Permanent, Full Time
£41,000 to £45,597 per annum
Closing Date: 01/07/2021
This position will, in line with current government guidance be based from home, with an expectation of being home based for the foreseeable future. However, if / when government guidelines change the role may then revert to being office based, whilst retaining some flexible working options in line with Essex County Council mobile flexible working policy.
Essex County Council (ECC) Technology Services is focused on ensuring current and future investment in technology maximises the opportunity to support ECC in meeting its strategic goals
To achieve this Technology Services are undertaking a major transformation programme which will create the conditions where employees, residents and businesses can collaborate, innovate and thrive.
We are looking to recruit passionate and experienced IT Professionals to assist in the design and delivery of Technology Services enabling us to deliver outstanding outcomes and experiences enabled by modern, connected technology.
This role is responsible for explaining the purpose of and providing advice and guidance on the application and operation on physical, procedural and technical security controls vital to maintaining a safe and secure working environment. Performing security risk, vulnerability assessments, and business impact analysis for information systems, investigating suspected attacks and managing security incidents.
What's in it for you:
- Make an impact on the lives of residents in Essex
- Be a part of a new forward-thinking Technology Services Team in local government
- Engage directly with customers, suppliers and stakeholders to design and deliver meaningful, measurable technology change
- An excellent benefits package https://www.workingforessex.com/benefits
Key Responsibilities and Accountabilities:
- Responsible for providing expert advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards, ensure User awareness to assist with their compliance and to give confidence to Business Users and Citizens that ECC system and data are appropriately protected.
- Accountable for obtaining and acting on vulnerability information, conducting security risk assessments, business impact analysis and accreditation on complex information systems to ensure the appropriate controls and processes are in place to protect ECC systems and data to provide confidence in service provision and avoid individual and organisational compromise.
- Accountable for investigating major breaches of technical security and recommending appropriate control improvements to prevent recurrence and restore the appropriate levels of protection.
- Responsible for the development of information security policy, standards and guidelines to ensure ECC systems and data are afforded the appropriate levels of protection.
- Accountable for performing regular security, risk, vulnerability assessments, and business impact analysis for ECC systems to ensure correct controls are maintained, improvements are identified and acted upon and accredited standards are maintained
- Responsible for security, continuity and recovery assurance of design for new and changing technologies and services to ensure that vulnerabilities are not introduced because of innovation and change to ensuring the provision of continuing secure business environment.
- Responsible for the duties and accountabilities of Technology Policy & Assurance Manager in their absence to ensure efficient management and continuity of an effective Risk and Assurance service in support of ECC business operations.
- Responsible for ensuring that suppliers of third-party services meet the risk, compliance, security and continuity requirements of ECC. Where needed recommending, supervising and assuring corrective action as required to maintain a safe and secure operating environment for ECC business operations
- Specific individual and shared targets and objectives are defined annually within the performance management framework.
Knowledge, Skills and Experience:
- Educated to degree level or equivalent by extensive experience.
- Hold accreditation as a Certified Information Systems Security Professional (CISSP) or RESILIA Practitioner or equivalent qualification.
- Conducting security risk assessments, business impact analysis, accreditation of complex information systems, and obtain and act upon vulnerability information to ensure the appropriate controls and processes are in place to protect ECC systems and data to provide confidence in service provision, maintain accredited standards and avoid individual and organisational compromise.
- Perform continuity and recovery assurance of existing services and new designs ensuring the provision of a continuing, secure business environment.
- Development of information security policy, standards and guidelines to ensure ECC systems and data are afforded the appropriate levels of protection.
- The Security Analyst must comply with the ECC defined SFIA (Skills Framework for the Information Age) requirements for this type of role.
Essex County Council is proud to offer an excellent benefits package to all its employees. For more information please use the following link: https://www.workingforessex.com/working-here/pay-reward/