Qualifications required for post: University degree or equivalent preferably in Computer Science or Business Administration. Evidence of Continuing Professional Development and a relevant professional qualification.
Experience required for post:
Substantial practical experience at a senior level of information security management in a large complex organisation.
Experience in working with senior management and stakeholders to ensure successful change programmes.
Practical experience in the leadership and management of staff, both IT and non-IT.
Proven experience of managing the challenges involved in a complex IT environment, resolving complex issues, meeting conflicting demands and ensuring you can demonstrate you have the knowledge of the latest IT thinking and threat modelling methods.
Overall purpose of post: The fundamental responsibility of this role is to drive the successful delivery of an information security management service. To achieve that this role has overall responsibility for creating and implementing a strategy for the deployment of information security management services and technologies.
1. Strategy and Planning
Creating, communicating and maintaining the vision and strategy for IT security management to ensure cross-department buy-in to the necessary processes.
Managing the daily operation and implementation of the IT security management strategy.
Conducting a continuous assessment of current IT security management practices and systems and identifying areas for improvement.
Delivering new information security technology approaches (network to endpoint devices) and implementing next generation services.
Ensuring the University meets its information compliance and governance requirements according to the current legislation and organizational best practice. Maintaining ISO27001 certification.
Developing and implementing business continuity plans to ensure service is continuous when a change programme is introduced or a security breach occurs or in the event that the disaster recovery plan needs to be triggered.
Devising strategies and implementing IT solutions to minimise the risk of cyber-attacks.
Communicating digital programmes and strategy to a range of stakeholders.
Being an active member of the IT Services executive management team.
Information risk identification, analysis and management.
Establish effective relationships across the University and with appropriate external organisations where necessary to ensure that the information security management service is delivered successfully and IT Services are continually improved.
Creating and managing a security operations centre service within the team to ensure horizon scanning for threats and appropriate responses are delivered in a timely, efficient and effective way.
Benchmarking performance against the sector.
Incorporating financial considerations into the development of the service, making recommendations and ensuring buy-in to deliver the service on-budget.
Reviewing and reporting the overall service costs, escalating budget risks and supporting the resolution of cost issues.
3. Operational duties
Performing IT security risk assessments and reporting on ways to minimise threats.
Monitoring security vulnerabilities and hacking threats in network and host systems.
Tracking latest IT security management innovations and keeping abreast of latest cyber security technologies and services.
Communicating with key stakeholders about IT security management threats.
Enhancing the process for the reporting of security management incidents.
Overseeing the investigation of reported security breaches.
Developing strategies to handle security incidents and trigger investigations.
Managing the information security management team, security experts and advisors.
Managing the network services team.
Managing the client devices development team.
Complying with the latest regulations and compliance requirements.
Championing and educating the organisation about the latest information security strategies technologies and services.
Protecting the intellectual property of the University at all times.
Chairing University's Information Security Working Group and Data Interest & GDPR Working Group
LA International Computer Consultants Ltd is an HMG Approved Consultancy and operates as an IT & Engineering Consultancy or as an Employment Business & Agency, depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, we welcome applications from all sections of the community and from people with diverse experience and backgrounds.
Award Winning LA International Computer Consultants Ltd (Recruiter Awards for Excellence - Best IT, Best Public Sector & Gold Awards) and the most prestigious award that any business can receive The Queens Award for Enterprise: International Trade 2015.