JOB DESCRIPTION
REPORTS TO: Head of ICT Assurance
RESPONSIBLE FOR: The Security Operations Lead will be responsible for leading cyber and information security compliance within EA. The Compliance Lead will be responsible for governing and managing security operations with ICT Assurance and other applicable cyber and information security policies and standards (e.g., those issued by the NCSC). The Security Operations Lead will also be responsible for governing compliance for software licensing and for engaging with wider organisational and external compliance functions as necessary. The Security Operations Lead will be responsible for engaging with the Compliance Manager and the IT Security Officers to review the implementation of security policy and with the Network and Infrastructure teams in developing a means to monitor and measure compliance with policy for technical and procedural security controls. The Security Operations Lead will be responsible for directing and managing the ICT Assurance Security Operations team. The Security Operations Lead will be required to liaise with the Head of Service for ICT Assurance on security operations issues consistency across EA service areas, providing a core service that is critical for all other services across EA.
JOB PURPOSE
* To manage the ICT Assurance Security Operations team to design and implement information security operation activities for EA, ensuring compliance with relevant cyber and information security policies, standards and guidance.
* To develop and govern cyber incident response for the organisation, directing external and internal resources in responding to suspected security breaches and leading the subsequent root cause analysis and lessons learned reviews.
* To direct security operations activities and develop strategy to ensure that the confidentiality, integrity and availability of EA’s assets, information, data and IT services supports the organisation to achieve the corporate objectives.
The Security Operations Lead has the following service-specific responsibilities:
* Ensure that the EA applications, data and technology perspectives are in line with the EA technology and governance strategies, policies and standards.
* Establish a Security Operations management framework to monitor and manage information security controls within EA.
* Develop governance and an operational team for monitoring indicators of compromise and responding to information security incidents.
* Establish and control Security Operations with information security auditing, monitoring, and evaluation against policy, standards and guidance.
PERSON SPECIFICATION
ESSENTIAL CRITERIA
* Hold a Bachelor’s degree in an IT related field e.g Computer Science, IT or Cyber-Security and have two years experience in Cyber Security Management; OR have five years’ experience in Cyber Security management.
* Experience of operating in information security roles including a minimum of two years’ experience of a similar role with responsibility for leading ICT security operations.
* Demonstrable experience of the successful implementation and/or management of security operations team including threat detection, incident response, and continuous security improvement.
* Hold an information security related qualification e.g. CISSP or CISM.
OTHER DUTIES AND RESPONSIBILITIES APPLICABLE TO THE ROLE OF Security Operations LEAD
* Line Manage employees aligned to ICT Assurance Security Operations team.
* Provide leadership to their staff and ensure transformational changes and new structures, strategies, policies and processes for their system/service are implemented while maintaining the high standards of the Authority.
* Ensure compliance with all relevant legislation and statutory frameworks.
The list of duties is not intended to be exhaustive or exclusive. The post holder may be required to undertake various other duties as deemed necessary and commensurate with the level of responsibility of the post. The Authority reserves the right to update the Job Description to reflect the changing needs of the Service in consultation with the post holder.
The Education Authority is an Equal Opportunities Employer.
#J-18808-Ljbffr