Be at the heart of actionFly remote-controlled drones into enemy territory to gather vital information.

Apply Now

ICT Assurance Security Operations Lead

Education Authority
Belfast
8 months ago
Applications closed

Related Jobs

View all jobs

Information Security and Compliance Lead

ICT and Computer Science Teachers required

ICT Support Analyst Apprentice

1st Line Support

iTrent Business Analyst

IT Manager

JOB PURPOSE

To manage the ICT Assurance Security Operations team to design and implement information security operation activities for EA, ensuring compliance with relevant cyber and information security policies, standards and guidance. To develop and govern cyber incident response for the organisation, directing external and internal resources in responding to suspected security breaches and leading the subsequent root cause analysis and lessons learned reviews. To direct security operations activities and develop strategy to ensure that the confidentiality, integrity and availability of EA’s assets, information, data and IT services supports the organisation to achieve the corporate objectives.

Liaising with all ICT services, to analyse existing systems to ensure they offer adequate security and are effectively meeting the needs of the organisation and make recommendations of any alternative technologies or improvements which would enhance information systems to support Organisational goals. 

To Lead the ICT Assurance Security Operations team in protecting the interests of those relying on information, and the systems and communications that deliver the information, from harm resulting from failures of confidentiality, integrity and availability.

In addition, the post holder will be expected to make an important contribution to the development and implementation of service specific targets relating to the ICT Assurance Business Plan at Service, Directorate and ultimately corporate level; promote efficiency and effectiveness throughout the service.

The Security Operations Lead has the following service-specific responsibilities:

The following list provides an outline of the key responsibilities. It does not, however, represent a comprehensive list of tasks.

Ensure that the EA applications, data and technology perspectives are in line with the EA technology and governance strategies, policies and standards. Ensuring that the overall system of control is maintained in a coherent manner and that appropriate considerations are made for its security, quality and value. Liaising with all areas of ICT Assurance to ensure and review the quality of service delivered to existing users, and business areas, as well as ensuring that the EA staff and customers are able to use EA systems reliably, safely and with confidence.

Control

Establish a Security Operations management framework to monitor and manage information security controls within EA. Establish an operational team to approve and implement and evaluate and manage Security Operations with the information security policy for EA information systems. Develop governance and an operational team for monitoring indicators of compromise and responding to information security incidents. Establish and control Security Operations with information security auditing, monitoring, and evaluation against policy, standards and guidance. Establish an effective supplier assurance capability, incorporating a governance framework that fits with other relevant corporate governance capabilities to manage 3rd party information security risk.

Plan

Develop Security Operations management plans and recommend appropriate mechanisms for measuring security compliance, based on an understanding of the requirements of the organisation. Define security operation requirements by incorporating information from such sources as business and service risk, plans and strategies, service and operational level agreements, and legal, moral and ethical responsibilities for information security. Consider factors such as the amount of funding available and the prevailing organisational culture and attitudes to security. Upkeep of the information security policies and cyber security incident management plan as an organisation wide document, not just applicable to ICT. Develop a threat and risk assessment to inform the development of security management requirements. Develop cyber incident monitoring and response plans and engage with other emergency planning functions to ensure plan integration. Develop compliance and cyber incident monitoring plans.

Implement

Ensure that appropriate procedures, tools and controls are in place including security policies, incident management and disaster recovery. Determination of a clear and agreed compliance framework, integrated with the needs of the business. Establish security operations and incident management procedures that are justified, appropriate and supported by senior management. Provide effective marketing and education in security compliance risks and requirements. Evaluate supplier security control frameworks and measures, through robust supplier assurance assessments and audits. Evaluate operational information security implementation risk. Develop IT compliance and incident management assessment plans and scopes for new systems and services. Promote security awareness by developing and implementing a security awareness and training programme. Establish a mechanism for measuring and managing security and incident management improvement.

Evaluate

Engage with team members to determine training needs and skills requirements to support the implementation of the security and incident management strategies. Supervise and check compliance with the security policy and security requirements in service and operational level agreements, and in underpinning contracts with suppliers. Manage regular audits of the technical security configuration of IT systems and supporting processes during and post implementation. Provide security and incident management information to external auditors and regulators as required. Monitor Critical Success Factors (CSFs) and Key Performance Indicators (KPIs) for information security.

Maintain

Oversee the improvement of security arrangements as specified in service and operational level agreements and other documentation. Lead improvement of security measures and controls. Conduct continual service improvement in relation to information security. Work towards independent certification against ISO/IEC 27001.

They will be required to direct and manage security operations projects within ICT Assurance in accordance with EA’s strategic direction, relevant legislation, industry best practice and other public sector policies and guidance. Liaising as required with Head of Services and Head of ICT Assurance to:

Maintain and communicate a clear and compelling strategic direction for ICT Assurance related deliverables. Undertaking impact analysis of large or complex systems, making recommendations and assessing associated risks and.  Review systems design to ensure selection of appropriate technology, efficient use of resources and integration of multiple systems and technology.

3.1 OTHER DUTIES AND RESPONSIBILITIES APPLICABLE TO THE ROLE OF Security Operations LEAD 

LEADERSHIP/MANAGEMENT

The post-holder will be expected to:

Line Manage employees aligned to ICT Assurance Security Operations team. Provide non-managerial support, information and training as required for other employees within ICT Services. Lead and support employees in the team in the effective and efficient operation of sePromote the corporate vision, values and culture of EA as a single regional organisation, in all processes linked to maintenance, development and implementation of Infrastructure architecture assignments; Translate the Corporate Vision into ICT Assurance specific initiatives. Provide leadership to their staff and ensure transformational changes and new structures, strategies, policies and processes for their system/service are implemented while maintaining the high standards of the Authority and any future challenges. Ensure that employees within the ICT Assurance team are provided with a clear structure, roles and responsibilities and are supported to work in an integrated way. Work closely with Team members to ensure that all requirements, deadlines, and schedules are on track. Responsibilities include submitting agreed deliverables, preparing status reports, and establishing effective communication plans. Foster a culture that supports achievement of the authority’s Strategic Plan by role modelling core values and leadership behaviors to staff Undertake such training as may be required for his/her own personal and professional development.

STRATEGIC PLANNING AND POLICY INFLUENCE

The post-holder will be expected to:

Significantly contribute to the development of a strategic plan for Cyber Security and lead on the development of Assurance strategy and underlying business plan Work collaboratively with ICT Services and Heads of Service, to ensure that priorities are translated into manageable objectives and communicated to relevant teams within the Service as appropriate. Work collaboratively with other ICT Services, Senior Officers to devise and implement effective systems to monitor, measure, control and report on the work of relevant teams within service to take account of changes in the internal and external environments which may impact on and influence priorities and needs. Provide reports that can inform policy and strategic direction using formative and summative information which will guide future models of service delivery in relation to the service area. To establish effective, accountable and rigorous quality assurance systems to achieve the highest possible standards of performance, with focuses on maintaining the needs of internal and external customers. Contribute to the design and implementation of supplier assurance services in respect of the scope of services being implemented by EA Projects and 3rd party suppliers. Contribute to the development and implementation of new governance including policies, compliance frameworks and processes in line with strategic direction and other public sector/cyber security organisations. To establish maintain and communicate a clear and compelling strategic direction for the information security and security compliance across EA including suppliers and third parties with whom EA share information.

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Careers Education

The Best Free Tools & Platforms to Practise Cyber Security Skills 2025/26

Cyber security is one of the most in-demand career fields in the UK. From preventing data breaches to monitoring networks and defending against ransomware, the role of cyber professionals is critical across every industry. With organisations of all sizes facing increasing threats, demand for skilled professionals continues to rise. But employers don’t just want theory—they want proof that you can analyse systems, detect vulnerabilities, and respond to incidents. The good news is that you don’t need to pay thousands of pounds for training to build practical experience. A wide range of free tools and platforms allow you to practise cyber security skills safely, ethically, and at no cost. This article explores the best free resources available in 2025 to help you gain hands-on skills in ethical hacking, penetration testing, digital forensics, network monitoring, and incident response.

Jobs

Top 10 Skills in Cyber sScurity According to LinkedIn & Indeed Job Postings

In today’s digital age, cyber security is no longer optional—it’s mission-critical. From financial institutions to healthcare providers, government departments to tech startups, every sector in the UK is under rising cyber threats. As a result, employers are constantly on the hunt for skilled professionals who can defend, detect, and respond effectively. But with cyber threats evolving at pace, what exactly are employers seeking? By analysing job postings on LinkedIn and Indeed, this article reveals the Top 10 cyber security skills UK organisations are demanding in 2025. Read on to discover how to present these skills effectively on your CV, in interviews, and through practical proof of experience.

Careers

The Future of Cybersecurity Jobs: Careers That Don’t Exist Yet

Cyber security has become one of the most critical issues of our age. Once regarded as a technical problem confined to IT departments, it is now a board-level priority, a government mandate, and a daily necessity for individuals. The shift towards cloud services, remote working, connected devices, and artificial intelligence has dramatically increased the risks of digital attacks. In the UK, cyber security is central to national resilience. The government has identified cyber as a “tier one” threat to national security, alongside terrorism and pandemics. The private sector, from banks to retailers, now sees data breaches and ransomware as existential risks. Global spending on cyber security is projected to exceed $250 billion by 2030, with the UK already home to a thriving cyber industry employing tens of thousands. Yet, as powerful as the industry already is, we are only at the beginning. The technologies shaping the next two decades—AI, quantum computing, edge computing, extended reality, and biotechnology—will radically reshape cyber security. Many of the most vital cyber security jobs of the future don’t exist yet. This article explores why new roles will emerge, the careers likely to appear, how today’s jobs will evolve, why the UK is well-positioned, and how professionals can prepare now.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.