Permanent, Full Time
£41,000 to £45,597 per annum
Closing Date: 25/01/2022
In line with Essex County Council’s Ways of Working policy, this role has been deemed as an ‘Anywhere Worker’ position. This means you are able to work remotely for the majority of the time, with occasional trips to the office based on business need. Any journeys to the office would be at your own expense. More specific details about this can be discussed at the interview stage should you be invited to interview.
Essex County Council (ECC) Technology Services is focused on ensuring current and future investment in technology maximises the opportunity to support ECC in meeting its strategic goalsTo achieve this Technology Services are undertaking a major transformation programme which will create the conditions where employees, residents and businesses can collaborate, innovate and thrive.
We are looking to recruit passionate and experienced IT Professionals to assist in the design and delivery of Technology Services enabling us to deliver outstanding outcomes and experiences enabled by modern, connected technology.
This role is responsible for explaining the purpose of and providing advice and guidance on the application and operation on physical, procedural and technical security controls vital to maintaining a safe and secure working environment. Performing security risk, vulnerability assessments, and business impact analysis for information systems, investigating suspected attacks and managing security incidents.
What’s in it for you:
- Make an impact on the lives of residents in Essex
- Be a part of a new forward-thinking Technology Services Team in local government
- Engage directly with customers, suppliers and stakeholders to design and deliver meaningful, measurable technology change
- An excellent benefits package https://www.workingforessex.com/benefits
Key Responsibilities and Accountabilities:
- Responsible for providing expert advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards, ensure User awareness to assist with their compliance and to give confidence to Business Users and Citizens that ECC system and data are appropriately protected.
- Responsible for the development of information security policy, standards and guidelines to ensure ECC systems and data are afforded the appropriate levels of protection.
- Accountable for performing regular security, risk, vulnerability assessments, and business impact analysis for ECC systems to ensure correct controls are maintained, improvements are identified and acted upon and accredited standards are maintained.
- Responsible for ensuring that suppliers of third-party services meet the risk, compliance, security and continuity requirements of ECC. Where needed recommending, supervising and assuring corrective action as required to maintain a safe and secure operating environment for ECC business operations
- Responsible for security, continuity and recovery assurance of design for new and changing technologies and services to ensure that vulnerabilities are not introduced because of innovation and change to ensuring the provision of continuing secure business environment.
- Accountable for obtaining and acting on vulnerability information, conducting security risk assessments, business impact analysis and accreditation on complex information systems to ensure the appropriate controls and processes are in place to protect ECC systems and data to provide confidence in service provision and avoid individual and organisational compromise.
- Accountable for investigating major breaches of technical security and recommending appropriate control improvements to prevent recurrence and restore the appropriate levels of protection.
- Responsible for the duties and accountabilities of Technology Policy & Assurance Manager in their absence to ensure efficient management and continuity of an effective Risk and Assurance service in support of ECC business operations.
- Specific individual and shared targets and objectives are defined annually within the performance management framework.
Knowledge, Skills and Experience:
- Educated to degree level or equivalent by extensive experience.
- Hold accreditation as an ISO 27001 Implementor or Auditor, or equivalent qualification in Risk Management, Business Continuity, or Disaster Recovery, or hold Certified Information
- Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).
- Development of information security policy, standards and guidelines to ensure ECC systems and data are afforded the appropriate levels of protection.
- Conducting security risk assessments, business impact analysis, accreditation of complex information systems, and obtain and act upon vulnerability information to ensure the appropriate controls and processes are in place to protect ECC systems and data to provide confidence in service provision, maintain accredited standards and avoid individual and organisational compromise.
- Perform security, continuity and recovery assurance of existing services and new designs ensuring the provision of a continuing, secure business environment.
- The Security Analyst must comply with the ECC defined SFIA (Skills Framework for the Information Age) requirements for this type of role.
As part of employment with Essex County Council should your role require a DBS check you will be required to register with the DBS update service. The DBS update service ensures all registered DBS certificates are kept up to date and allows authorised parties to view the status of your certificate. This is an annual subscription and you will be responsible for ensuring this is maintained. For further information on the DBS update service please visit: https://www.gov.uk/dbs-update-service
Essex County Council is proud to offer an excellent benefits package to all its employees. For more information please use the following link: https://www.workingforessex.com/working-here/pay-reward/
Essex County Council is committed to safeguarding and promoting the welfare of children and vulnerable adults and expects all employees and volunteers to share this commitment.
We seek the best talent from the widest pool of people as diversity is key to our success.