Social network you want to login/join with:
Infrastructure Security Officer - 2 posts, Belfast
Client: Education Authority
Location: Belfast, United Kingdom
Job Category: Other
EU work permit required: Yes
Job Reference: ef56ab5acefb
Job Views: 4
Posted: 03.03.2025
Expiry Date: 17.04.2025
Job Description:
JOB PURPOSE
* To align IT security with business objectives and ensure that the confidentiality, integrity and availability of EA’s assets, information, data and IT services supports the organisation to achieve corporate objectives.
* To protect the interests of those relying on information, and the systems and communications that deliver the information, from harm resulting from failures of confidentiality, integrity and availability.
* The objectives of the post will be met when:
- Information is observed by or disclosed to only those who have the right to know (confidentiality)
- Information is complete, accurate and protected against unauthorised modification (integrity)
- Information is available and usable when required, and the systems that provide it can appropriately resist attacks and recover from or prevent failures (availability)
- Business transactions, as well as information exchanges between enterprises, or with partners, can be trusted (authenticity and non-repudiation)
Leadership and management responsibilities
The Networks & Infrastructure Security Officer has the following leadership responsibilities for this portfolio of services:
Setting Vision and Strategy
* Work with the Infrastructure Architect to establish, maintain and communicate a clear and compelling strategic direction for information security across EA.
* Contribute to the development of a strategic plan for cyber security and contribute to the development of an Infrastructure business plan.
* Translate the corporate vision into ICT Infrastructure specific initiatives.
* Contribute to the regionalisation and transformation of the section, and all related processes and procedures.
* Contribute to the development and implementation of new policies in line with strategic direction and other public sector/cyber security organisations.
* Contribute to the management of the scope of services being implemented by EA projects and 3rd party suppliers.
* Challenge conventional approaches, harness new approaches and technology and maximise efficiencies.
Managing the Organisation to Deliver
* Manage service delivery effectively to ensure that the section achieves the highest possible standards of performance and focuses on the needs of internal and external customers.
* Agree service performance targets with the Head of Networks & Infrastructure and other EA ICT Heads of Service and provide regular progress reports at potentially Board Level.
* Develop, agree and implement a robust annual operational plan for the section relevant to cyber security policies and procedures.
* Delegate responsibilities and deploy staff according to their skills and abilities to meet the needs of the section.
* Regularly monitor and review plans and make adjustments as required.
* Manage and continuously improve the section to ensure delivery against performance targets, and to ensure that best value for money is achieved.
* Ensure that the service contributes to overall Directorate and Corporate performance as appropriate and provide update reports as required.
* Ensure that the Head of Networks & Infrastructure receives high quality service-specific advice.
* Apply resources effectively across the section to maximise the delivery of front-line services.
* Ensure compliance with relevant legal, regulatory and statutory performance requirements.
* Manage the relevant ICT Infrastructure section budgets in accordance with all relevant financial policy and procedures.
* Contribute effectively to quality and performance management systems and ensure that the section is being managed as per the requirements of these systems.
* Investigate all complaints and adverse incidents where outcomes are below expected standards.
* Establish effective and rigorous quality assurance systems to maintain high standards.
Leadership
* Work closely with the Infrastructure Architect to provide the section with leadership and direction ensuring that corporate, directorate and service performance standards are achieved.
* Promote the ethos and values of the authority and ensure that the section is focused on customer needs.
* Foster a culture that supports achievement of the authority’s Strategic Plan by role modelling core values and leadership behaviours to staff in the section.
* Lead/manage and communicate change and improvement initiatives within the section.
* Lead, manage and develop staff within the section.
* Train relevant Education Authority staff on cyber security risks.
* Encourage staff involvement and engagement in the strategic development and operational delivery of the section.
* Actively encourage teamwork and self-development, and create opportunities to maximise individuals’ potential, stimulate innovation and connection at all levels with front line services.
* Promote a positive culture of performance management within the section through individual and small-team accountability. Foster a culture of constructive feedback and learning, and a genuine commitment to regular and effective appraisals.
* Prepare and deliver reports on behalf of the Head of Networks & Infrastructure as required.
Building Relationships and Working with Others
* Build and maintain effective, professional and respectful stakeholder relationships.
* Ensure efficient and effective internal communication with staff in the section.
* Work closely with partner organisations, the Infrastructure Architect and colleagues to benchmark services and lead/manage and monitor change.
* Build and maintain effective working relationships and clear lines of communication with the Head of ICT Networks & Infrastructure and Heads of Service within the Directorate and in other Directorates.
* Develop and maintain clear lines of communication and effective working partnerships with relevant external stakeholders and service user groups.
* Lead on/manage engagement with staff, schools and the public on major changes in the service that may affect them.
* Work with external agencies; for example, education sector partner organisations, to identify opportunities for joint working that might bring greater consistency across the sector, and/or improve efficiency and effectiveness of service delivery.
Section-specific responsibilities
The following list provides an outline of the key responsibilities. It does not, however, represent a comprehensive list of tasks.
Control
* Establish a management framework to initiate and manage information security for the ICT function and EA Programmes and deliverables within the context of the Networks & Infrastructure Service.
* Establish an organisational structure to prepare, approve and implement the information security policy for EA systems and solutions.
* Allocate information security responsibilities within the context of the Networks & Infrastructure Service.
* Establish and control information security documentation.
Plan
* Devise and recommend appropriate security measures, based on an understanding of the requirements of the organisation.
* Work closely with the Infrastructure Architect to design solutions which meet the wider needs of the Networks & Infrastructure Service.
* Gather requirements from such sources as business and service risk, plans and strategies, service and operational level agreements, and legal, moral and ethical responsibilities for information security.
* Consider factors such as the amount of funding available and the prevailing organisational culture and attitudes to security.
* Contribute to the upkeep of the information security policy as an organisation wide document, not just applicable to ICT.
* Develop a threat and risk assessment to inform the development of security requirements.
Implement
* Ensure that appropriate procedures, tools and controls are in place including security policies, incident management and disaster recovery.
* Lead on the installation, commissioning and maintenance of systems designed to provide security, resilience, disaster recovery capabilities, and cyber recovery capabilities.
* Determination of a clear and agreed policy, integrated with the needs of the business.
* Establish security procedures that are justified, appropriate and supported by senior management.
* Provide effective marketing and education in security requirements.
* Evaluate supplier security responses, technical designs and supplier operating models.
* Evaluate ongoing project implementation risk.
* Develop IT vulnerability assessment plans and scopes for new systems and services.
* Promote security awareness by developing and implementing a security awareness and training programme.
* Establish a mechanism for measuring and managing improvement.
Evaluate
* Supervise and check compliance with the security policy and security requirements in service and operational level agreements, and in underpinning contracts with suppliers.
* Carry out regular audits of the technical security of IT systems during and post implementation.
* Provide information to external auditors and regulators as required.
* Monitor Critical Success Factors (CSFs) and Key Performance Indicators (KPIs) for information security.
Maintain
* Improve security arrangements as specified in service and operational level agreements and other documentation.
* Improve the implementation of security measures and controls.
* Carry out continual service improvement in relation to information security.
* Work towards independent certification against ISO/IEC 27001.
#J-18808-Ljbffr