ICT Assurance Security Operations Lead

JOB DESCRIPTION

REPORTS TO: Head of ICT Assurance

RESPONSIBLE FOR: The Security Operations Lead will be responsible for leading cyber and information security compliance within EA. The Compliance Lead will govern and manage security operations with ICT Assurance and other applicable cyber and information security policies and standards (e.g., those issued by the NCSC). The Security Operations Lead will also govern compliance for software licensing and engage with wider organisational and external compliance functions as necessary. This role includes liaising with the Compliance Manager and IT Security Officers to review the implementation of security policy and collaborating with Network and Infrastructure teams to develop a means to monitor and measure compliance with policy for technical and procedural security controls. Additionally, the Security Operations Lead will direct and manage the ICT Assurance Security Operations team and liaise with the Head of Service for ICT Assurance on security operations issues across EA service areas, providing a core service critical for all other services across EA.

JOB PURPOSE

• To manage the ICT Assurance Security Operations team to design and implement information security operation activities for EA, ensuring compliance with relevant cyber and information security policies, standards, and guidance.
• To develop and govern cyber incident response for the organisation, directing external and internal resources in responding to suspected security breaches and leading subsequent root cause analysis and lessons learned reviews.
• To direct security operations activities and develop strategies to ensure that the confidentiality, integrity, and availability of EA’s assets, information, data, and IT services support the organisation in achieving corporate objectives.

CONTROL

• Establish a Security Operations management framework to monitor and manage information security controls within EA.
• Establish an operational team to approve, implement, evaluate, and manage Security Operations with the information security policy for EA information systems.
• Develop governance and an operational team for monitoring indicators of compromise and responding to information security incidents.
• Establish and control Security Operations with information security auditing, monitoring, and evaluation against policy, standards, and guidance.
• Establish an effective supplier assurance capability, incorporating a governance framework that fits with other relevant corporate governance capabilities to manage 3rd party information security risk.

PLAN

• Develop Security Operations management plans and recommend appropriate mechanisms for measuring security compliance based on an understanding of the requirements of the organisation.
• Define security operation requirements by incorporating information from business and service risk, plans and strategies, service and operational level agreements, and legal, moral, and ethical responsibilities for information security.
• Consider factors such as the amount of funding available and the prevailing organisational culture and attitudes to security.
• Upkeep of the information security policies and cyber security incident management plan as an organisation-wide document, not just applicable to ICT.
• Develop a threat and risk assessment to inform the development of security management requirements.
• Develop cyber incident monitoring and response plans and engage with other emergency planning functions to ensure plan integration.
• Develop compliance and cyber incident monitoring plans.

IMPLEMENT

• Ensure that appropriate procedures, tools, and controls are in place, including security policies, incident management, and disaster recovery.
• Establish security operations and incident management procedures that are justified, appropriate, and supported by senior management.
• Provide effective marketing and education in security compliance risks and requirements.
• Evaluate supplier security control frameworks and measures through robust supplier assurance assessments and audits.
• Develop IT compliance and incident management assessment plans and scopes for new systems and services.
• Promote security awareness by developing and implementing a security awareness and training programme.
• Establish a mechanism for measuring and managing security and incident management improvement.

EVALUATE

• Engage with team members to determine training needs and skills requirements to support the implementation of the security and incident management strategies.
• Supervise and check compliance with the security policy and security requirements in service and operational level agreements and in underpinning contracts with suppliers.
• Manage regular audits of the technical security configuration of IT systems and supporting processes during and post-implementation.
• Provide security and incident management information to external auditors and regulators as required.
• Monitor Critical Success Factors (CSFs) and Key Performance Indicators (KPIs) for information security.

MAINTAIN

• Oversee the improvement of security arrangements as specified in service and operational level agreements and other documentation.
• Lead improvement of security measures and controls.
• Conduct continual service improvement in relation to information security.
• Work towards independent certification against ISO/IEC 27001.

OTHER DUTIES AND RESPONSIBILITIES APPLICABLE TO THE ROLE OF SECURITY OPERATIONS LEAD

The post-holder will be expected to:

• Line Manage employees aligned to ICT Assurance Security Operations team.
• Provide non-managerial support, information, and training as required for other employees within ICT Services.
• Lead and support employees in the team in the effective and efficient operation of services.
• Promote the corporate vision, values, and culture of EA as a single regional organisation.
• Provide leadership to staff and ensure transformational changes and new structures, strategies, policies, and processes for their system/service are implemented while maintaining high standards.
• Ensure that employees within the ICT Assurance team are provided with a clear structure, roles, and responsibilities and are supported to work in an integrated way.
• Work closely with team members to ensure that all requirements, deadlines, and schedules are on track.
• Foster a culture that supports achievement of the authority’s Strategic Plan by role modelling core values and leadership behaviours to staff.

PERSON SPECIFICATION

ESSENTIAL CRITERIA

• Hold a Bachelor’s degree in an IT-related field (e.g., Computer Science, IT, or Cyber-Security) and have two years of experience in Cyber Security Management; OR have five years of experience in Cyber Security management.
• Experience in information security roles, including a minimum of two years in a similar role with responsibility for leading ICT security operations.
• Demonstrable experience in the successful implementation and/or management of security operations teams, including threat detection, incident response, and continuous security improvement.
• Experience in the management and/or design of a cyber incident response team.
• Hold an information security-related qualification (e.g., CISSP or CISM).

OTHER REQUIREMENTS

• Willingness to work outside of normal working hours as required.
• Access to a suitable vehicle (appropriately maintained and insured for Education Authority business) or provide sufficient information on the application form to satisfy the employer regarding alternative transport.

The Education Authority is an Equal Opportunities Employer.