The University At Durham University we are proud of our people. A globally outstanding centre of educational excellence, a collegiate community of extraordinary people, a unique and historic setting - Durham is a university like no other. Across the University we have a huge variety of roles and career opportunities, which together make us a large and successful community, which is a key hub of activity within our region and nationally. Whether you are at the very start, middle or end of your career, there is a role for you. We believe everyone has their own unique skills to offer. We would be thrilled if you would consider joining our thriving University. Further information about the University can be found here. Find out more about the benefits of working at the University and what it is like to live and work in the Durham area on our Why Join Us? - Information Page. The Role and the Department The Computing and Information Services (CIS) has an annual operational budget in excess of £27m, including multi-million-pound programmes of change within year, and approximately 172 staff. The Senior Leadership Team report directly to the Chief Information Officer (CIO) with the following portfolios: o Strategy and Change. o Technical Services. o Information Services. o Cyber Security. CIS work with departments across the university to provide academic, teaching and administrative services that underpin the day-to-day activities of the whole organisation. Details of the Digital Strategy and ongoing work can be found at Digital Strategy - Durham University CIS is a friendly, but demanding department, where much is expected and can be achieved by competent, self-motivated individuals who are demonstrable in their teamwork and ability. The department works in a hybrid capacity, depending on the job role. The CIS security team have many functions across the organisation including o Help detect IT security vulnerabilities and assist system owners with appropriate remediation. o Operate and improve security tools and protections, securing University networks, systems, users and assets from malicious activity. o Working with colleagues and external partners to detect and respond to cyber security alerts, incidents and reports o Respond rapidly and effectively to cyber security alerts and incidents, managing them in a professional manner. o Keep up to date with security trends, threats and protective measures. o Operate and improve cyber security processes and playbooks to ensure efficient and standardised activity. o Share security best practice, principles and standards. o Assist with activities to maintain the day-to-day operation and on-going development of Computing and Information Services (CIS) services and solutions. Working Hours: 35 Hour Week The University is piloting hybrid working and is flexible to remote working for this role. Flexibility to cover 8am-6pm and work out of hours may be required on occasion Further information about the role and the responsibilities is at the bottom of this job description. Working at Durham A competitive salary is only one part of the many fantastic benefits you will receive if you join the University: • You'll receive 27 days annual leave per year in addition to 8 public holidays and 4 customary days per year - a total of 39 days. The University closes between Christmas and New Year. • No matter how you travel to work, we have you covered. We have parking across campus, a cycle to work scheme which helps you to buy a bike and discount with local bus and train companies. • You can access exclusive discounts via our benefits portal including money off at supermarkets, high street retailers, IT products such as Apple, eating out and days out at various attractions. • Our on-site nursery is rated Outstanding by Ofsted, and you can access holiday camps for children aged 5-16. • We provide wide-ranging health and wellbeing support including discounted membership for our state-of-the-art sport and gym facilities and access to a 24-7 Employee Assistance Programme. • We offer all staff the opportunity to take part in volunteering activities to make a difference to the local community. • Our family friendly policies, including maternity and adoption leave, are among the most generous in the higher education sector (and likely above and beyond many employers). • If you are keen on advancing in your role or career, we have a genuine passion for developing our colleagues from qualifications to IT skills, courses and apprenticeships. • We offer generous pension schemes with varying contribution amounts to help you plan for your future. Discover more about our total rewards and benefits package here. Durham University is committed to equality, diversity and inclusion Our collective aim is to create an open and inclusive environment where everyone can reach their full potential and we believe our staff should reflect the diversity of the global community in which we work. As a University equality, diversity, and inclusion (EDI) are a key part of the University's Strategy and a central part of everything we do. We also live by our values and our Staff Code of Conduct. At Durham we actively work towards providing an environment where our staff and students can study, work and live in a community which is supportive and inclusive. We welcome and encourage applications from members of groups who are under-represented in our work force including people with disabilities, women and black, Asian and minority ethnic communities. If you have taken time out of your career, and you feel it relevant, let us know about it in your application. If you are a candidate with a disability, we are committed to ensuring fair treatment throughout the recruitment process. We will make adjustments to support the interview process wherever it is reasonable to do so and, where successful, reasonable adjustments will be made to support people within their role. What you need to demonstrate when you apply/Person Specification When you apply it is important that you let us know what skills/experience you have from a similar role and/or what skills/experience you have which would make you right for this role. Further information about the role and responsibilities is at the end of this job description. Where a criteria has an asterisk* next to it, it may be given additional weighting when your application is considered. Your application should cover the following criteria: Essential Criteria Qualifications/Experience 1. Five GCSE's at least Grade C or level four (or equivalent) including English Language and Mathematics or a Post-16 qualification or equivalent experience. 2. Have been awarded a higher education qualification or have equivalent working experience. 3. Experience of working within a team to ensure the delivery of high-quality services. 4. Experience of contributing to the delivery of IT provision 5. Experience of providing advice and guidance to a range of customers and colleagues and knowing when to refer to a supervisor. 6. Experience of managing time to meet deadlines. Skills/Abilities/Knowledge 7. Broad IT Knowledge and specialist expertise in security, particularly vulnerability management, patching, risk assessment and device health monitoring. 8. Demonstrable knowledge of the wider security threat landscape and issues. 9. Ability to solve problems and resolve issues, plan solutions and make pragmatic decisions. 10. Ability to follow instructions, written or oral, accurately. 11. Excellent spoken and written communication skills and the ability to develop effective working relationships, both internally and externally. 12. Strong digital competence across a range of digital devices, applications or systems. 13. Committed to continuing professional development. Desirable Criteria 1. Knowledge of Windows & Linux server operating systems and TCP/IP networks. 2. Experience performing risk assessments and recommending mitigating controls, preferably in the vulnerability management space. 3. Awareness of aspects of GDPR and the Data Protection Act 2018. How to apply To progress to the assessment stage, candidates must evidence each of the essential criteria required for the role in the person specification above. Where there are desirable criteria we would also urge you to provide any relevant evidence. Please don't forget to check if there is any weighted criteria (see above). While some criteria will be considered at the shortlisting stage, other criteria may be considered later in the assessment process, such as questions at interview. Submitting your application We prefer to receive applications online. We will update you about your application at various points during the process, via automated emails from our e-recruitment system. Please check your spam/junk folder periodically to ensure you receive all emails What you are required to submit: 1. A CV 2. A supporting statement which clearly outlines how you meet all of the Essential criteria within the Person Specification (above); when submitting evidence of each essential criteria, please ensure you use the essential criteria wording as the section heading; 3. A cover letter Contact details If you would like to have a chat or ask any questions about the role, we would be happy to speak to you. Mark.townley@durham.ac.uk, neil.lough@durham.ac.uk or gary.foster@durham.ac.uk Typical Role Requirements Service Delivery Show a commitment to equality, diversity and inclusion and the University's values. Apply technical knowledge and skills to monitor and analyse emerging vulnerabilities, threats and exploits, understand and prioritise addressing the risks posed to the organisation. Monitor current patched state of our estate and make recommendations to the service owners. Work with service owners, teams and departments to understand, report on and help them work towards best practice for patching and vulnerability management. Apply recognised professional procedures and techniques, to ensure the security, safety, integrity and viability of IT facilities and components and apply agreed CIS standards and tools as required to achieve quality deliverables. Document all work in accordance with agreed team and CIS standards and assist in the documentation of approved changes in accordance with CIS's change management policy. Respond to queries and requests for information and advice, including identifying appropriate actions to take, and escalate more specialist and complex queries or issues to more experienced team members. Where required, provide necessary support, instruction and advice to other team members on relevant aspects of the role. Capture and share information/ data with relevant colleagues, networks and committees. Ensure that data is accurate and provide reports and analysis of patterns and trends to senior colleagues as required. Planning and Organising Plan and organise own workload to deliver the role. Organise and schedule resources, activities and events as well as working closely with more senior colleagues to support them in undertaking support and security activities. Monitor processes and activities to ensure team priorities are met. Teamwork Assist colleagues to achieve operational service requirements, planning, carrying out and documenting evaluations and tests to ensure stakeholder requirements are met. Collaborate with team members to review and implement processes, policies and toolset to make sure the best possible service is provided. Make changes to the services provided by your team in discussion with other team members. Identify opportunities and contribute to decisions on how to improve services being delivered by the team. Communications/Liaison Use your knowledge and expertise to provide advice and guidance to resolve problems and respond to a wide range of queries. Explain and demonstrate tasks to others within and outside the team to ensure that security tools are used correctly. Create good working relationships with other team members and anyone else that you come across as part of your role to work together on joint activities to improve our security posture and increase efficiency. Create good working relationships with other team members and anyone else that you come across as part of your role to work together on joint activities. Create good working relationships with internal and external partners and suppliers to work together on joint activities. Build relationships with contacts and contribute to internal and external networks to share good practice and exchange information. Any other reasonable duties. Please note that in submitting your application Durham University will be processing your data. We would ask you to consider the relevant University Privacy Statement Privacy Notices - Durham University which provides information on the collation, storing and use of data. When appointing to this role the University must ensure that it meets any applicable immigration requirements, including salary thresholds which are applicable to some visas