IT Security Officer

2

RSR is a public safety & enterprise security recruitment specialist. We assist public safety employers find the right talent. We assist all employers when they want to source public safety and enterprise security skills and experience.

We are currently recruiting for an IT Security Officer to work on a permanent contract with a local police force based near Worcester.

The role has a starting salary of £59,191 per annum.

This is a hybrid working role.

Role overview:

To provide professional guidance and specialist advice with regard to all Digital Services related security and risk matters and ensure implementation of all necessary policies, procedures, processes and risk management plans to achieve compliance with national codes of connection for Police information systems.

To support the maintenance of the Force setting and ensuring that policies are adhered to and to meet the required security standards with effective risk management plans.

Maintaining up-to-date corporate knowledge of the Digital Services security industry, including; all national and police specific security guidance, compliance requirements, emerging best practice, new or revised security solutions, improved security processes, the development of new attacks and threat vectors.

Main Responsibilities:

1. To be the professional lead and design authority on behalf of the Head of Digital Services for all aspects of Digital Services security.

2. To provide expert and influential advice and guidance to the Information Security Manager, Head of Digital Services, SIRO, solution delivery teams and senior stakeholders on Digital Services Security management, strategies, policies and practices.

3. To undertake impact assessment of new legislation, threats, suppliers, services and solutions, to identify and initiate the development of new or changed Digital Services security controls, policies or procedures accordingly.

4. To develop and maintain technical policies and standards and promote compliance in line with Government security, corporate policies and corporate or local procedures and legal and international security standards (e.g. HMG IA framework and ISO27001).

5. As a core member of Digital Services management team, to be a key influencer and decision maker in respect of Digital Services security governance, strategy, policy, planning, assurance, procedures and practices.

6. To create an environment of perpetual challenge, continuous improvement and innovation in respect of Digital Services Security, and ensure relevant proposals are proactively driven through the Management Team.

7. To take individual responsibility for leading developments in the security area, building relationships with key internal stakeholders and external suppliers, as the professional lead on behalf of Digital Services.

8. To provide an internal security assurance function to ensure that the behaviours and practices of the Digital Services team and wider organisation do not undermine our contractual position with suppliers or compromise delivery and operations.

9. To lead investigations of any cyber-security or professional standards incidents impacting West Mercia.

10. To represent Digital Services on all force, regional and national security groups and governance meetings.

11. To undertake assessment of technical security risks of all new or changed Digital Services solutions and services to present a balanced recommendation to the Accreditor/key stakeholders.

12. To act as the point of escalation for Information Security issues to ensure that Digital Services security risks are reduced or mitigated through effective security practices.

13. To design and oversee the execution of vulnerability assessments, penetration tests and security audits.

14. To act as the Digital Services lead for liaison with the National Police Risk Information Management Team (NPRIMT) on all technology security matters, liaising with ARC as required.

15. To ensure all Digital Services system security definitions and implementations are in an accreditable state as defined by the PSN Code of Conduct or the Force Accreditor.

16. To maintain a Digital Services security incident response capability, providing advice and expertise to major incident teams.

Knowledge:

• Educated to degree level (Level 6) or equivalent in a related ICT discipline

• One or more recognised Security Qualifications such as ISC2’s Certified Information Systems Security Professional (CISSP) and/or HMG’s CESG Certified Professional (CCP), or equivalent academic or professional security qualification;

• Extensive knowledge of current Information Technology Standards and Techniques (including ISO 27001 series, HMG’s Cloud Security Principles and Cyber Essentials);

• Extensive knowledge of the HMG Security Policy Framework and associated CESG (now NCSC) IA Policy Portfolio

• Extensive knowledge and understanding of the Technical Security issues and trends that impact upon information security.

• An excellent understanding of information security concepts and practices concerned with maintaining the confidentiality and integrity and availability of information.

Experience:

• Demonstrable experience of designing, developing and implementing ICT security policies within an overall Information Management strategy;

• Extensive and proven track record of being the corporate lead on ICT Security matters;

• Demonstrable experience of designing and managing technical security audit and accreditation activities;

• Experience/ knowledge of the police service IA conditions (Codes of Connection, MOPI etc)

• Experience of liaising with other organisations and agencies on IT security matters

• Demonstrable knowledge of vulnerability assessments, penetration tests and security audits.

Why work for this client?

28 days Annual leave (increasing to 33 after 5 years’ service) + bank holidays

Generous pension scheme

Health and wellbeing, occupational health services, staff networks and an Employee Assistance Programme.

Police Mutual, affordable private healthcare and other savings.

Gym membership discounts.

Discounts on Electric Vehicles and Cycle to work scheme.

Register for a Blue light card – over 15,000 discounts from large national retailers.

If you would like to be considered for this position and have the relevant experience, then please send your CV to martin.cookson

Due to the high volume of applications we receive, if you do not hear from us within 7 working days, your application has been unsuccessful.

If this role is not for you but you do know somebody who would be interested, please feel free to refer them to us! We have a “Refer A Friend” bonus scheme and we will reward you retail vouchers for any referrals who are not already known to us and are successfully placed!

Red Snapper Justice is a member of the Red Snapper Group.

The Red Snapper Group acts as an employment agency (permanent) and as an employment business (temporary) - a free and confidential service to candidates.

The Red Snapper Recruitment Group is an equal opportunities employer