This role forms part of the University IT operational management team providing strategic and operational delivery of the University’s Information Security and operational services.
The role holder will be responsible for the delivery of Information Security Operation services, processes, and policies for the University, including technical, people management, financial and quality aspects.
The role holder will work with the University IT Leadership management team to ensure the confidentiality, integrity, and availability of the University's digital data, systems, networks, and other sensitive information.
Duties and Responsibilities
Key Duties
- Operational lead for University Information Security and Operations services, responsible for the development, implementation and compliance of information security policies, procedures, and guidelines to mitigate risks and ensure compliance with information security industry standards and regulations.
- Able to act as the principal advisor on Information Security operational practices both within and outside University, assessing the University’s security posture, identify vulnerabilities and potential threats, and develop strategies to mitigate those risks.
- Responsible for the creation and update of University Cyber and IT Security policy and other relevant procedures.
- Lead and maintain an effective response to IT security incidents, promote security awareness training, and collaborate with stakeholders across the University to foster a culture of cyber security awareness.
- Maintain an effective IT Security incident response plan for complex and high impact incidents. Co-ordinating teams in problem solving and liaising with external parties including law enforcement and sector bodies where required.
- Raise awareness of security threats, promote a culture of security consciousness, and promote ongoing training to address evolving threats and technologies.
- Identify and propose solutions for Information security operational problems, ensuring proposals consider implications for the University, IT technology, and do not limit future choice.
- Maintain relationships with 3rd party security operations centre providers to conduct technical security reviews, vulnerability assessments, security updates and threat analysis.
- Provide technical project support to IT programmes of works to ensure compliance with information security policies and procedures.
- Be aware of emerging trends and technologies, continuously update knowledge of emerging security threats, technologies, and industry trends, attend conferences, participate in professional forums, and engage in continuous learning to remain current and apply best practices in the role.
Person Specification
Essential Criteria
Qualifications and Education
- Significant Information Security operations experience gained at a senior management level within a complex IT environment with a clear track record of successful delivery.
- Degree level education in technology and/or business management (or qualified by experience to run large scale technology centric operation).
Knowledge, Skills and Experience
- Experience in implementing Information Security Governance, Risk and Compliance across the business, enforcing compliance with key data and security policies gained in a complex IT environment with a clear track record of successful delivery.
- Advanced professional understanding of modern IT technology and its application in a University/IT services type environment including awareness of current and future trends.
- Proven experience of managing 3rd party Security Operations Provider(s) (SOC) to develop support processes; assessing security incident reports; and developing and implementing recommendations from IT security audits.
- Proven management experience of delivering IT Security technologies, policies, processes and services to ISO27000, NIST or Cyber Essentials standards.
- Proven management experience of capturing, analysing, and remediating IT security risks, identified through penetration testing, simulation exercises, and scenario planning.
- Experience in leadership of major incident/crisis management scenarios including IT disaster recovery and business continuity.
- Experience of leading and managing teams in a large and complex organisation to deliver a high-quality service.
- Proven experience of creating, leading and managing a team through change, with an adaptable, open, approachable and collaborative style whilst building and maintaining strong relationships with the key stakeholders during a complex change process.
- Excellent interpersonal skills that build trust and create mutually beneficial relationships with a wide range of people and partners.
- Outstanding communication and negotiating skills, in verbal or written form, that effectively engage, persuade, and influence a wide range of individuals and groups.
Desirable Criteria
- Qualification in Information Security Management, such as CISMP – Certificate in Information Security Management Principles.
- Degree level education in technology and/or business management (or qualified by experience to run large scale technology centric operation).
- Direct University IT experience and/or other public sector experience but ideally with some non-public service sector exposure.
Additional Information
Key Duties Continued:
- Implement HR processes and guidelines for managing performance including complex and challenging welfare issues and disciplinary/grievance proceedings as necessary.
- Develop, with the senior leadership team, the departmental annual budget, and longer-term forecasts. Manage an operational budget, making autonomous decisions about areas of all expenditure.
- Demonstrate continuous commitment to and planning of professional development and training for staff within the remit of the role, improving capabilities where required, motivating and mentoring team managers to meet current and future demands of the service.
Operational
- Plan, implement and manage an effective programme of vulnerability and compliance assessment for IT systems and processes using both University and external supplier resources, to identify and remediate information security and cyber risks in the operation of business processes and arising from IT-enabled change.
- Responsible for all Information and Cyber Risk Management processes and procedures, ensuring all information security and cyber risks are recorded in the board level risk registers.
- Report issues and non-compliances to IT Board level, proposing and monitoring actions to resolution.
- Maintain awareness of developments in Cyber and Information Security to understand trends, threats, potential controls, and new technologies, actively participating in and supporting appropriate sector Cyber Security communities.
- Provide monthly information security operational dashboards to highlight common trends and threats relevant to the University.
- Conduct electronic discovery and digital forensic investigations and scheduling and conducting Group wide vulnerability scanning, as well as phishing exercises.
- Delivering effective IT security risk identification, assessment, risk response, mitigation and control monitoring and reporting outcomes.
- Management of day-to-day operations and industry best practices within a Security Operations Center (SOC).
Networks and Co-Working
- Ensure that the Cyber and Information security needs of customers are both met and future requirements anticipated, such that University colleagues have the guidance and support they need to fulfil their roles.
- Develop relationships with customers, suppliers and partners at senior management level, influencing external developments at sector and national level to the benefit of the University.
- Liaise with external parties including law enforcement and sector bodies where required.
- To develop and sustain a range of internal and external partnerships and collaborations to the reputation and profile of university.
General Duties
- Maintain a high level of understanding in legislation and standards relevant to Cyber Security, including PCI-DSS, UK Data Protection law, EU GDPR, ISO 27000 and Cyber Essentials.
- Maintain or where necessary develop a high level of understanding in relevant IT Security technology concepts.
- Abide by all University policies and procedures – ensuring that they are up to date with any changes to these and that these are cascaded to all staff.
- Perform other duties occasionally which are not included above, but which will be consistent with the role.
Salary Range Min.
59,241
Salary Range Max.
64,914
Job Category
Information Technology, Security
Grade
Grade 8
#J-18808-Ljbffr