IT Information Security Manager Job Description
IT Information Security Manager Responsible to: Accountable to: IT Service Manager Head of IT Services Overall Purpose To provide effective response, protection process, systems, and continuity plans for the organisation's computers, networks and data against threats, such as security breaches, computer viruses or attacks by cyber-criminals Principal Duties and Responsibilities Responsible for understanding the IT requirements, expectations of information security, continuity and determining the scope of management systems Responsible for providing leadership, ownership of IT information security policy s, continuity plans, and ensuring that responsibility, authority roles are documented Responsible for identifying IT information security, continuity objectives and actions to address risks, opportunities, and the planning to address or achieve set outcome Reasonable for determining IT competency, awareness to ensure implementation, maintence, and continual improvement of information security, continuity Responsible for IT operational planning and control of information security, continuity risk framework, assessments and identified treatments Responsible for the evaluation of IT information security, continuity effectiveness by undertaking documented monitoring, analyses, internal auditing, and reviews Responsible for security offered services and all security incident management processes, there service level objectives, as defined within the IT Service Portfolio Responsible for providing security expertise and providing recommendations based on research of latest information security and business continuity trends Responsible for all IT Services security requirements and the documented technical, verbal communication of detailed specialist information across the organisation Responsible for the continual improvement of security information, continuity suitability, adequacy, and effectiveness and nonconformity and corrective actions Page 1
Generic Duties and Responsibilities To provide communication of solutions in different formats that translate to management and other personal Responsible for preparation of regular and scheduled reports that document security breaches and the extent of the damage caused by the breaches To demonstrate ownership and leadership with related projects, incidents, problems being able at times to work alone, within or across teams To provide project management and business relationship support with customer service level requirements and solutions To be aware of new technologies and methods that align with overall strategy which provide solutions that demonstrate business value To identify trends and potential problems providing initiative proactive solutions ensuring business continuity and capacity To continuously develop both technical and personal skills required within role and assist with development of other junior staff To undertake other roles, responsibilities, training and tasks as reasonably requested by line management To provide analysis and research of latest information security and business continuity trends and regular reporting with recommended actions To be a member of the IT Service SMT and UoN business continuity team making decisions that impact service delivery and the daily operation of the University To deputise in event of absence of line manager when requested by senior line management. Responsible and accountable for ensuring all employment legislative requirements are adhered including equality, diversity and health and safety issues Responsible for all activities and actions in accordance with departmental standards, process and procedures The job description may be altered at any time in line with the level of the post to meet changing requirements, but only in full consultation with the post holder Page 2
Person Specification Criteria Qualifications Please see Key below ssential / Desirable Assessment Methods 1 ITIL Foundation D A, I 2 CISSP Certified A, I 3 ISO 27001 Information Security Certified D A, I 4 ISO 22301 Business Continuity Certified D A, I 5 Skills, Knowledge and xperience Knowledge or experience of security methodology within ITIL, COBIT, PRINC2 A 6 Knowledge or experience of ISO 27000 and 22301 standards A 7 Knowledge or experience of PCI-DSS and DPA legislation A 8 Knowledge or experience Risk Rating framework methodology (such as OWASP) A Demonstrable knowledge of solutions: 9 Router Firewall Cloud SaaS and IaaS Platforms Internet and Web Filtering Threat Prevention and Protection Identity Management Datacenters Facilitates Incident Management Physical Access Data Protection and Archiving Security Templates A 10 Relevant experience in a similar role within information security and continuity role A Page 3
Personal Qualities 11 xcellent interpersonal skills with peers and key stakeholders A, I 12 Self-motivated an able to work on own initiative A, I 13 xcellent customer service skills with both student and staff requirements A, I 14 Good communication and presentation skills A, I 15 Able to work collaboratively within the wider IT department A, I 16 Ability to adapt to organisational change D I () ssential (D) Desirable (A) Application (I) Interview (T) Test (P) Presentation Page 4
Terms and Conditions of mployment Job Title: Duration: Hours: Salary: Work Base: Pension: Holidays: IT Information Security Manager Permanent Full time: 37 hours per week Grade 8: 38,833-47,722 per annum Park Campus or any of the University of Northampton premises as required ligible to join the Local Government Pension 24 days per annum plus 5 days after 5 year s continuous service plus Bank Holidays and Closed days. Notice period: 2 Months Probationary period: 12 Months Additional Points to Note Applicants are required to provide two referees who can give an opinion on academic and/or professional work experience. Successful applicants are required to provide any stated/required qualifications and evidence of any memberships to professional bodies. Applicants must provide evidence of their right to work in the UK in accordance with the Asylum and Immigration Act 1996 and Immigration Asylum and Nationality Act 2006. The starting salary for all new appointments and internal promotions will normally be at the minimum point of the grade Should you be shortlisted to attend an interview the University will not reimburse you for any expenses incurred. Page 5