Crypto Custodian

About the Role

The role is for a Crypto Custodian based in Bristol, responsible for the secure handling, storage, accounting and distribution of cryptographic materials across the Defence organisation. The position provides leadership and governance for crypto delegates, oversees suppliers and ensures compliance with UK national standards, MOD policies and corporate requirements. A Developed Vetting security clearance is mandatory and travel to secure Defence and supplier facilities is required. Custodial duties include creating and managing the crypto plan (policy, registers, audits, incident process, governance), controlling and accounting for physical and digital cryptographic items throughout their lifecycle, and implementing security measures to prevent compromise. Accurate records, inventories and logs are maintained in line with national and organisational requirements, and users are briefed, debriefed and trained on crypto responsibilities. In a leadership capacity the Custodian directs crypto delegates, ensures effective tasking, compliance and succession planning, and acts as the accountable owner of crypto accounts, delegating responsibilities where appropriate. They also oversee cryptographic suppliers, ensuring contractual, security and regulatory obligations are met and establishing clear governance, escalation routes and assurance checks. The role ensures adherence to MOD/NCSC guidance such as JSP 440, JSP 490, DEFSTAN 05‑138 and SDIP27/29, supports accreditation and assurance activities, leads internal audits, facilitates external inspections and implements corrective actions. The Custodian owns the risk register for cryptographic assets and reports to Information Security governance forums, investigating incidents and liaising with authorities when required. Stakeholder engagement involves working closely with business, programme, IT, engineering and security teams to meet cryptographic needs, acting as the point of contact for MOD, primes and partners, and providing expert advice on confidentiality, integrity and availability risks. The Custodian promotes awareness and training to embed a culture of crypto security across the organisation. • Create and manage the crypto plan, including policy, registers, audits, incident processes and governance. • Control, store, account for and dispose of physical and digital cryptographic material throughout its lifecycle. • Maintain accurate records, inventories and logs in line with national and organisational requirements. • Brief, debrief and train users on crypto responsibilities and security practices. • Lead and direct crypto delegates, ensuring effective tasking, compliance and succession planning. • Oversee cryptographic suppliers, ensuring contractual, security and regulatory compliance. • Ensure adherence to MOD/NCSC standards such as JSP 440, JSP 490, DEFSTAN 05‑138 and SDIP27/29. • Lead internal audits, support external inspections and implement corrective actions. • Own the risk register for cryptographic assets and report to Information Security governance forums. • Investigate and report crypto incidents, liaising with authorities as required. • Provide SME guidance, expert advice and awareness training to business, IT, engineering and security teams.

Key Responsibilities

• ▸crypto planning
• ▸asset custody
• ▸inventory management
• ▸standards compliance
• ▸risk management
• ▸incident investigation

What You Bring

Required qualifications include proven experience in cryptographic account management, COMSEC or related INFOSEC roles, strong knowledge of UK Defence security frameworks, and demonstrated leadership of staff or delegates. The candidate must have experience managing compliance, audits and incident reporting in a high‑security environment and be able to obtain Developed Vetting clearance. • Hold or obtain Developed Vetting (UK national security) clearance and demonstrate leadership in high‑security environments.

Requirements

• ▸developed vetting
• ▸cryptographic management
• ▸comsec
• ▸infosec
• ▸defence frameworks
• ▸leadership

Benefits

Benefits include a safety‑first environment, a culture that values making a real difference, and opportunities to develop as a mid‑career professional blending technical expertise with strong personal qualities. The role encourages integrity, accountability, resilience and curiosity, with continuous learning, independent and team‑focused work, and the chance to lead and make confident decisions.

Work Environment

Onsite

Interview Process

-online assessment with cognitive and behavioural aptitude testing (may be required for certain locations).