Job Description

Posted 1 week ago

Position: Information Security Lead

Salary: £59k

Location: Oxford ( Hybrid )

Responsibilities:

Develop and maintain an Information Security improvement plan for the group.
Work with IT staff within the group to build on an existing information security program and ongoing security projects that address information security risks and compliance requirements.
Recommend, coordinate and where appropriate, implement agreed technical controls.
Be responsible for decisions regarding operational activities in relation to Information Security improvement within the group.
Work with the Head of IT and College governance structures to create and maintain security policies.
Monitor and report on compliance with security policies, as well as the enforcement of policies.
Plan and prioritise own work ensuring effective support to the group and delivery of key Cyber Security improvement objectives.
Research, evaluate, design, test, recommend and plan the implementation of new or updated information security hardware or software, and analyse its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
Develop strong working relationships with the Head of IT, Technical Services Manager, and IT Managers to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
Ensure all IT staff have access to IT systems limited by need and role.
Research/evaluate emerging information security threats and ways to manage them.
Assist Colleges with maintaining suitable TPSA templates and maintaining a list of assessed third parties.
Monitor and test vulnerabilities in technological infrastructure, managed services, and devices.
Use influencing skills to ensure collaborative working to engender a level of quality improvement across the group.
Consult with IT colleagues to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications, and software as part of Privacy by Design and Default.
Manage and coordinate operational components of security incident management, including detection response and reporting.
Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, and communicate information about residual risk.
Manage security projects, provide expert guidance on security matters for other IT projects and work with suppliers to obtain best value.
Evaluate requests for exceptions to policies, ensuring sufficient mitigating controls are in place.
Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are following policies and audit requirements.
Review, escalate and action any unusual event behaviour identified through the groups information security systems.
Create standards in system hardening, change management, documentation.
Perform periodic firewall
Ensure disaster recovery and data restoration processes work.
Ensure appropriate Corrective and Preventative Actions are implemented in line with best practice guidance.

Essential:

A record of accomplishment in and experience of introducing Information Security Improvement through successfully designing, implementing, and improving IT security architecture and controls.
Working technical knowledge in broad domains of IT infrastructure such as data networks, server and desktop hardware and operating systems, storage and backups, and related monitoring and management systems.
Demonstrable experience of applying security controls in one or more of the following areas: Unix/Linux Servers, Windows servers, firewalls, IDS/IPS, vulnerability management, WAF, Wi-Fi, mobile security, Data Loss Prevention, digital certificates, encryption and authentication techniques, forensics, and LAN / WANs.
Solid understanding of security protocols, cryptography, authentication, authorisation, and security.
Able to manage own workload, resolve competing demands, and cope with changing priorities in a flexible and proactive way.
High level of personal integrity, as well as the ability to handle confidential matters and show an appropriate level of judgment and maturity.
Excellent written and oral communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and non-technical audiences.

INDIT

Planet Recruitment acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers. Planet Recruitment is an Equal Opportunities Employer.

By applying for this role your details will be submitted to Planet Recruitment. Our Candidate Privacy Information Statement explains how we will use your information.

Only candidates with the relevant skills and experience will be contacted after application, if you do not hear back from us within 7 days you have unfortunately been unsuccessful in your application.

Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and abilities to perform the duties of the position