IT Security Officer - Student Loans Company

advertisement
Job Description
Job Title:
Grade:
Information Technology Security Officer
G5
Details
About SLC
Student Loans Company is a non-profit making Government-owned organisation set up in 1989 to
provide loans and grants to students in universities and colleges in the UK. We are responsible, in
partnership with Local Authorities in England and Wales, the Student Awards Agency for Scotland,
the Education and Library boards in Northern Ireland, the Higher Education Institutions and HM
Revenue & Customs, for student support delivery in the UK.
Job Purpose

Ensure that Information Security controls are delivered and operated effectively, meeting
appropriate standards (ISO 27001/COBIT/PCI DSS).

Ensure that security risks are reduced or mitigated through effective security practices

Lead in the development of technical security standards and related policy

Provide a technical point of escalation for Information Security issues.

Ensure the effective delivery of security operations across the company

Monitor the changing threat landscape to identify and report emerging threats and issues

Maintain security incident response capability; providing advice and expertise to major
incident teams

Provide line management to security operational team.
Key Accountabilities

Resource Management ensuring that appropriate skills are available and maintained
ensuring no single points of failure

Provide leadership and subject matter expertise to incidents and management of the
organisational response where the key issues are security related.

Define the standard security requirements and communicate these to operational,
architecture and Project functions.







Specification and design of automated security monitoring tools and, in conjunction with the
ICT technical teams, support the installation, configuration of such tools and assist ICT in
maintenance and monitoring activities.
Develop technical policies and standards and promote compliance in line with Government
security, corporate policies and corporate or local procedures and legal and international
security standards (i.e. HMG IA framework, ISO27001, COBIT).
Support the security programme.
Deliver a comprehensive Threat management process highlighting the risks and controls
relevant to the organisation over the next year.
Ensure all system security definitions and implementations are in an accreditable state as
defined by the PSN Code of Conduct or the company Accreditor.
Manage the yearly accreditation process for PSN.
Provide ICT security advice and consultancy on a day to day basis.
Essential Skills / Experience / Qualifications










Extensive experience in Information Security Management in a senior role.
A good ICT background in ICT infrastructure (UNIX, NT, Windows, LAN/WAN/VLAN, firewalls,
web servers, IDS etc) and/or systems and application development (Oracle, Java, UNIX,
Notes, web services etc).
Formal Security Qualification such as CISSP (Certified Information Systems Security
Practioner)
Excellent presentation skills including the ability to articulate complex security principles to a
diverse audience.
Strong stakeholder management skills
A comprehensive Knowledge of current security standards, including UK Government
requirements.
A proven record of accomplishment of analysis of requirements and implementing solutions
to defined security requirements.
Experience in developing and implementing security policy and compliance programmes.
Detailed Knowledge of security monitoring tools.
Educated to post graduate level in a relevant field of study.
Download