Description
Job Title: Information Technology Security Officer (ITSO)Permanent contract
Salary: £40-45,000.00
Location: Oxfordshire / Bristol Parkway
Hours: 37.5 per week
** SC Clearance Required **
The ITSO is perceived as a specialist IT function dealing with policy and documentation of MoD and Commercial systems and investigation and reporting of IT security incidents.
The role and primary areas of responsibility will be based between Oxfordshire and Bristol Parkway but will be required to provide support to other operational sites.Reporting to the UK General Manager (UK) and the Support Services Manager, the ITSO will be required to work under the professional guidance of the Information Assurance Team.
Responsibilities
* Providing security advice in conjunction with the Site Security Controller and Group Information Assurance Team to the installation staff and system users and to offer governance guidance to the IT project team.
* Production and maintenance of security policy documentation for IT systems including Security Operating Procedures, Risk Management Accreditation Document Sets and Code of Connections; auditing and measuring system compliance with these documents.
* Liaising with the Local Site Security contacts and the Information Assurance Team on all aspects of IT security.Acting as point of contact for all local IT security incidents, investigating and reporting in accordance with Government and Company policy.
* Assessing CIS compliance with policies and procedures, driving remediation where non-compliance exists, and imposing sanctions and restorative actions to regain compliance. Reporting to the General Manager (UK), Service Support Manager or Information Assurance Officer where appropriate any security loopholes, infringements and vulnerabilities that may come to light.
* Preparing security reports and conducting security surveys required by the Local Security Controller or the Information Assurance Team.
* Monitoring the implementation of hardware and software changes and enhancements to ensure that maintenance is carried out without endangering security.
* Act as point of contact for all local IT security incidents, investigating and reporting in accordance with Government and Company Policy.
* Run local Information Security Awareness initiatives to ensure all staff in their area maintains some exposure to the issues.
* Attendance at Security Working Groups and Information Governance events.
Skills & Experience
* Experienced IT security professional, focused on being part of a technical security team.
* Knowledge of JSP440, JSP480, Security Policy Framework, HMG Information Assurance Standards and their implementation.
* Experience of producing security documentation including Security Operating Procedures, Risk Management Accreditation Document Sets and Code of Connections.
* Knowledge of ISO27001.Knowledge of CESG Good Practice Guides and CESG Approved Products.
* Demonstrable knowledge and experience of investigating and reporting IT security incidents. Experience of maintaining and interrogating IT security logs.
* Ability to educate and influence individuals at all levels of the requirement to adhere to IT security policies and controls.
* Strong technical domain expertise with IP infrastructure, networks, systems and hosted services would be an advantage.
* Knowledge of any applicable operating systems, security enforcing functions, firewalls, applications or anti-virus.