|Location||Cunninghame House, Friars Croft, Irvine, United Kingdom|
|Date Posted||May 13, 2018|
|Salary||£40,001 - £50,000|
Role Profile ROLE DEFINITION
Provide advice, governance, management and control of Cyber security and compliance across the Council ICT operations, programmes and projects to optimise the technology investments and manage value, cost and risk, in line with policy, procedure, practice and other relevant guidance.
KEY TASKS AND RESPONSIBILITIES
To manage/deliver the Service in accordance with the Council’s corporate policies and procedures and relevant strategy provision.
To manage/deliver the service outcomes, in the most efficient and effective way, that delivers the Council’s Strategic Priorities within the Council Plan and contributes to the production of Directorate Plans.
To manage and monitor Capital and Revenue budgets as assigned and contribute to budget development.
To lead, or contribute to, the preparation of cross-service business development plans, as required.
To ensure the effective management and leadership of employees, where appropriate.
To prepare and co-ordinate reports for the Council, its Committees or working parties and to attend these meetings as required.
To undertake any other reasonably required duties as instructed by Management or someone acting on their behalf, in addition to the role specific tasks & responsibilities detailed below.
Role Specific Tasks & Responsibilities
Manage and control cyber and ICT security capabilities and recommend the implementation of relevant controls across the Council to provide a cost effective risk mitigation.
Lead the definition and delivery of Cyber, IT and Information Security strategies through compliance to Government requirements, regulations, risk management, and organisational policies.
Increase the operational effectiveness and efficiency of the function across business, application, information and technology domains.
Manage and monitor the work of the team with responsibility for the application and implementation of HR policies and procedures.
Manage relationships with key stakeholder groups to ensure compliance with related policies and standards.
Lead the development, review and update of policies, guidelines, standards and procedures taking cognizance of relevant information security standards and incidents.
Review, evaluate and report on the effectiveness of cyber and information security controls.
Assess the significance of security advice from a range of sources and make appropriate recommendations.
Lead investigations into incidents related to the malicious, deliberate attacks on or failures / breaches to, the Council’s IT estate.
Liaise with a range of internal and external contacts in relation to cyber security incidents, compliance, breaches of policy etc. and represent the Authority where required.
Lead the review of changes in regulatory compliance requirements and industry developments where required.
Oversee the specification of requirements for ICT Health Checks to ensure identification of vulnerabilities and testing of cyber security controls and to protect other ICT systems and manage the resulting remediating controls for the business.
Coordinate the award of cyber security based contracts and services with relevant colleagues.
Lead on regulatory compliance and accreditation processes.
Review the terms of Council tenders to ensure that appropriate technical and organisational measures are in place to protect the confidentiality, integrity and availability of the data to be processed.Promote and maintain a security aware culture, raising the awareness of cyber security issues, current technologies and emerging trends.
Define target architecture for cyber security controls in ICT solutions and develop roadmaps, business cases and remediation plans.
Plan and manage delivery of a cyber and information security work programme, identifying and assessing risk profiles and leading on the selection of appropriate security risk assessment techniques.
Contribute to the maintenance of relevant security risks on the corporate risk register.
Integrate cyber and information security risk management into programme risk management.
ESSENTIAL / DESIRABLE CRITERIA
Education and Qualifications
Educated to degree level OR
Cyber Security related qualification(s) Qualification in ICT related discipline Application Form
Experience of implementing security methodologies, using best practise and industry standards Experience of developing and / or applying security policy Experience of providing assurance concerning security or having had an operational or delivery responsibility for security
Experience in computer and network systems, including cyber security Experience of working in a Local Government environment Experience of incident response or security incident investigation Experience of handling protectively marked information and understanding of the government’s protective marking system, government classification scheme, etc. In-depth knowledge of the Scottish Government Cyber Action Plan for Scotland and what this means for Local Authorities Experience in the security services, professional services or audit and assurance Structured project management in deploying security related initiatives Application Form
Knowledge of risk and regulatory frameworks such as ITIL, CobIT, ISO 27001, PCI-DSS, PSN, etc. Knowledge and experience of working with the HMG and CESG policy and security framework Knowledge of Data Protection Act legislation, GDPR and Computer Misuse Act Knowledge of the current version of HMG Security Policy Framework (SPF) Knowledge of the guidance and policy documents issued by the National Cyber Security Centre (NCSC) Knowledge of Enterprise Architecture and specifically TOGAF Application Form
Pre/Post-Interview Check (if appropriate)
Skills and Abilities
Written and verbal communication skills
Ability to work under pressure Client centred thinking Teamwork and interpersonal skills Ability to develop effective working relationships Ability to influence others Leadership skills Ability to manage conflict Ability to initiate and innovate Application Form
Pre/Post-Interview Check (if appropriate)
Staff Values & Behaviours
North Ayrshire Council uses behavioural based approach throughout the recruitment process. Our staff values of Focus, Passion & Inspiration will be explored for this vacancy.
Further information on how to complete behaviour based application form questions is available on the Council’s website.
We put our customers first
We understand the bigger picture
Provide excellent customer services Meet and where possible exceed the expectations of internal and external customers. Understand the performance levels and standards required within our own role and strive to achieve and where possible exceed these. Know how the work we do fits into the overall performance of the Council.
We take pride in the jobs we do
We are ambitious for our community
Take ownership of our own actions and performance. Reflect on the work we do and consider how it could be improved. Have a positive impact on the lives of our customers and their communities. Push the boundaries to help our customers and communities realise their potential.
We all look for better ways to deliver our services
We achieve the best results together
Find new ways to deliver improvements, efficiencies and value for money. Embrace change with enthusiasm and creative ideas. Work together and creatively produce the best outcomes for our customers and communities. Plan all activities with the end goal in mind.Additional Information
The ICT and Cyber Security Architect is the Council’s strategic lead for Cyber and ICT Security. The role is part of the IT Services Team who are leading the implementation of the Cyber Resilience Strategy for Scotland - Public Sector Action Plan and ICT Security regulatory compliance.
Engaging across services, with other Councils, national bodies and others in relation to policy compliance, risk management and cyber security incidents.
Working closely with colleagues in IT Services, services and partners to promote a security aware culture and raises the awareness of cyber security issues.
For your information if this post requires references you will be notified of further details if you are successful in gaining an interview. Not providing relevant references when requested may delay the outcome of the interview process
Applications must be made online at myjobscotland.gov.uk