Information Technology Security Officer

MCS Group is proud to be partnering with the Northern Ireland Assembly, in their search for an Information Technology Security Officer on a temporary basis.

The role:

• Work alongside the Head of IT to develop the Assembly Commission’s IT vision, strategy and accompanying action plan and deliver it through a robust programme and project management framework, in line with best practice, to support the continuing digital transformation of Assembly and Assembly Commission business.
• Identify future challenges in the IT landscape and develop relevant mitigation strategies.
• Research and evaluate existing and emerging technologies, products and services, particularly cloud computing, to identify potential areas of improvement and support new ways of working.
• Provide strategic and authoritative technical advice to the Director of Parliamentary Services, Senior Management Team (SMT) and the Head of IT on matters relating to Assembly Commission systems, applications, policies and processes.
• Represent the Assembly at external forums and events, building and maintaining effective and constructive external relationships.
• Developing and Leading staff
• Leading and managing staff and teams to build a high performing team that is focused on delivering excellence in all aspects of service delivery.
• Promoting a culture of learning and innovation with a strong customer ethos.
• Lead, develop, implement, and monitor a comprehensive technical information security program, including all related policies, standards, and guidelines to protect information assets, especially where changes have been made.
• Provide professional expertise and advice to SMT, senior managers and the Data Protection and Governance Officer to ensure that technical information security adheres to data protection and information security standards, including ISO 27001, NIST, and GDPR (as applicable).
• Lead and define security best practices and align them with organisational goals and compliance requirements.
• Implement technical security controls to systems and lead alongside the Head of IT in ensuring that all team members adhere to the controls.
• Conduct regular risk assessments to identify vulnerabilities and develop strategies for risk mitigation with the Data Protection and Governance Officer.
• Take the lead, assess risks, interpret complex data, and make informed decisions on security measures, providing advice to SMT.
• Provide professional expertise and advice to the Data Protection and Governance Officer when managing and responding to security incidents and breaches from a technical perspective, coordinating with internal stakeholders and external authorities as needed.
• Lead IS Office teams to conduct root-cause analyses of incidents and develop plans to prevent recurrence.
• Lead and implement solutions, with the team, to security challenges and adapt quickly and professionally to new threats.
• Lead the team supporting the daily operations of security systems, such as firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and SIEM.
• Lead and provide expertise on reviewing and analysing security alerts and logs for signs of potential vulnerabilities, threats, or breaches.
• Lead and coordinate with IS teams to ensure secure system configurations, vulnerability patching, and software updates.
• Lead and support the secure adoption of new technologies from the Microsoft technology stack.
• Lead and manage the team conducting assessments across all (organisational) new technical / data related projects preparing and presenting updates and security risks to the Head of IT and all stakeholders.
• Provide technical security advice an information to ensure internally developed Assembly information systems, and new technologies are secure by design, including any changes.
• Manage and monitor compliance with relevant regulations and industry standards, such as GDPR, HIPAA, PCI-DSS, and SOX.
• Lead and prepare for internal and external security audits, documenting compliance status and remediation efforts.
• Manage and maintain detailed records of compliance efforts and conduct annual security assessments to update policies as needed.
• Foster a security conscious culture by leading and conducting training needs analysis relating to cyber security; developing, implementing and delivering appropriate training for Commission staff and Members.
• Provide technical information and advice to senior managers and staff across business areas, Members and Party Support in IT related projects and provide security guidance and advice as required.
• Lead cyber security incident response efforts, coordinating with Heads of Business as appropriate.
• Assess and manage security risks associated with third-party suppliers, including reviewing security documentation, conducting periodic audits and mitigating risk through appropriate controls.
• Contribute to the development of specifications for the procurement of ICT enabled business solutions and provide advice on security aspects and to lead, in an IS Office representational role, in discussions with potential contractors and suppliers within the specialism.
• Develop and maintain detailed documentation of security policies, procedures, and incidents for regulatory and internal auditing purposes. Leading the team to ensure effective pro-active technical monitoring of system logs.
• Create regular reports for senior management on the state of the organisation’s cybersecurity posture, risk management, and incidents.
• Competent in monitoring security controls, reviewing logs, and creating thorough documentation for audits and compliance.
• Comply with all of the Assembly Commission’s staff policies and procedures including Equal Opportunities and Dignity at Work policies and procedures and all mandatory training requirements.
• Manage information and records in accordance with established policies and statutory requirements.
• You may also be required to carry out other duties that the Assembly Commission reasonably requires of you.

The Person:

Applicants for the post of ITSO must, by the closing date for applications:

Plus

Have a minimum of 3 years’ experience in each of the areas a) - c) described below:

(a) Working across a multi - discipline technology stack;

• Cloud environments (AZURE / AWS);
• Firewalls (On premise / Cloud services);
• Intrusion Detection / Prevention Systems;
• Security Information & Event Management tools (SIEM);
• Data Loss Prevention (DLP);
• Endpoint Management;
• Networking, Protocols & Vulnerability Management;
• Encryption & Identity Management;
• Policy creation; and,
• Developing and delivering Cyber Security related Training.

(b) Working in roles such as, Security Operations, Incident Response and Investigation, Risk Management and / or Network Security and Architecture.

(c) Working knowledge/experience of information security management systems (ISMS)

AND

Possess a professional certification that aligns with the responsibilities of the role such as Certified Information Systems Security Professional; CISSP, Certified Cloud Security Professional (CCSP)).

OR

Plus

Have a minimum of 3 years’ experience in each of the areas a) -c) described above.

AND

Possess a professional certification that aligns with the responsibilities of the role such as Certified Information Systems Security Professional; CISSP, Certified Cloud Security Professional (CCSP) and have the ability to demonstrate knowledge of information security management systems (ISMS).

*NB only those courses with a computing content of 50% or more will be considered and applicants must give full details on the application form of how the content of the course meets this requirement.

The Rewards:

As the successful applicant, you will receive the following:

£66,376 per annum

Excellent annual leave allowance

You will be joining a warm, friendly team environment with a fantastic organisation

To speak in absolute confidence about this opportunity please send an up-to-date CV via the link provided or contact Meghan Hamilton, specialist recruitment consultant at MCS Group on or s.

Even if this position is not right for you, we may have others that are. Please visit MCS Group to view a wide selection of our current jobs www.mcsgroup.jobs