Technical Security Manager

Contracted to our Wilmslow, London, Edinburgh, Cardiff or Belfast office, however, through hybrid working we offer flexible home and office-based working opportunities. There will be times when you will be expected to attend the office to collaborate with colleagues or travel due to business need. 

Why work for the ICO?

• Pay progression scheme.
• Hybrid and flexible working options. 
• 25 days paid holiday per year, plus privilege and public holidays.
• Flexi leave (up to 26 additional days leave per year).
• Pension (employer contribution around 26.6%).
• Online discount scheme to save money at major supermarkets, retailers, gyms, restaurants, insurance providers and many more.
• Health Cash Plan.
• Fantastic development opportunities to learn and progress.

Further details can be found on the benefits section of our website .

About us

The Information Commissioner’s Office (ICO) is the independent regulator of information rights. In a data-driven world, we provide advice, guidance, and support to organisations enabling compliance with their obligations, as well as protecting individuals and their personal data.

As an employer, we are passionate about making a positive difference to the lives and careers of our people, and we empower you to be curious, impactful, collaborative and respectful.

About the role

Focused on key areas of technical security, security by design, security engagement for new development and system changes, staff education and ensuring the adherence to corporate policies, controls, and industry best practices.

You will lead and deliver technical security engagements across the ICO providing security requirements, advice and guidance, technical leadership and oversight of security controls for all new developments, or technical changes to existing systems or services.

In collaboration with the wider Cyber Security team, the ICO Digital and IT product owners, and the ICO senior leadership team, you will review all areas of technical security and best practices, including ensuring our high value assets are secured and controlled in line with the corporate, business and technical risk appetites, and the production of security opinion reports on Gaps, risks and mitigation recommendations.

You will also lead the delivery of secure by design, through the production, review, and publishing of baseline security requirements aligned to ISO27001 and other best practice guidance (for example, PCI-DSS, NCSC and Government Functional Standards)which will include providing technical security advice, guidance and oversight to Change Advisory Board and Data Protection Impact Assessment forums.

As part of the Cyber Security team, you will prove technical expertise and practical experience to drive ICO policies and education, and to deliver appropriate and proportionate direction, on technical security issues and challenges.

Working in collaboration with the wider information security community within the ICO and across strategic partners, such as NCSC, NCA, NPSA, you will lead on ensuring that the threat landscape across the regulatory sector and at national levels are understood; that priorities and direction reflect the changing credible threats to the ICO and that our technical controls for our key systems and assets are appropriately secured, assessed, monitored

Creation and updating of technical baseline security requirements for the core ICO services will be a key delivery of the role, as will aligning appropriate workstreams to ensure that we have clear oversight of the controls deployed for each service based on its corporate, business and technical impact risk assessment score.

KEY RESPONSIBILITIES

• Ownership of secure by design principles and guidance
• Delivery of technical security requirements
• Project and change security governance
• Delivery of security opinion reports
• Technical security collaboration both internally to the ICO and with external partners
• Technical security KPI’s
• Leadership and management of cross function security engagement

About you

• Experience relevant to the role requirements, as described in the role responsibilities and person specification, and accumulated through any combination of academic or vocational qualifications or experience
• Desirable:
• CISSP in good standing or equivalent proven level of experience.
• ISO 27001 lead implementor
• Minimum of 2 years’ experience in a similar role
• Experience of defining and refining security controls and standards
• Proven experience of implementing or reviewing technical security controls
• Desirable: Cloud security, microservices, Azure or AWS technical security experience and strong knowledge of the shared responsibility security model
• Desirable: Experience in working in a public sector or highly regulated organisation.
• Demonstrable experience in leading technical security delivery. Including KPI’s and metrics creation.
• Experience of delivering cross organisation security change, with the ability to influence and guide both technical and non-technical colleagues, through policies and in best practices.
• Excellent organisation skills, demonstrating an ability to manage complex workloads and identify key priorities in line with organisational strategy and roadmaps.
• Ability to motivating team members to ensure timely, quality outcomes.
• Self-motivated and dynamic with the skills to identify issues and willingness to own remediations 
• Excellent verbal, communication and interpersonal skills with people at all levels, using tact and diplomacy and able to collaborate with other teams to achieve objectives

Equality, diversity, and inclusion

The ICO is committed to promoting and enhancing equality, diversity, and inclusion. We are focused on developing a workforce that is representative of the communities we serve and together we are building an inclusive workplace where all of our colleagues have the opportunity to make a real difference. We are championing this through our Equality Diversity and Inclusion Board together with a number of staff networks. Read more about our commitment on our website. 

If you have a disability or impairment and have difficulty using our online application system, please email the HR team at recruitment@ico.org.uk who can arrange for you to submit an application via an alternative method.

Job contact :

• Name : recruitment@ico.org.uk
• Email : recruitment@ico.org.uk
• Telephone : recruitment@ico.org.uk

Recruitment team

• Email : recruitment@ico.org.uk