ICT Assurance Security Operations Lead
JOB DESCRIPTION
REPORTS TO: Head of ICT Assurance
RESPONSIBLE FOR: The Security Operations Lead will be responsible for leading cyber and information security compliance within EA. The Compliance Lead will be responsible for governing and managing security operations with ICT Assurance and other applicable cyber and information security policies and standards (e.g., those issued by the NCSC). The Security Operations Lead will also be responsible for governing compliance for software licensing and for engaging with wider organisational and external compliance functions as necessary. The Security Operations Lead will be responsible for engaging with the Compliance Manager and the IT Security Officers to review the implementation of security policy and with the Network and Infrastructure teams in developing a means to monitor and measure compliance with policy for technical and procedural security controls. The Security Operations Lead will be responsible for directing and managing the ICT Assurance Security Operations team. The Security Operations Lead will be required to liaise with the Head of Service for ICT Assurance on security operations issues consistency across EA service areas, providing a core service that is critical for all other services across EA.
JOB PURPOSE
- To manage the ICT Assurance Security Operations team to design and implement information security operation activities for EA, ensuring compliance with relevant cyber and information security policies, standards and guidance.
- To develop and govern cyber incident response for the organisation, directing external and internal resources in responding to suspected security breaches and leading the subsequent root cause analysis and lessons learned reviews.
- To direct security operations activities and develop strategy to ensure that the confidentiality, integrity and availability of EA’s assets, information, data and IT services supports the organisation to achieve the corporate objectives.
The Security Operations Lead has the following service-specific responsibilities:
- Ensure that the EA applications, data and technology perspectives are in line with the EA technology and governance strategies, policies and standards.
- Establish a Security Operations management framework to monitor and manage information security controls within EA.
- Develop governance and an operational team for monitoring indicators of compromise and responding to information security incidents.
- Establish and control Security Operations with information security auditing, monitoring, and evaluation against policy, standards and guidance.
- Develop Security Operations management plans and recommend appropriate mechanisms for measuring security compliance.
- Ensure that appropriate procedures, tools and controls are in place including security policies, incident management and disaster recovery.
- Engage with team members to determine training needs and skills requirements to support the implementation of the security and incident management strategies.
- Monitor Critical Success Factors (CSFs) and Key Performance Indicators (KPIs) for information security.
- Work towards independent certification against ISO/IEC 27001.
In accordance with Section 75 of the Northern Ireland Act (1998), the post holder is expected to promote good relations, equality of opportunity and pay due regard for equality legislation at all times.
PERSON SPECIFICATION
Essential Criteria
- Hold a Bachelor’s degree in an IT related field e.g Computer Science, IT or Cyber-Security and have two years experience in Cyber Security Management; OR have five years’ experience in Cyber Security management.
- Experience of operating in information security roles including a minimum of two years’ experience of a similar role with responsibility for leading ICT security operations.
- Demonstrable experience of the successful implementation and/or management of security operations team including threat detection, incident response, and continuous security improvement.
- Hold an information security related qualification e.g. CISSP or CISM.
- Willingness to work outside of normal working hours as and when required.
ADDITIONAL NOTES
The list of duties is not intended to be exhaustive or exclusive. The post holder may be required to undertake various other duties as deemed necessary and commensurate with the level of responsibility of the post.
The Education Authority is an Equal Opportunities Employer.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
