Description
Summary
Purpose:
As System Security Manager you will operate within the (Enterprise Technology) Security & Risk team working closely with the Head of Architecture & Security and the Enterprise Security Manager. You will lead on the delivery of a range of security related services, delivering consultative security guidance and support with the goal of ensuring that IT solutions and services meet key business and security requirements.
By providing a security consultancy support service to colleagues and business stakeholders you will deliver effective and pragmatic security related advice, guidance, direction and liaison across technology and business stakeholders shaping and guiding to deliver solutions to proportionately balance security needs and desired business outcomes.
Facilitating a security consultancy service and approach to positively influence and evolve the information technology landscape across Enterprise / Assessment technology and wider AQA Group, providing overarching security oversight and compliance assurance.
Supporting the delivery of effective security strategies within Enterprise Technology and engaging with key stakeholders across Assessment Technology and wider Group entities to ensure alignment and oversight of approaches, where appropriate taking ownership of and resolving (or escalating), related issues or concerns you identify.Landscape:
The Enterprise Technology Division sits within the Group Corporate Services Office, enabling the centralised delivery of core corporate services across the AQA Group. In addition, Enterprise Technology operates in close partnership with Assessment Technology, Programme Management and AQA Group subsidiaries, collectively delivering the full IT service portfolio of current operations to future change programmes.
Due to the nature of the role and function, stakeholder engagement with colleagues / teams within other AQA UK locations may be required.
Key relationships:
Key internal (AQA Education and AQA Assessment Services Limited) relationships
AQA Divisional Heads / Cx Levels
Enterprise Technology functions
AQA Assessment Technology architecture and development teams
AQA Education business functions
Relevant subsidiaries and functions across the AQA Group
Key external relationships
Third-party technology providers
Relevant third-party service providers / suppliers
Activities:
To maintain the required knowledge and expertise across the following domain areas of security to support the delivery of appropriately secure solutions:
Physical
Infrastructure (Endpoint / Network / Cloud)
Application
Data / Information
People / Human
Develop, take ownership of, and maintain policies, procedures, guidance and standards that make up the AQA Information Security Management System, evolving them in line with business drivers and goals to establish robust yet flexible and adaptive controls.
Support the Enterprise Security Manager in the implementation and periodic refreshes of the AQA security strategy, leading on specific areas as required and actively participating, contributing, controlling and managing relevant security communities, forums and design authorities.
Directly contribute to the definition and verification of and adherence to technical security standards covering areas such as application, infrastructure, data / information and physical security, access control, system resilience / reliability / recovery and storage / network security architectures etc.
Take ownership, work with, and support business stakeholders and Enterprise Technology colleagues in the design and delivery of appropriately scoped technical security policies, processes, and procedures, ensuring that they are disseminated across all relevant areas and understood by all stakeholders and audiences.
Undertake purposeful 'horizon scanning' ensuring that AQA is positioned well to be able to benefit from emerging security technologies, architectures and standards. Research and explore opportunities for solutions to meet AQA’s business objectives and develop clear cost benefit analysis for the adoption of particular approaches.
Deliver and execute an effective timetable / schedule for the periodic security testing and auditing of systems and services. Regularly report across the IT security team and to senior management the timetable and outcomes of all security testing undertaken across AQA systems/services.
As part of the evolution of the IT strategy, establish and regularly review technology security roadmaps and associated systems life cycles ensuring that AQA is able to identify technology opportunities and manage technology and security related risks effectively.
Review all systems solutions implemented across Enterprise and Assessment Technology (and where relevant wider Group) areas of the business to ensure compliance with the IT strategy and related (Enterprise) security policies, quantifying and proposing mitigations to any risks identified through effective operation of related governance functions.
Ensure security architecture and standards maintained by security teams remain fully compliant with all statutory and regulatory legislation.
Manage delivery of scheduled periodic audits of suppliers to ensure compliance with / alignment to AQA cyber / information security, data protection and business continuity / IT disaster recovery principles, standards, governance and where applicable policies.
Deliver effective and timely advice and guidance to AQA staff and suppliers on all matters relating to cyber / information security, business continuity / IT disaster recovery and data protection acting as a security design authority for all relevant technical and operational system configuration and design changes, wherever necessary engaging with peers to ensure consistency of approach.
Provide support to the Head of Architecture & Security, the Enterprise Security Manager, and other senior managers in the assessment and compilation of departmental risks.
Guide and support peers and colleagues through transformational activities, ensuring that they continue to deliver the technical and professional standards required to ensure ongoing robust information, systems and network security is maintained and drive personal professional development to support cross skilling.
Ensure full compliance with all AQA policies and other legislative requirements, including but not limited to HSE / Equal Opportunities / Information & Cyber Security / Data Protection related legislation and policies.
Where business needs dictate, to undertake other responsibilities which are of a commensurate level and may be outside the terms of this role profile
To be successful in this role, you will need to know:
Proven senior security specialist with a strong track record of IT expertise and delivery across a number of practices within the IT industry.
Expert knowledge and understanding of Mainstream computing platforms and architectures, Operating systems, Databases, End user computing platforms, Networks and communications, Cloud computing delivery platforms (IaaS, PaaS & SaaS), Virtualisation, Integration services, architecture design standards, development methodologies.
Extensive experience of enterprise class organisations with cloud / mixed IT footprints and related modernisation of corporate architecture and application of appropriate governance.
Strong and proven expertise of operating with and within hybrid support functions - internal and external / 3rd party organisations.
Expert knowledge and understanding of implementing technical changes within legacy and modern IT estates.
Possess a broad understanding of and experience in working within programme and project management methodologies and governance.
Responsive to short-term challenges / priorities whilst holding to clear strategy and direction.
Direct experience of working and communicating effectively with peers, sponsors and business stakeholders at all levels both organisationally and across large scale programmes / IT developments.
Organises, plans and designs effectively whilst retaining focus on the bigger picture.
Ability to frame security trends and opportunities within AQA’s strategic objectives.
Proven expertise in identifying and improving high level processes and ways of working.
Aptitude for sharing and embedding best practice.
Skills to build rapport and influence across a diverse range of internal and external stakeholders.
Conversant with and able to navigate major corporate structures including regulatory environment, financial management and budgeting, programme / project delivery, information / cyber security and risk management practices.
Excellent delivery credentials, with a flexible, pragmatic “can do” attitude and a resilient ability to deliver rapid and effective solutions within a dynamic environment.