Site Security Controller

Job Description:

Ensure that DXC, UK Secure Accounts and account-specific security policies relating to protective security are

implemented and enforced locally.

Produce, maintain, issue, and enforce local site security instructions or briefings.

Ensure that their site retains appropriate client security accreditations (for example FSC), maintaining any account-specific accreditation documents for the site.

Act as the principal point of security contact for the site during client or other audits. Any findings should be addressed initially by the SSC and, if required, passed to the relevant stakeholder for ownership and resolution.

Periodically review, update, and obtain approval for a local site Risk Register that covers physical and environmental security risks pertinent to the site, and ensure that they are reviewed annually or when a new risk is identified affecting the site.

Together with the UKSA SCL and the SDLs of accounts on site, support the process to maintain the ISO 27001 risk register.

Maintain a Surreptitious Threat Mitigation Process (STaMP) assessment for each secure area within the site.

Maintain a register of all secure cabinets on their site, recording the owner, location and use.

Ensure that the combinations of secure cabinets are changed according to policy, records are maintained, and copies of combinations are kept securely and appropriately protected.

Perform an oversight of the operation and administration of site security equipment, including CCTV, alarm systems, locks, AACS, and any other equipment used for protective security purposes to ensure that they meeting Secure Accounts security requirements.

Perform an oversight of guarding and reception services to ensure that they meet UK Secure Account security requirements.

Ensure all staff with access to UKSA areas on site have a DXC Technology Identity Pass (Employees, Contractor, Visitor etc.) and a Secure Accounts Identity Pass.

Implement and maintain a documented AACS security zoning policy and authorisation process. Ensure a local manager (and a deputy) is identified to authorise access to their area. Where such a manager is not available, the SSC will be the authoriser.

Ensure that access lists on the AACS are reviewed on a periodic and regular basis by nominated managers and/or the SSC to confirm that only those who have a continuing need and appropriate clearance have continued access.

Implement and maintain a documented Technology Zoning Policy for all UKSA areas on the site with appropriate signage.

Perform or supervise the registration and control of locally held classified assets SECRET and above, ensuring that authorised procedures for the receipt and dispatch of Government Security Classified assets are followed.

Perform or instruct periodic reviews (musters) of classified assets SECRET and above in accordance with DXC4411, ensuring accuracy of all entries in Classified Document Register. This should be done in a manner to capture all assets on a rotating basis (e.g. do not choose the same assets to muster each time).

Conduct spot checks of classified assets SECRET and above in accordance with DXC4411.

Ensure that the use of mobile devices and removable media is controlled and authorised according to DXC4411 PART 1 - Chapter 2: Asset Management and any client-specific requirements.

Provide local site support when requested by the Cryptographic Manager and STRAPSO.

Ensure the processes for visitors to the site complies with both DXC security policy and Secure Accounts policy.

Implement an 'end of day' clear desk policy and either conduct or oversee spot checks to ensure it is complied with.

Investigate any reported security incidents in accordance with PART 1 Chapter 5: Information Security Incident Management and provide a documented report.

In conjunction with SDLs confirm that IT that is used on the site is accredited and operated in accordance with their respective SyOPs.

In conjunction with the SCT and relevant SDLs, assist in the co-ordination of all security audits at their site including producing an itinerary and inviting relevant staff, publicise to ensure staff are made aware and ensure all protective security aspects are prepared for inspection.

Following an audit, ensure that observations and/or non-conformances relating to protective security are addressed.

Confirm that all security measures with respect to joiners, movers and leavers are carried out on the site including all passes and access rights being issued, amended or revoked in accordance with DXC and Secure Accounts policies.

Maintain good working relationships with the SDLs of the accounts based onsite, as well as DXC Resiliency, Facilities and Business Continuity Planning staff, to ensure an integrated approach to security on site.

Maintain contacts with local Counter Terrorism Security Adviser (CTSA), ensuring that the site is recorded with them as holding sensitive material and ensuring that they hold the relevant site contact details.

Provide to the GSC a periodic report on the status of the site

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.