JOB DESCRIPTION 1. JOB TITLE: Information Security Officer 2. HRMS REFERENCE NUMBER: HRMS/13152 3. ROLE CODE: FINCIO 4. DEPARTMENT: Learning and Information Services (LIS) 5. ORGANISATION CHART: The post will report to the Deputy Director of LIS 6. JOB PURPOSE: Responsible for the Implementation of University IT Security Policy Responsible for the day to day implementation of Server Operating System Security Responsible for the day to day implementation of Network Security Responsible for defining IT Security practice and procedures for use within LIS To work closely with the Institution Compliance Officer with regards to Security, Data Protection and Information Handling To work closely with the LIS Management team to maintain Institute LIS Risk register and Disaster Recovery / Business Continuity Plan To work closely with the LIS Management team to support system enhancement and development 7. BACKGROUND INFORMATION: Learning and Information Services was formed in early 2007 from Learning Resources (Library, Media & Print) and CIT Services (IT, Networks & Phones). As part of the continuing development of the department, LIS is looking to appoint an Information Security Officer to support efforts that impact the security profile of the University IT Services. 8. WORK PERFORMED AND/OR KEY RESULT AREAS: 8.1 Communicating Effectively Liaise by letter, email and phone with external service providers. For example communication with JANET CSIRT/CERT concerning IT Security related notifications Liaise by letter, email, phone and meeting to build effective working relationships with appropriate University departments, such Faculty Administrators regarding IT Security requirements. Liaise by email, phone and meeting with the Institution Compliance Officer to ensure LIS practice is in line with legal obligation and is deliverable throughout the University. Act as an advisor to staff, academic managers and teaching staff in respect of IT Security matters.
8.2 Leadership and Working Collaboratively The role holder is expected to participate and contribute to a number of teams: the Network team, the Infrastructure team, the Business Improvement team and the overall Learning & Information Services. Within each team the role holder is required to contribute to overall team objectives. 8.3 Liaison and Networking To be an advisor to all University staff on IT Security issues. The role-holder participates in and contributes to university networks by involvement in IT Security issues. 8.4 Delivering a High Quality Standard of Service The role holder will provide a high standard of technical service for academic or other staff and students who ask for IT Security guidance and is required to create a positive image of the institution by being responsive and prompt in responding to requests and referring the user to the right person if necessary. The role holder will work with LIS Staff to ensure day to day implementation of Server Security including:- Staying current with any Server OS known patches Staying current with any Server Application patches Upgrading Server Operating Systems when necessary The role holder will work with LIS Staff to ensure day to day implementation of Network Security including:- Implementing Firewall rules Reviewing and updating Firewall rules The role holder will work with LIS Staff to ensure day to day implementation of Desktop Security including:- Updating and distributing Anti-virus Software Detecting and eliminating Spyware Staying current with Desktop Operating System and Application Patches Work with LIS Staff to develop effective methods of Network Intrusion Detection Work with the institutional Compliance Officer regarding the development and maintenance of: security related guidance and training; the Information Asset Register; and more general ISO27002 compliance. Work with LIS Staff to develop effective Network usage and Auditing methods
8.5 Effective Decision Making The role holder has the freedom to be creative and take actions that will assist the day to day functioning of the University s IT Security. The role holder has the freedom to be creative and take actions that will assist the organisation of their work/office procedures. 8.6 Planning and Organising Self and Others The role holder is able to plan, prioritise and organise their own work or resources to achieve the objectives they have agreed with their manager. Project Manage IT Security change programmes and new installations. 8.7 Innovation and Improvement (Effective Problem Solving) The role holder will continually review IT Security installations and incorporate improvements and innovations as a matter of routine. It is an important requirement of the role to use initiative and creativity to resolve problems where the optimal solution may not be immediately apparent but has to be assessed by a process of reasoning, weighing up the pros and cons of different approaches; identify and assess practical options; break the problem down into component parts. The diagnosis and analysis of IT Security incidents and the testing of potential remedial action prior to implementation are examples of this requirement. 8.8 Analysis and Research The role holder is required to analyse and research appropriate IT Security techniques and solutions which may require advising others on their findings. It is a daily requirement of the role to solve technical and other problems by analysing routine data or information provided by relevant IT Security tools. It is essential that the role holder works accurately to complete the task and resolve the technical problems. 8.9 Sensory and Physical Demands The role holder is required to carry out tasks at a level which would require either learning certain methods or routines or involve moderate physical effort, such as the use of a trolley to move computer equipment. Needs to be aware of Health and Safety at Work and VDU use issues 8.10 Work Environment The role holder is required to work in an environment which is relatively stable and has little impact on the role holder or the way in which work is completed. They may be required to work across all University campuses but will be primarily based within LIS at the Parkgate Campus.
The role holder is also required to understand how the work environment could impact on their own work or that of colleagues and take standard actions, within health and safety guidelines where applicable, for example, when moving, installing and maintaining computer and other electrical equipment. Shared office space with busy and frequent interruptions by people and telephones. 8.11 Pastoral Care and Welfare The role holder is occasionally required to show sensitivity to those who may need help or, in extreme cases, are showing signs of obvious distress, for example if data has been lost due to a computer error. The role holder may initiate appropriate action by involving relevant specialist or more senior staff. 8.12 Team Development The role holder is occasionally required to train or guide others on specific tasks, for example, providing advice, guidance and feedback on the basis of their own IT Security knowledge or experience. Deliver training as appropriate to LIS staff relating to recent developments IT Security. 8.13 Teaching and Learning Support Help to develop and deliver training/guidance either verbally, written or within training workshops as appropriate to wider university staff and students in relation to the work of LIS. 8.14 Knowledge and Experience The role holder is required to have sufficient knowledge or expertise to work on day to day issues in their own area without direct or continuous reference to others. Knowledge and practical experience of system security issues Educated to degree level or equivalent Practical experience in dealing with computer security incidents and security vulnerabilities Comprehensive understanding of Ethernet and TCP/IP Knowledge of Network monitoring tools and Traffic analysis Knowledge of information security management best practices such as ISO 27000 Experience of working within a CSIRT/CERT environment Practical experience in intrusion detection systems Knowledge of threat and vulnerability analysis, risk assessment business impact analysis
Experience of writing effective security policies and procedures The ability to work effectively as part of a team and to relate positively to other people The ability to take the initiative in establishing new ways of working to achieve the objectives of the post Confidentiality, tact and diplomacy and the ability to work to deadlines Excellent communication skills Good time management and prioritisation skills Flexible approach to work Strong IT skills, including the ability to use a variety of software programmes, including word processing, spreadsheets and databases, web and email 8.15 General Undertake any other duties commensurate with your grade, and/or hours of work, as may reasonably be required of you. Take responsibility for upholding and complying with the University s Equality and Diversity policies and for behaving in ways that are consistent with fair and equal treatment for all. To comply with all University Health and Safety policies.
PERSON SPECIFICATION Job Title: Information Security Officer Department: Learning & Information PERSON SPECIFICATION Services Criteria / Desirable Method of identification Qualifications: Educated to degree level or equivalent Application Form Proven Experience: Proven experience of working in an ICT environment Delivering academic and service excellence: Knowledge and practical experience of system security issues Practical experience in dealing with computer security incidents and security vulnerabilities Comprehensive understanding of Ethernet and TCP/IP Knowledge of Network monitoring tools and Traffic analysis Knowledge of information security management best practices such as ISO 27000 Experience of working within a CSIRT/CERT environment Practical experience in intrusion detection systems Knowledge of threat and vulnerability analysis, risk assessment business impact analysis Experience of writing effective security policies and procedures Excellent IT skills, including the ability to use a variety of software programmes, including word processing, spreadsheets and databases, web and e-mail. Desirable Desirable Desirable Managing self and inspiring others: The ability to take the initiative in establishing new ways of working to achieve the objectives of the post Good time management and prioritisation skills Interview Interview
Working together: The ability to work independently and also as part of a team. Excellent communication skills Interview Application form/interview Organisational and stakeholder awareness: Confidentiality, tact and diplomacy and the ability to work to deadlines Application form/interview Requirements are those, without which, a candidate would not be able to do the job. Applicants who have not clearly demonstrated in their application that they possess the essential requirements will normally be rejected at shortlisting stage. Desirable Requirements are those that would be useful for the post holder to possess and will be considered when more than one applicant meets the essential requirements.
UNIVERSITY OF CHESTER TERMS & CONDITIONS OF EMPLOYMENT LEARNING AND INFORMATION SERVICES INFORMATION SECURITY OFFICER SALARY SCALE University Scale OS7, points 23-26, 25,013-27,318 per annum payable monthly in arrears. RESIDENCE REQUIREMENT It is a requirement of this post that within 12 months of appointment, the post-holder should live within a 30 mile radius or within a one hour travelling time by public transport from the University. HOURS OF WORK 36.5 hours per week to be worked as follows: Monday to Thursday 9:00am 5:30pm Friday 9.00am 4.30pm (less one hour break each day) A flexible approach to work will be required as there may be occasions when it would be necessary for you to work additional hours as dictated by the workload. HOLIDAY ENTITLEMENT 22 days per annum (pro-rata during the commencement and cessation years), rising to 27 days after five years' continuous service. Two extra statutory days per annum during the Christmas period. MEDICAL EXAMINATION Successful candidates will be required to complete an Occupational Health questionnaire, and may be required to undergo a medical examination. ESSENTIAL CERTIFICATES Short-listed candidates will be asked to bring to interview, proof of qualifications as outlined on the Job Description and Person Specification provided. Upon appointment, copies of essential certificates will be required by HRM Services. PENSION SCHEME The University operates two pension schemes for support staff: The default scheme is the Higher Education Defined Contribution Scheme (HEDCS), which is administered by Friends Life. The Cheshire Local Government Pension Scheme, to which the University is an admitted body. All support staff are entitled to participate in one of these schemes. Some staff will be automatically enrolled into a scheme, depending on their age and earnings, but if they do not wish to remain a member of the scheme, they will be entitled to opt out after enrolment. EQUAL OPPORTUNITIES The University has a policy of equal opportunity aimed at treating all applicants for employment fairly. SMOKING POLICY The University operates a No-Smoking policy. PROBATIONARY PERIOD A six months' probationary period applies to all University posts. CLOSING DATE Completed application forms should be submitted via our online webrecruitment page no later than Monday 7 th April 2014, quoting reference number HRMS/13152.