IT Security Officer

Red Snapper Recruitment are currently recruiting on behalf of our policing client based in West Mercia for an IT Security Officer. Offering a permanent position, paying £58,191 per annum, office-based role in Hindlip with 1 day of remote working. To provide professional guidance and specialist advice with regard to all Digital Services related security and risk matters and ensure implementation of all necessary policies, procedures, processes and risk management plans to achieve compliance with national codes of connection for Police information systems. To support the maintenance of the Force setting and ensuring that policies are adhered to and to meet the required security standards with effective risk management plans. Main duties and responsibilities * To be the professional lead and design authority on behalf of the Head of Digital Services for all aspects of Digital Services security. * To provide expert and influential advice and guidance to the Information Security Manager, Head of Digital Services, SIRO, and senior stakeholders on Digital Services Security management, strategies, policies and practices. * To undertake impact assessment of new legislation, threats, suppliers, services and solutions, to identify and initiate the development of new or changed Digital Services security controls, policies or procedures accordingly. * To develop and maintain technical policies and standards and promote compliance in line with Government security, corporate policies and corporate or local procedures and legal and international security standards (e.g. HMG IA framework and ISO27001). * As a core member of Digital Services management team, to be a key influencer and decision maker in respect of Digital Services security governance, strategy, policy, planning, assurance, procedures and practices. * To create an environment of perpetual challenge, continuous improvement and innovation in respect of Digital Services Security, and ensure relevant proposals are proactively driven through the Management Team. * To take individual responsibility for leading developments in the security area, building relationships with key internal stakeholders and external suppliers, as the professional lead on behalf of Digital Services. * To provide an internal security assurance function to ensure that the behaviours and practices of the Digital Services team and wider organisation do not undermine our contractual position with suppliers or compromise delivery and operations. * To lead investigations of any cyber-security or professional standards incidents impacting West Mercia. * To represent Digital Services on all force, regional and national security groups and governance meetings. * To undertake assessment of technical security risks of all new or changed Digital Services solutions and services to present a balanced recommendation to the Accreditor/key stakeholders. * To act as the point of escalation for Information Security issues to ensure that Digital Services security risks are reduced or mitigated through effective security practices. * To design and oversee the execution of vulnerability assessments, penetration tests and security audits. * To act as the Digital Services lead for liaison with the National Police Risk Information Management Team (NPRIMT) on all technology security matters, liaising with ARC as required. Person Specification * Ability to quickly assimilate information about changing technical security issues e.g. Cloud-based and Cyber security matters; demonstrating strong problem solving skills to ensure resolution. * Effective interpersonal and communication skills, both written and verbal, and the ability to explain complex issues relating to ICT security at a variety of levels to technical and non-technical audiences. * Highest levels of integrity with the ability to undertake sensitive enquiries with limited supervision and to manage and keep secure sensitive material and therefore exhibit high standards of professionalism. * Strong negotiation skills both internally and externally in order to facilitate the secure delivery of best value, practical solutions and services. * Ability to explain technical issues simply to non-technical colleagues * Educated to degree level (Level 6) or equivalent in a related ICT discipline. * One or more recognised Security Qualifications such as ISC2’s Certified Information Systems Security Professional (CISSP) and/or HMG’s CESG Certified Professional (CCP), or equivalent academic or professional security qualification. * Extensive knowledge of current Information Technology Standards and Techniques (including ISO 27001 series, HMG’s Cloud Security Principles and Cyber Essentials). * Extensive knowledge of the HMG Security Policy Framework and associated CESG (now NCSC) IA Policy Portfolio. * Extensive knowledge and understanding of the Technical Security issues and trends that impact upon information security. * An excellent understanding of information security concepts and practices concerned with maintaining the confidentiality and integrity and availability of information. * Demonstrable experience of designing, developing and implementing ICT security policies within an overall Information Management strategy. * Extensive and proven track record of being the corporate lead on ICT Security matters. * Demonstrable experience of designing and managing technical security audit and accreditation activities. * Experience/ knowledge of the police service IA conditions (Codes of Connection, MOPI etc). * Experience of liaising with other organisations and agencies on IT security matters. If this role is not for you but you do know somebody who would be interested please refer them. We have a referral bonus scheme and will pay £75, in retail vouchers of your choice, for referrals who are not already known to us. Due to the high volume of applications received, if you do not hear from us within 7 working days, I am afraid your application has been unsuccessful. RSR is a public safety & enterprise security recruitment specialist. We assist public safety employers find the right talent. We assist all employers when they want to source public safety and enterprise security skills and experience. Red Snapper Recruitment is a member of the Red Snapper Group. The Red Snapper Group acts as an employment agency (permanent) and as an employment business (temporary) - a free and confidential service to candidates. The Red Snapper Recruitment Group is an equal opportunities employer