Job Description
Reports to: Security Operations Lead
Responsible for: The IT Security Officer will be responsible for leading all aspects of cyber security for ICT services to schools and across EA directorates. The IT Security Officer will be responsible for the development and maintenance of cyber security policies, supplier assurance activities and identification of corporate information security risks. The IT Security Officer will engage with other public sector and cyber security organisations and may manage and lead a small number of employees within the ICT Assurance service. The IT Security Officer will liaise with ICT Assurance leadership on existing information security issues to ensure consistency across EA service areas.
Job purpose
* To align IT security with business objectives and ensure that the confidentiality, integrity and availability of EA’s assets, information, data and IT services supports the organisation to achieve corporate objectives.
* To protect the interests of those relying on information, and the systems and communications that deliver the information, from harm resulting from failures of confidentiality, integrity and availability.
* The objectives of the post will be met when:
o Information is observed by or disclosed to only those who have the right to know (confidentiality)
o Information is complete, accurate and protected against unauthorised modification (integrity)
o Information is available and usable when required, and the systems that provide it can appropriately resist attacks and recover from or prevent failures (availability)
o Business transactions, as well as information exchanges between enterprises, or with partners, can be trusted (authenticity and non-repudiation)
Leadership and management responsibilities
The IT Security Officer has the following leadership responsibilities for this portfolio of services:
* Setting Vision and Strategy
o Work with the ICT Assurance leadership to establish, maintain and communicate a clear and compelling strategic direction for information security across EA.
o Contribute to the development of a strategic plan for cyber security and lead on the development of an ICT Assurance business plan.
o Translate the corporate vision into ICT Assurance specific initiatives.
o Lead the regionalisation and transformation of the section, and all related processes and procedures.
o Contribute to the development and implementation of new policies in line with strategic direction and other public sector/cyber security organisations.
o Contribute to the management of the scope of services being implemented by EA projects and 3rd party suppliers.
o Challenge conventional approaches, harness new approaches and technology and maximise efficiencies.
Managing the Organisation to Deliver
* Manage service delivery effectively to ensure that the section achieves the highest possible standards of performance and focuses on the needs of internal and external customers.
* Agree service performance targets with ICT Assurance leadership and other EA ICT leaders and provide regular progress reports to all levels of leadership.
* Develop, agree and implement a robust annual operational plan for the section.
* Delegate responsibilities and deploy staff according to their skills and abilities to meet the needs of the section.
* Regularly monitor and review plans and make adjustments as required.
* Manage and continuously improve the section to ensure delivery against performance targets, and to ensure that best value for money is achieved.
* Ensure that the service contributes to overall Directorate and Corporate performance as appropriate, and provide update reports as required.
* Ensure that ICT Assurance leadership receives high quality service-specific advice.
* Ensure compliance with relevant legal, regulatory and statutory performance requirements.
* Manage the relevant ICT Assurance section budgets in accordance with all relevant financial policy and procedures.
* Contribute effectively to quality and performance management systems and ensure that the section is being managed as per the requirements of these systems.
* Investigate all complaints and adverse incidents where outcomes are below expected standards.
* Establish effective and rigorous quality assurance systems to maintain high standards.
Leadership
* Work closely with ICT Assurance leadership to provide the section with leadership and direction ensuring that corporate, directorate and service performance standards are achieved.
* Promote the ethos and values of the authority and ensure that the section is focused on customer needs.
* Foster a culture that supports achievement of the authority’s Strategic Plan by role modelling core values and leadership behaviours to staff in the section.
* Lead/manage and communicate change and improvement initiatives within the section.
* Lead, manage and develop staff within the section.
* Train all Education Authority staff on cyber security risks.
* Encourage staff involvement and engagement in the strategic development and operational delivery of the section.
* Actively encourage teamwork and self-development, and create opportunities to maximise individuals’ potential, stimulate innovation.
* Promote a positive culture of performance management within the section through individual and small-team accountability. Foster a culture of constructive feedback and learning, and a genuine commitment to regular and effective appraisals.
* Lead and manage security incident response efforts.
Building Relationships and Working with Others
* Build and maintain effective, professional and respectful stakeholder relationships.
* Ensure efficient and effective internal communication with staff in the section.
* Work closely with partner organisations, ICT Assurance leadership and colleagues to benchmark services and lead/manage and monitor change.
* Build and maintain effective working relationships and clear lines of communication with the Head of ICT Assurance and Heads of Service within the Directorate and in other Directorates.
* Develop and maintain clear lines of communication and effective working partnerships with relevant external stakeholders and service user groups.
* Lead on/manage engagement with staff, schools and the public on major changes in the service that may affect them.
* Work with external agencies; for example, education sector partner organisations, to identify opportunities for joint working that might bring greater consistency across the sector, and/or improve efficiency and effectiveness of service delivery.
Section-specific responsibilities
The following list provides an outline of the key responsibilities. It does not, however, represent a comprehensive list of tasks.
* Establish a management framework to initiate and manage information security for the ICT function and EA Programmes and deliverables.
* Establish an organisational structure to prepare, approve and implement the information security policy for EA solutions.
* Allocate information security responsibilities.
* Establish and control information security documentation.
Plan
* Devise and recommend appropriate security measures, based on an understanding of the requirements of the organisation.
* Gather requirements from business and service risk, plans and strategies, service and operational level agreements, and legal, moral and ethical responsibilities for information security.
* Consider factors such as funding and organisational culture and attitudes to security.
* Upkeep of the information security policy as an organisation-wide document, not just ICT.
* Develop a threat and risk assessment to inform the development of security requirements.
Implement
* Ensure that appropriate procedures, tools and controls are in place including security policies, incident management and disaster recovery.
* Establish security procedures that are justified, appropriate and supported by senior management.
* Evaluate supplier security responses, technical designs and supplier operating models.
* Evaluate ongoing project implementation risk.
* Develop IT vulnerability assessment plans and scopes for new systems and services.
* Promote security awareness by developing and implementing a security awareness and training programme.
* Establish a mechanism for measuring and managing improvement.
Evaluate
* Supervise and check compliance with the security policy and security requirements in SLAs and underpinning contracts with suppliers.
* Carry out regular audits of the technical security of IT systems during and post-implementation.
* Monitor CSFs and KPIs for information security.
Maintain
* Improve security arrangements as specified in SLAs and other documentation.
* Improve the implementation of security measures and controls.
* Carry out continual service improvement in relation to information security.
* Work towards independent certification against ISO/IEC 27001.
This job description provides a broad outline of responsibilities and is not exhaustive. Other reasonable duties may be assigned by the Head of ICT Assurance in consultation with the post-holder.
In accordance with Section 75 of the Northern Ireland Act (1998), the post-holder is expected to promote good relations, equality of opportunity and pay due regard for equality legislation at all times.
To view the summary of terms and conditions for this post, click here.
Person specification
Notes to job applicants
1. You must clearly demonstrate on your application form under each question how, and to what extent you meet the required criteria as failure to do so may result in you not being shortlisted.
2. You must demonstrate how you meet the criteria by the closing date for applications, unless the criteria state otherwise.
3. The stage in the process when the criteria will be measured is outlined in the table below.
4. Shortlisting will be carried out on the basis of the essential criteria set out in Section 1 below, using the information provided by you on your application form.
5. The Selection Panel reserves the right to shortlist only those applicants that it believes most strongly meet the criteria for the role.
6. In the event of an excessive number of applications, the Selection Panel also reserves the right to apply any desirable criteria as outlined in Section 3 at shortlisting.
Section 1 – Essential Criteria
Hold a Bachelor’s Degree (UK Qualification and Credit Framework Level 6) or equivalent in an IT-related field; hold an information security qualification (CISSP or CISM) or willingness to achieve within 12 months.
Two years’ demonstrable experience in information security roles, including:
* Implementation of governance and risk management frameworks
* Management/design of information security enforcing controls
Knowledge of current and anticipated cyber security challenges and frameworks (ISO27001/02, ITIL, COBIT, NIST, CAF) and threat/risk assessment methodologies.
Work may require outside standard hours and mobility; access to a suitable vehicle or alternative transport to meet mobility requirements.
Section 2 – Essential Criteria
The following are additional essential criteria assessed during interview and aligned to EA’s Game Changing People Model.
Demonstrable knowledge of current challenges facing the Education Sector and information security governance, including protective monitoring, compliance monitoring, policy development, and incident response.
Demonstrable experience prioritising objectives and making risk-based decisions; knowledge of supply chain risk management and supplier assurance processes.
Skills/Abilities: Excellent communication, analytical thinking, ability to work under pressure on multiple objectives, strong collaboration, and incident response capabilities.
Values orientation: alignment with EA values; commitment to equality and service delivery.
Disclosures
The Safeguarding Vulnerable Groups (Northern Ireland) Order 2007 applies. Enhanced Disclosure may be required for regulated activity; you will be expected to meet the cost.
Further information: nidirect.gov.uk orjustice-ni.gov.uk.
Applicant guidance
Guidance notes and benefits information are available through the EA website.
Equal opportunities
The Education Authority is an Equal Opportunities Employer.
#J-18808-Ljbffr