JOB PURPOSE

To manage the ICT Assurance Security Operations team to design and implement information security operation activities for EA, ensuring compliance with relevant cyber and information security policies, standards and guidance. To develop and govern cyber incident response for the organisation, directing external and internal resources in responding to suspected security breaches and leading the subsequent root cause analysis and lessons learned reviews. To direct security operations activities and develop strategy to ensure that the confidentiality, integrity and availability of EA’s assets, information, data and IT services supports the organisation to achieve the corporate objectives.

Liaising with all ICT services, to analyse existing systems to ensure they offer adequate security and are effectively meeting the needs of the organisation and make recommendations of any alternative technologies or improvements which would enhance information systems to support Organisational goals. 

To Lead the ICT Assurance Security Operations team in protecting the interests of those relying on information, and the systems and communications that deliver the information, from harm resulting from failures of confidentiality, integrity and availability.

In addition, the post holder will be expected to make an important contribution to the development and implementation of service specific targets relating to the ICT Assurance Business Plan at Service, Directorate and ultimately corporate level; promote efficiency and effectiveness throughout the service.

The Security Operations Lead has the following service-specific responsibilities:

The following list provides an outline of the key responsibilities. It does not, however, represent a comprehensive list of tasks.

Ensure that the EA applications, data and technology perspectives are in line with the EA technology and governance strategies, policies and standards. Ensuring that the overall system of control is maintained in a coherent manner and that appropriate considerations are made for its security, quality and value. Liaising with all areas of ICT Assurance to ensure and review the quality of service delivered to existing users, and business areas, as well as ensuring that the EA staff and customers are able to use EA systems reliably, safely and with confidence.

Control

Establish a Security Operations management framework to monitor and manage information security controls within EA. Establish an operational team to approve and implement and evaluate and manage Security Operations with the information security policy for EA information systems. Develop governance and an operational team for monitoring indicators of compromise and responding to information security incidents. Establish and control Security Operations with information security auditing, monitoring, and evaluation against policy, standards and guidance. Establish an effective supplier assurance capability, incorporating a governance framework that fits with other relevant corporate governance capabilities to manage 3rd party information security risk.

Plan

Develop Security Operations management plans and recommend appropriate mechanisms for measuring security compliance, based on an understanding of the requirements of the organisation. Define security operation requirements by incorporating information from such sources as business and service risk, plans and strategies, service and operational level agreements, and legal, moral and ethical responsibilities for information security. Consider factors such as the amount of funding available and the prevailing organisational culture and attitudes to security. Upkeep of the information security policies and cyber security incident management plan as an organisation wide document, not just applicable to ICT. Develop a threat and risk assessment to inform the development of security management requirements. Develop cyber incident monitoring and response plans and engage with other emergency planning functions to ensure plan integration. Develop compliance and cyber incident monitoring plans.

Implement

Ensure that appropriate procedures, tools and controls are in place including security policies, incident management and disaster recovery. Determination of a clear and agreed compliance framework, integrated with the needs of the business. Establish security operations and incident management procedures that are justified, appropriate and supported by senior management. Provide effective marketing and education in security compliance risks and requirements. Evaluate supplier security control frameworks and measures, through robust supplier assurance assessments and audits. Evaluate operational information security implementation risk. Develop IT compliance and incident management assessment plans and scopes for new systems and services. Promote security awareness by developing and implementing a security awareness and training programme. Establish a mechanism for measuring and managing security and incident management improvement.

Evaluate

Engage with team members to determine training needs and skills requirements to support the implementation of the security and incident management strategies. Supervise and check compliance with the security policy and security requirements in service and operational level agreements, and in underpinning contracts with suppliers. Manage regular audits of the technical security configuration of IT systems and supporting processes during and post implementation. Provide security and incident management information to external auditors and regulators as required. Monitor Critical Success Factors (CSFs) and Key Performance Indicators (KPIs) for information security.

Maintain

Oversee the improvement of security arrangements as specified in service and operational level agreements and other documentation. Lead improvement of security measures and controls. Conduct continual service improvement in relation to information security. Work towards independent certification against ISO/IEC 27001.

They will be required to direct and manage security operations projects within ICT Assurance in accordance with EA’s strategic direction, relevant legislation, industry best practice and other public sector policies and guidance. Liaising as required with Head of Services and Head of ICT Assurance to:

Maintain and communicate a clear and compelling strategic direction for ICT Assurance related deliverables. Undertaking impact analysis of large or complex systems, making recommendations and assessing associated risks and.  Review systems design to ensure selection of appropriate technology, efficient use of resources and integration of multiple systems and technology.

3.1 OTHER DUTIES AND RESPONSIBILITIES APPLICABLE TO THE ROLE OF Security Operations LEAD 

LEADERSHIP/MANAGEMENT

The post-holder will be expected to:

Line Manage employees aligned to ICT Assurance Security Operations team. Provide non-managerial support, information and training as required for other employees within ICT Services. Lead and support employees in the team in the effective and efficient operation of sePromote the corporate vision, values and culture of EA as a single regional organisation, in all processes linked to maintenance, development and implementation of Infrastructure architecture assignments; Translate the Corporate Vision into ICT Assurance specific initiatives. Provide leadership to their staff and ensure transformational changes and new structures, strategies, policies and processes for their system/service are implemented while maintaining the high standards of the Authority and any future challenges. Ensure that employees within the ICT Assurance team are provided with a clear structure, roles and responsibilities and are supported to work in an integrated way. Work closely with Team members to ensure that all requirements, deadlines, and schedules are on track. Responsibilities include submitting agreed deliverables, preparing status reports, and establishing effective communication plans. Foster a culture that supports achievement of the authority’s Strategic Plan by role modelling core values and leadership behaviors to staff Undertake such training as may be required for his/her own personal and professional development.

STRATEGIC PLANNING AND POLICY INFLUENCE

The post-holder will be expected to:

Significantly contribute to the development of a strategic plan for Cyber Security and lead on the development of Assurance strategy and underlying business plan Work collaboratively with ICT Services and Heads of Service, to ensure that priorities are translated into manageable objectives and communicated to relevant teams within the Service as appropriate. Work collaboratively with other ICT Services, Senior Officers to devise and implement effective systems to monitor, measure, control and report on the work of relevant teams within service to take account of changes in the internal and external environments which may impact on and influence priorities and needs. Provide reports that can inform policy and strategic direction using formative and summative information which will guide future models of service delivery in relation to the service area. To establish effective, accountable and rigorous quality assurance systems to achieve the highest possible standards of performance, with focuses on maintaining the needs of internal and external customers. Contribute to the design and implementation of supplier assurance services in respect of the scope of services being implemented by EA Projects and 3rd party suppliers. Contribute to the development and implementation of new governance including policies, compliance frameworks and processes in line with strategic direction and other public sector/cyber security organisations. To establish maintain and communicate a clear and compelling strategic direction for the information security and security compliance across EA including suppliers and third parties with whom EA share information.