Role Profile Job Title Information Security Job No. (Office Use) A238 Band/Band Range- (for career grades) Grade I Directorate Chief Executive s Office Department ICT Division Operational Service Delivery Section Information Security Reports to (Job Title) Operational Service Delivery Competency Job Type Suitable for Job Share (Y/N) Yes If No reason Location Civic Centre Shift Pattern CRB check required Not required Job Purpose Take the lead responsibility for information security management within the Authority, including development of policies and procedures, the overall security of computer systems and monitor ICT usage and remote network access. Provide specialist technical guidance on all matters relating to ICT security operating in a complex, multi-site and diverse organisation. Be responsible for the day to day operations of the ICT Security Management Service, ensuring corporate service level agreements are met and compliance guidelines achieved. Plymouth City Council is committed to providing access, aids, adaptations and alternatives wherever possible and reasonable adjustments to enable people with disabiities to fulfil the criteria for, and undertake the duties of its jobs. Page 1 of 5 Updated on 22/02/2010
Decision Making The post holder will have to analyse the impact a security incident has on the business and the service provided to the Authority s customers, assess the priority of the incident e.g. hacking into a web server would be high priority. On occasions, the post holder has to juggle changing and/or conflicting legislation relating to security e.g. FOI, Data Protection Act, Human Rights Act and Computer Misuse Act. The post holder would make recommendations relating to security to contribute to the ICT strategy. Also make recommendations when identifying the most appropriate areas of infrastructure for upgrade/renewal with a limited budget. The post holder reports to the Operational Service Delivery who undertakes annual performance appraisals with six monthly reviews, monthly team meetings and ongoing daily contact to discuss progress and issues. Accountabilities Deliver the ICT Security Management Service in the most efficient and effective way in accordance with the ICT Strategy, best practice and industry standards (25%) Ensure appropriate relationships are fostered and developed with internal services and external partners and that the Corporate ICT function works in collaboration with all Directorates. Be the lead technical adviser for ICT security, providing advice to senior managers, members, partners such as Housing Associations, NHS and others (10%) Implement all policies, plans and strategies relating to ITIL Security Management. Recommend policies to combat virus protection, network hacking and system misuse. Assist in formulating Best Practice Guides and Administration Manuals (35%) Regularly review the effectiveness of the ICT Security Management Service performance in line with agreed service level agreements and key performance indicators. Undertake regular monitoring of system usage and security, with particular reference to internet usage, intranets and e-commerce. Maintain an up to date knowledge of all legislative and regulatory changes (5%) Contribute to the project and programme lifecycle and manage ICT security projects by investigating all incidents, recommending countermeasures to reduce the risk of further similar incidents (10%) Manage, maintain and monitor effective corporate processes, procedures. Develop and maintain the knowledge base for the ICT Security Management Service (10%) Assist with research into the ICT infrastructure and its further development. Support the production of corporate business cases setting out a rationale for new investment within the Service (5%) Page 2 of 5
Accountabilities (2) Delegated operational control (indirect) of staff in all ICT Service Areas for the purposes of information security investigation and incident resolution and for 2 nd and 3 rd line support for problem resolution and operational delivery against service level agreements. Responsible for ensuring delivery of training to Engineers and Technicians as required to enable successful resolution of 1 st and 2 nd line information security related incidents and requests for change. This could amount to approx 60 staff. Also a range of external consultants and temporary contractors Undertake other duties appropriate to the grade of the post. Demands There may be the need to occasionally lift and carry IT equipment Concentration required when investigating incidents, where there can also be considerable levels of work related pressure and interruptions causing a change in priorities Working Conditions The role is predominantly office based with minimal exposure to disagreeable working conditions Page 3 of 5
Experience, Knowledge and Qualifications Essential: ITIL Foundation certification Commitment to study for Certified Information Systems Professional Demonstrable experience of working in a professional ICT Technician/Service Desk environment PLUS Reasonable experience of supporting information security management at a senior level within a professional ICT engineering environment Understanding of Information Security and ITIL security management Understanding of ICT architecture and how it fits together Experience of investigating and taking accountability for problems and identifying the root cause, including the actions to correct Experience of organisational development, leading and managing change and contributing to change activities Experience in the use of Microsoft applications Experience of working within a ITIL environment Knowledge of risk analysis methodologies Knowledge of Security best practice frameworks such as ISO27001, Data Protection, Freedom of Information, Caldicott principles, computer misuse act Expert knowledge of management applications and produce policies to use them to undertake proactive monitoring and maintenance of the ICT infrastructure to ensure security of information Desirable: Certified Information Systems Professional Degree in a relevant subject Skills and Technical Competencies Keyboarding skills required using a range of Microsoft Office software for correspondence, research, report writing, statistics, together with specialised software relating to ICT security The post holder requires analytical and judgemental skills in order to interpret complex security information which may be over several weeks Developed interpersonal and communication skills needed when interacting with partner organisations, major suppliers, contractors and staff in all departments and for training purposes Page 4 of 5
Corporate Standards Act at all times in accordance with appropriate legislation and regulations, codes of practice, the provisions of the council s constitution and its policies and procedures. Work within the requirements of the Councils Health and Safety policy, performance standards, safe systems of work and procedures. Undertake all duties with due regard to the corporate equalities policy and relevant legislation. Page 5 of 5