensuring Elastic’s Security Policy is adhered to and/or risk managed appropriately.
• Interpreting and implementing contractual and legislative requirements (including Security Aspects Letters) ensuring they are adhered to as required while monitoring and reporting compliance.
• Collaborating with key stakeholders to ensure that the Elastic’s networks remain physically secure and compliant with UK legislative policies and relevant ISO accreditation by formulating and implementing Elastic physical security instructions, Risk Management and Accreditation Document Sets (RMADS) and Security Operating Procedures (SyOPs).
• Ensuring operational protection of UK Government classified assets in accordance with Facility Security Clearance (FSC) (formally “List X”) security controls and providing management requirements input of AACS, IDS, and CCTV across the Elastic Sites
• Liaising with Public Sector Customers in the UK and EMEA, including Departmental Security Offices and/or Security Officials of Public Sector CustomersWorking with key stakeholders, conducting Site specific and corporate Security Awareness training.
• Maintaining a UK master vetting register and acting as the UK Clearance Contact, coordinating with key stakeholders, ensuring appropriate arrangements for personnel security clearance of employees involved and overseas visitors to the UK where appropriate.
• Responding to, and investigating Security Incidents in a timely manner in accordance with Elastic Incident Response Plans, while simultaneously dealing with appropriateUK Government Agencies and Law Enforcement Agencies (as appropriate).

 
WHAT YOU BRING ALONG:

• Eligible to receive UK National Security Vetting to the required level.
• Knowledge and experience of UK Government Security requirements such as
  • Government Functional Standard GovS 007: Security
  • MOD Joint Service Publication 440
  • Information Assurance Standards
  • Cabinet Office Security Policy Framework.
• Experience undertaking Risk Assessments and implementing Security Policies.
• Design and requirement identification of Integrated Security Management Systems.
• Ability to work with the highest level of discretion and integrity as the role involves working with a considerable volume of sensitive and personal information
• Sound written and verbal communication skills, with experience of delivering briefs and presentations to employees and clients.
• Membership of accredited UK professional security body with demonstrated CPD requirements i.e. RSES, Security Institute, CSyP
• Previous experience working within a Facility Security Clearance (FSC) or Government Protective physical security role.
• Knowledge of approved security products and build standards
• Working knowledge of ISO 27001
• Experience of security asset management and quality assurance.

#LI-PM1