Your new company
You will be working for an organisation based in Birmingham on a hybrid basis. the requirement will be to be on-site 2-3 days a week. The role is a length of 6 months and is inside scope of IR35.
Your new role
Job Summary
* Lead and champion the development and implementation of a cyber resilience strategy and framework for the organisation, aligned with the organisation's vision, values and objectives.
* Manage and develop a team of cyber professionals, providing them with clear direction, guidance, support and performance management.
* Ensure that the organisation meets all the cyber security standards and requirements, such as PSN, Cyber Essentials, NCSC Cyber Assessment Framework, PCI-DSS, ISO27001 and any new standards that may arise.
* Monitor and report on the organisation's cyber security posture, risks, incidents and compliance, using appropriate tools and metrics.
* Chair the Cyber Security Board, which oversees the delivery of the cyber resilience improvement programme and cyber security strategy to ensure that the programme is aligned with the organisation's priorities, resources and governance.
* Manage (including establishing and monitoring) the cyber resilience budget and ensure that the organisation obtains value for money from its cyber security investments.
* Establish and maintain effective relationships with internal and external stakeholders, such as the Information Governance Team, the Senior Management Team, the Audit Committees, external auditors, suppliers and regulators.
* Provide expert advice and guidance on cyber security matters to the organisation's workforce, managers and elected members, and promote a culture of cyber awareness and best practice.
* Keep abreast of the latest cyber security trends, threats, technologies and solutions, and ensure that the council adopts and adapts to the changing cyber landscape.
* Respond to and manage any cyber security incidents or breaches and ensure that the council has a robust and tested cyber incident response plan.
Your current duties and responsibilities are:
Act as the principal, accountable and strategic lead for cyber security across the organisation
Be a full and active member of the ICT Strategic Leadership Team.
Deputise for the ICT Strategic Lead whenever necessary including attendance at meetings, report writing and the provision of professional advice.
Manage, strategically lead, coach and influence a team of cyber security professionals to ensure cyber security and resilience is robustly developed and maintained.
Develop, manage and be accountable for the organisation's Cyber Resilience Improvement Programme.
Be fully accountable and strategically manage the compliance of all required security accreditations including but not limited to IS027001, PSN Code of Connection, Cyber Essentials, NCSC Cyber Assessment Framework, PCI-DSS.
Strategically lead ICT's contribution and action ownership for the NHS's Data Security and Protection Toolkit (DSPT)
Manage the Cyber Security Programme budget and work with central government departments to seek additional grant funding as it becomes available.
Be accountable, lead and manage the development of the organisation 's cyber security strategy ensuring it is fit for purpose, reviewed and communicated via relevant governance processes.
Develop and maintain all corporate cyber related policies and strategies plus supporting Standard Operating Procedures related to cyber security ensuring these are maintained and embedded within the organisation.
Proactively contribute to wider information governance policies from a cyber and ICT perspective.
Identify and subsequently manage all cyber security risks and ensure relevant risk treatment plans are developed and delivered.
Be the organisation's lead strategic representation and contact point for working with all necessary national, regional and local cyber groups including NCSC, LGA, ROCU and WARPs
Engage proactively and strategically with all government and related agencies with national cyber security programmes e.g. DLUHC and the LGA.
Manage and take lead accountability for the response to all cyber security incidents as they occur.
Be the gold lead or be a full contributing member of any Cyber Response Team established in response to a cyber incident.
Manage the contractual relationship with the council's managed service Security Operations Centre (SOC).
Develop and present strategic business cases for cyber security investment to senior officers e.g. Directors and Councillors
Prepare and present cyber security incident reports as necessary to Elected Members, Senior Leadership Team, Service Managers and any governance board requiring their presentation.
Develop, maintain and test a full suite of Cyber Incident Response Plans.
Own, manage and maintain the ICT Disaster Recovery Plan ensuring robust testing, review and update.
Support and contribute to the council's Business Continuity Management System together with all service area business continuity plans focussing specifically on cyber security and ICT subject matters.
Strategically lead on the implementation of all new security software and services working with all relevant team managers within ICT Services.
Be the lead for ICT's close working relationship with the organisation's Information Governance Unit to ensure all cyber security policies, plans, incidents and training are aligned, robust and maintained.
Strategically lead and manage ICT's contributions to internal and external audits related to cyber security.
Provide strategic and professional cyber security guidance, consultancy and advice to the organisation as required.
Research developments, emerging threats, trends and mitigations to ensure that our ICT teams keep an up-to-date knowledge of the security threat landscape and have appropriate tools to manage and mitigate risks.
In conjunction with the ICT Programme Manager, plan and co-ordinate all strategic cyber security projects within ICT Services to ensure the availability of all necessary resources at the required time.
Plan and lead all cyber security testing, health checks and audits whenever necessary.
Manage, procure and co-ordinate all ICT Health Checks and Penetration tests which are required together with the Remedial Actions Plans which result.
Lead, develop strategies and engage with incident rehearsals and update response and recovery plans as required.
Define and communicate cyber security performance and capacity information to all levels of the organisation.
Write and manage the distribution of all communications related to all aspects of cyber security across the organisation in consultation with the Corporate Communications Team.
Contribute to and strategically lead on the cyber security aspects of the organisation's ICT Strategy whilst also influencing the overall technical direction of travel for the organisation.
What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.
If this job isn't quite right for you but you are looking for a new position, please contact us for a confidential discussion on your career.
Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk