Overview
JOB DESCRIPTION
Reports to: Security Operations Lead
Role summary: The IT Security Officer will lead all aspects of Cyber Security for ICT services to schools and across EA directorates. This role includes development and maintenance of cyber security policies, supplier assurance activities, and identification of corporate information security risks. The IT Security Officer may manage a small number of ICT Assurance staff and will liaise with ICT Assurance leadership to ensure consistency across EA service areas.
JOB PURPOSE
* To align IT security with business objectives and ensure that the confidentiality, integrity and availability of EA’s assets, information, data and IT services supports the organisation to achieve corporate objectives.
* To protect the interests of those relying on information and the systems that deliver it from harm resulting from failures of confidentiality, integrity and availability.
* Objectives will be met when: information is observed by or disclosed to authorized individuals; information is complete, accurate and protected against unauthorised modification; information is available and usable when required and systems can resist attacks and recover; business transactions and information exchanges can be trusted (authenticity and non-repudiation).
Leadership and management responsibilities
The IT Security Officer has leadership responsibility for this portfolio of services, including setting vision and strategy, managing delivery, and developing staff and relationships.
* Setting Vision and Strategy
o Work with ICT Assurance leadership to establish and communicate strategic direction for information security across EA.
o Contribute to the strategic plan for cyber security and to the ICT Assurance business plan.
o Translate corporate vision into ICT Assurance initiatives and lead regionalisation and transformation efforts.
o Contribute to new policy development in line with strategic direction and other public sector/cyber security organisations.
o Contribute to management of services scope with EA projects and 3rd party suppliers; challenge conventional approaches and maximise efficiencies.
* Managing the Organisation to Deliver
o Manage service delivery to achieve high standards and meet internal and external customer needs.
o Agree service performance targets with ICT Assurance leadership and provide regular progress reports.
o Develop and implement an annual operational plan for the section.
o Delegate responsibilities and deploy staff according to skills; monitor plans and adjust as required.
o Ensure compliance with legal, regulatory and statutory performance requirements; manage budgets and quality/performance management systems; investigate complaints and incidents; establish quality assurance systems.
* Leadership
o Provide leadership and direction ensuring performance standards are achieved; promote the authority’s ethos and customer focus; foster a culture of high performance and continuous improvement; lead security incident response; train staff on cyber security risks; encourage teamwork and innovation; manage staff development and appraisals.
* Building Relationships and Working with Others
o Build and maintain effective stakeholder relationships and internal communications; collaborate with partner organisations and external stakeholders; engage staff, schools and the public on major changes; identify opportunities for joint working with external agencies to improve efficiency and consistency.
Section-specific responsibilities
The following outlines key responsibilities; it is not exhaustive.
* Establish a management framework to initiate and manage information security for the ICT function and EA programmes.
* Establish structure to prepare, approve and implement information security policy for EA solutions.
* Allocate information security responsibilities and establish documentation controls.
* Devise and implement appropriate security measures and incident management/disaster recovery procedures.
* Evaluate supplier security responses, project risk, and ongoing implementation risk; promote security awareness and measure improvement.
Evaluate, Maintain
* Supervise compliance with security policy and SLAs; conduct regular audits of technical security; monitor CSFs and KPIs for information security.
* Improve security arrangements and pursue continual service improvement; work towards ISO/IEC 27001 certification.
This job description provides a broad outline and is not exhaustive. Other duties may be assigned by the Head of ICT Assurance in consultation with the post-holder.
In accordance with Section 75 of the Northern Ireland Act (1998), the post-holder is expected to promote good relations and equality of opportunity and to observe equality legislation.
To view the summary of terms and conditions for this post, click here.
PERSON SPECIFICATION
NOTES TO JOB APPLICANTS
1. Demonstrate, on the application form, how you meet essential and desirable criteria. 2. Demonstrate by the closing date. 3. Stage and criteria are outlined in the application process. 4. Shortlisting may reserve the right to limit applicants. 5. If necessary, desirable criteria may be applied at shortlisting.
Section 1 - Essential Criteria
Hold a Bachelor’s Degree (UK Level 6) or equivalent in IT-related field. Hold an information security qualification (CISSP or CISM) or be willing to achieve within 12 months. Two years’ experience in information security roles, including governance, risk management and applying controls.
* Knowledge of current and anticipated cyber security challenges and frameworks (ISO/IEC 27001/02, ITIL, COBIT, NIST, CAF).
* Understanding threat and risk assessment methodologies.
* Ability to work outside standard hours; access to a vehicle or acceptable alternative transport for mobility requirements.
Section 2 - Essential Criteria
The following criteria will be measured during interview/selection.
* Knowledge of challenges facing the Education Sector and information security governance/models; experience with protective monitoring, compliance monitoring, policy development and incident response.
* Ability to prioritise, make risk-based decisions and manage supplier assurance processes.
* Excellent communication and presentation skills; analytical mindset; ability to work under pressure; strong collaboration with stakeholders.
* Values alignment with EA ethos and commitment to equality and service excellence.
Disclosures
The Education Authority will require Enhanced Disclosure of Criminal Background for roles involving regulated activity. You will be required to meet the cost of the disclosure. For more information see nidirect.gov.uk or justice-ni.gov.uk.
APPLICANT GUIDANCE
Guidance notes and information about benefits are available; please refer to the EA website.
The Education Authority is an Equal Opportunities Employer
#J-18808-Ljbffr