Protective security adviser

This occupation is found in the public and private sectors and focuses on the mitigating actions and policies required to meet prevailing threats and protect assets from compromise across the enterprise using a combination of physical security; personnel security; technical security and cyber security. This occupation is found in every organisation that holds assets of value that require protection. An asset is anything with value, tangible or intangible, in need of protection, and which can include but not be exclusive to People – employees, contractors, visitors and communities; Physical – property and items of value that can be seen, touched or held; Information – data bases, financial data, research, trade secrets and intellectual property; Processes and Systems – anything that enables the enterprise to function. These groupings can be further broken down into tangible assets – buildings, equipment, raw materials; intangible assets – intellectual property, contracts, copyrights, reputation, or mixed assets – individuals and their knowledge, physical assets that contain intangible assets. The range of sectors that this occupation applies to includes all Critical National Infrastructure (CNI) sectors: chemicals; civil nuclear; communications; defence; emergency services; energy; finance; food; government; health; space; transport; water and supply chains of these sectors. This occupation also applies to, but is not exclusive to, the following sectors: construction; property management; science/technology centres; academia; retail; tourism; stadia and sporting arenas; hotels and hospitality; events sector and night-time economy. The broad purpose of the occupation is to protect assets from identified threats by assessing protective security risks and developing mitigations to reduce these risks. This may comprise, amongst other things, working with key stakeholders to support risk assessments, assess information, provide technical input to conversations, identify risks, and develop mitigations, deploy security personnel, condition enterprise personnel to ensure a positive security culture, target hardening, use technology and policies and procedures to mitigate the identified threats and associated risks. Protective Security Advisers will understand an organisation’s assets, the threats they face and how assessments can be used to identify the risk these threats pose. Protective Security Advisers develop plans to mitigate these risks and implement security measures, with a review process which provides continuous improvement. They will understand the fundamentals of protective security which forms the foundations of ‘security convergence’. Protective security is a combination of the four security disciplines of personnel, physical, cyber and technical security. Protective security is where all four disciplines have been considered together to ensure threats that seek to find gaps between the disciplines cannot be exploited. This is often referred to as security convergence. The Government Functional Standard GovS 007: Security, describes the purpose of each of the protective security disciplines: Physical Security: The purpose of physical security measures is to ensure a safe and secure working environment for staff and visitors, protecting them against a wide range of threats, including theft, terrorism and espionage. Personnel Security: The purpose of personnel security is to assure organisations that the people it employs are suitable for work in sensitive roles. It also safeguards employees from exploitation as a result of their personal circumstances. Technical Security: The purpose of technical security measures is to holistically protect sensitive information and technology from close access acquisition or exploitation by hostile actors, as well as any other form of technical manipulation. Cyber Security: The purpose of cyber security is to ensure the security of data and information. In their daily work, an employee in this occupation interacts with a variety of internal and external stakeholders as protective security advisers do not work alone, with the focus on security being a business enabler. To achieve this protective security advisers, need to work with a wide range of stakeholders within a business to ensure business needs are met and externally to support and work with partners and the communities they are based in. In the role of the Protective Security Adviser they will be expected to communicate effectively and provide protective security briefings and subject matter expertise to mitigate protective security risks to a wide variety of stakeholders. Such stakeholders may include: senior risk owners; employees; customers; suppliers; distributors; enterprise risk management (ERM) professionals; corporate threat and intelligence analysts; business continuity and resilience professionals; business development management; information security officers; human resource departments; health and safety professionals; physical security teams; Third party supply chains; Police and law enforcement; community representatives; and the National Technical Authorities i.e. National Protective Security Authority (NPSA), UK National Authority for Counter Eavesdropping (NACE) and National Cyber Security Centre (NCSC). An employee in this occupation will be responsible for the identification of security vulnerabilities to enable organisations to provide a converged security and risk mitigation approach employing National Technical Authority (NTA) guidance. This may include developing asset registers; records of threat actors and potential threat vectors employed against organisational assets; vulnerability assessments; security risk assessments (SRA); protective security mitigations; protective security risk registers; protective security planning and review and assurance processes.