IT Security Officer

Job Title: Information Technology Security Officer

Salary range: �66,376

Business Area: Information Systems Office

Accountable to: Head of IT

Accountable for: Infrastructure team and Helpdesk (Operations)

Job Purpose:
This is a challenging new post within the Information Systems (IS) Office. The post holder will lead the Assembly's Information Technology Security functions. This is a key change role within the Assembly, supporting and reshaping the provision of information systems and enabling other parts of the business to perform effectively. The successful delivery of information systems in a rapidly changing technical environment presents many strategic, operational and technical challenges to the post holder.

The Information Technology Security Officer:
The Information Technology Security Officer (ITSO) is a highly skilled, specialised role responsible for developing, implementing, and maintaining the Northern Ireland Assembly Commission's (the Assembly Commission's) information security policies and procedures, to ensure information security and compliance with legislation and best practice. The ITSO will endeavour to ensure the confidentiality, integrity, and availability of all data and information systems, by protecting them from internal and external threats. The ITSO will collaborate with IS Office teams and the Data Protection and Governance Officer to align security practices with regulatory requirements and business objectives. They will take a lead role in safeguarding the Assembly Commission's information assets and ensuring a proactive stance against evolving cybersecurity threats. The ITSO will take a proactive, solution-focussed approach to identify security risks and manage incident responses. The ITSO will monitor and improve security controls, conduct risk assessments, and collaborate with cross-functional teams to maintain a secure IT infrastructure.

Job Description:The main duties and responsibilities of the post are:
Strategic

• Work alongside the Head of IT to develop the Assembly Commission's IT vision, strategy and accompanying action plan and deliver it through a robust programme and project management framework, in line with best practice, to support the continuing digital transformation of Assembly and Assembly Commission business.
• Identify future challenges in the IT landscape and develop relevant mitigation strategies.

Operational Information Security Management

• Lead, develop, implement, and monitor a comprehensive technical information security program, including all related policies, standards, and guidelines to protect information assets, especially where changes have been made.
• Lead and define security best practices and align them with organisational goals and compliance requirements.

Risk Assessment and Incident Response

• Conduct regular risk assessments to identify vulnerabilities and develop strategies for risk mitigation with the Data Protection and Governance Officer.
• Take the lead, assess risks, interpret complex data, and make informed decisions on security measures, providing advice to SMT.

Security Operations

• Lead the team supporting the daily operations of security systems, such as firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and SIEM.
• Lead and support the secure adoption of new technologies from the Microsoft technology stack.

Compliance and Regulatory Alignment

• Manage and monitor compliance with relevant regulations and industry standards, such as GDPR, HIPAA, PCI-DSS, and SOX.
• Lead and prepare for internal and external security audits, documenting compliance status and remediation efforts.

Security Operations

• Lead the team supporting the daily operations of security systems, such as firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection, and SIEM.
• Lead and support the secure adoption of new technologies from the Microsoft technology stack.

Supplier and Third-Party Management

• Assess and manage security risks associated with third-party suppliers, including reviewing security documentation, conducting periodic audits and mitigating risk through appropriate controls.
• Documentation and Reporting
• Develop and maintain detailed documentation of security policies, procedures, and incidents for regulatory and internal auditing purposes. Leading the team to ensure effective pro-active technical monitoring of system logs.

Essential Criteria:

Applicants for the post of ITSO must, by the closing date for applications:

Possess at least a Bachelor's (or higher) Degree in Computing or other discipline relevant to Information Systems /

Information Technology, Cyber Security or Network Administration*.

Plus

Have a minimum of 3 years' experience in each of the areas a) - c) described below:

• Working across a multi - discipline technology stack;
• Cloud environments (AZURE / AWS);
• Firewalls (On premise / Cloud services);
• Intrusion Detection / Prevention Systems;
• Security Information & Event Management tools (SIEM);
• Data Loss Prevention (DLP);
• Endpoint Management;
• Networking, Protocols & Vulnerability Management;
• Encryption & Identity Management;
• Policy creation; and,
• Developing and delivering Cyber Security related Training.

• Working in roles such as, Security Operations, Incident Response and Investigation, Risk Management and / or Network Security and Architecture.
• Working knowledge/experience of information security management systems (ISMS)

AND
Possess a professional certification that aligns with the responsibilities of the role such as Certified Information Systems Security Professional; CISSP, Certified Cloud Security Professional (CCSP)).
ORHave at least 6 years' experience working in a cyber security role, demonstrating progressive experience in technical and operational aspects of Cyber Security.
Plus
Have a minimum of 3 years' experience in each of the areas a) -c) described above.
AND
Possess a professional certification that aligns with the responsibilities of the role such as Certified Information Systems Security Professional; CISSP, Certified Cloud Security Professional (CCSP) and have the ability to demonstrate knowledge of information security management systems (ISMS).
*NB only those courses with a computing content of 50% or more will be considered and applicants must give full details on the application form of how the content of the course meets this requirement.

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)