Compliance Auditor Ref. 2314

Black History MonthMind Silver AwardThe Times Top 100Disability confident leaderThe Prince's Responsible BusinessStonewall Diversity Champion 2021Stonewall Diversity Champion 2021The Guardian UK 300 logo

Cheltenham, Gloucestershire
Full Time

At NCSC we are proud of our inclusive and supportive working environment that’s designed to encourage open minds and attitudes.  As an organisation that values and nurtures talent, we are committed to helping you fulfil your potential.  With comprehensive training and development opportunities, tailored to your needs and the requirements of your work, we will enable you to flourish in your role and perform to the very best of your abilities.

•    Access to learning and development tailored to your role and support to gain professional qualifications and certifications.
•    An environment that supports a range of flexible working options (including a flexible working hours scheme).
•    A culture which encourages inclusion and diversity.
•    Support to gain professional qualifications and certifications
•    A civil service pension
•    25 days annual leave, rising to 30 days based on length of service.

The COMSEC Compliance Team (CCT) is part of the National Crypt-Key Centre. We actively support the National Cyber Security Centre (NCSC), the UK’s technical authority on cyber security, in its mission to prevent, disrupt and investigate cyber threat.
As an auditor within the team, you will be responsible for a portfolio of organisations across government, the intelligence community, law enforcement and industry, ensuring that their handling and management of cryptographic items is IS4 compliant. IS4 is the national standard detailing the protective security controls for the handling and management of cryptographic items, a standard the team is responsible for. Comprehensive training will be provided, supporting you to work independently to plan and conduct audits of your customer organisations.  
You will help operate CINRAS (COMSEC Incident Notification Reporting and Alerting Scheme), a national mandatory scheme to manage and monitor cryptographic incidents. You will have opportunity to get involved in the Incident Working Group, a 5-Eyes group introduced to share, and align, best practice.  
And finally, there is a requirement to provide advice and guidance to customer organisations which will offer you the chance to liaise with colleagues across NCSC and GCHQ.  

You will be managing and auditing a diverse customer portfolio for compliance against IS4. You will also provide policy advice and guidance to customers, liaising with colleagues across the department, as needed, to provide current and up-to-date responses. In addition, you will be responding to, and managing, incidents relating to cryptographic items.

We're looking for someone with strong interpersonal and communication skills as you will be engaging with a wide range of external customers. As the role includes a reasonable amount of travel, primarily UK based, you will need to be comfortable travelling to customers independently (all in line with Covid guidance, as necessary), and working away from the office. A willingness to embrace change and generate ideas is needed as the scope of the team is expected to evolve over the coming months, providing you with the opportunity to help shape the role accordingly.   

At NCSC, diversity and inclusion are critical to our mission. To protect the UK, we need a truly diverse workforce that reflects the society we serve. This includes diversity in every sense of the word: those with different backgrounds, ethnicities, gender identities, sexual orientations, ways of thinking and those with disabilities or neurodiverse conditions. We therefore welcome and encourage applications from everyone, including those from groups that are under-represented in our workforce.

•    Communication and Knowledge sharing - Intermediate
•    Corporate Vision and Efficiency - Fundamental
•    Change and Innovation - Fundamental
•    Analysis and Decision Making - Intermediate
•    Contribution to Delivery - Intermediate
•    Managing the Customer Relationship - Intermediate
•    Working with and Leading Others - Intermediate

If you’re excited about working with us and think you have some of what we’re looking for but aren’t sure if you’re 100% there yet… Back yourself and give it a go!

To apply for this position, you must meet our nationality, residency requirements. You’ll find more details here –

Be prepared to dedicate 60-90 minutes to completing your application. We’re conscious this might be more time than you expected, so our system will allow you to save your application at any time and come back to it later. But remember to submit your full application before the closing date.
Once we’ve established that you meet our eligibility criteria, the next steps of this selection process are:

- Paper sift
- Personal interview
- Drug test
If you successfully complete these stages, you’ll receive a job offer, conditional upon you completing our developed vetting (DV) process which enables you to obtain the level of security clearance required to perform this vital role.

As a Disability Confident employer, we will ensure that a fair and proportionate number of disabled applicants who meet the minimum criteria for this position will be offered an interview. This is known as the Offer of Interview (OOI).

To secure an interview for this role, candidates applying under this scheme must meet the minimum criteria for the Eligibility and Business sift.


This Program / Vacancy is closed to applications.