Technical Security Lead


Apply Now
 

Details

Reference number

301329

Salary

£38,818 – £49,502
A
Civil Service Pension with an average employer contribution of 27%

Job grade

Other

Contract type

Permanent

Business area

ICO – IT – Cyber Security – ICO Digital, Data and Technology

Type of role

Digital

Working pattern

Full-time

Number of jobs available

1

Contents

Remote working (anywhere in the UK)

Job summary

Cyber Security – ICO Digital, Data and Technology

The ICO Cyber security team is expanding to meet the opportunities created by our ICO25 Strategic Plan and our objective for our stakeholders of “empowering you through information”. This represents an exciting time to join the team, bringing your experience and capabilities as well as potential to learn and develop, in a high profile and dynamic environment. The Cyber Security team is part of our wider Digital, Data and Technology (DDaT) directorate, and ensures that we support the objectives of secure by design.

In DDaT, we make sure that the ICO’s technology and data empower our people to do their best work. Our digital services empower organisations to use data responsibly and empower the public to have their information rights protected. Our Cyber Team enables us to use data securely.

Job description

About the role

As Technical Security Lead, you will focus on key areas of technical security, Security by Design, security engagement for new development and system changes, staff education and ensure the adherence to corporate policies, controls, and industry best practices.

You will lead and deliver technical security engagements across the ICO providing Security requirements, Advice and Guidance, technical leadership and oversight of security controls for all new developments, or technical changes to existing systems or services.

In collaboration with the wider Information Security team, the ICO Digital, Data and Technology product owners; you will review all areas of technical security and best practices, including ensuring our high value assets are secured and controlled in line with the corporate, business and technical risk appetites, and the production of security opinion reports on Gaps, risks and mitigation recommendations.

You will also lead the delivery of secure by design, through the production, review and publishing of baseline security requirements aligned to ISO27001 and other best practice guidance. e.g. PCI-DSS, NCSC and Gov Functional Standards. Which will include providing technical security advice, guidance and oversight to Change Advisory board and Data Protection Impact Assessment forums.

As part of the Information Security Team, you will prove technical expertise and practical experience to drive ICO policies and education, and to deliver appropriate and proportionate direction, on technical security issues and challenges.

You will be aware of the threat landscape across the regulatory sector and at national levels are understood; and that our technical controls for our key systems and assets are appropriately secured, assessed and monitored. Supporting the creation and updating of technical baseline security requirements, for the core ICO services, will be a key delivery of your role.

  • Delivery of secure by design principles and guidance.
  • Delivery of technical security requirements.
  • Project and change security governance.
  • Delivery of security opinion reports.
  • Technical security collaboration both internally to the ICO and with external partners.
  • Technical security KPI’s.
  • Leadership and management of cross function security engagement.

Person specification

About you

  • Experience relevant to the role requirements, and accumulated through any combination of academic or vocational qualifications or experience.
  • Desirable:

CISSP in good standing or equivalent proven level of experience.

 ISO 27001 lead implementor

  • Minimum of 2 years’ experience in a similar role.
  • Experience of defining and refining security controls and standards.
  • Proven experience of implementing or reviewing technical security controls.
  • Desirable: Cloud security knowledge in microservices and CI/CD in MS Azure environments or AWS technical security experience.
  • Strong knowledge of the shared responsibility security model.
  • Desirable: Experience in working in a public sector or highly regulated organisation.
  • Track vulnerabilities in software, systems and networks.
  • Identify and assess cyber threats and cyber security risks, and recommend measures to manage them.
  • Design security controls, including those affecting the selection and development of systems.
  • Test and report on the security of an organisation’s systems and networks.
  • Brief and train non-cyber staff on cyber security awareness and safe practice.
  • Work with managers in other teams to ensure effective cyber security across the organisation.
  • Self-motivated and dynamic with the skills to identify issues and willingness to own remediations. 
  • Excellent verbal, communication and interpersonal skills, with people at all levels.
Alongside your salary of £38,818, Information Commissioner’s Office contributes
£27 towards you being a member of the Civil Service Defined Benefit Pension scheme.

Find out what benefits a Civil Service Pension provides.

Why work for the ICO?

  • Pay progression scheme.
  • Hybrid and flexible working options. 
  • 25 days paid holiday per year, plus privilege and public holidays.
  • Flexi leave (up to 26 additional days leave per year).
  • Pension (employer contribution around 26.6%).
  • Online discount scheme to save money at major supermarkets, retailers, gyms, restaurants, insurance providers and many more.
  • Health Cash Plan.
  • Fantastic development opportunities to learn and progress.

Further details can be found on the benefits section of our website .

Selection process details

Closing Date

Please submit your CV by 23:59, Sunday 6 August 2023

We reserve the right to close this vacancy before this date should we receive sufficient applications. Please apply as soon as possible to ensure your application is considered.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.
People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Medical

Successful candidates will be expected to have a medical.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the Republic of Ireland
  • nationals from the EU, EEA or Switzerland with settled or pre-settled status or who apply for either status by the deadline of the European Union Settlement Scheme (EUSS) (opens in a new window)
  • relevant EU, EEA, Swiss or Turkish nationals working in the Civil Service
  • relevant EU, EEA, Swiss or Turkish nationals who have built up the right to work in the Civil Service
  • certain family members of the relevant EU, EEA, Swiss or Turkish nationals

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission’s recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
Once this job has closed, the job advert will no longer be available.
You may want to save a copy for your records.

Contact point for applicants

Job contact :

  • Name : recruitment@ico.org.uk
  • Email : recruitment@ico.org.uk

Recruitment team

  • Email : recruitment@ico.org.uk
Apply at advertiser’s site

Share this page

 
 

Apply Now

Posted

in