JOB DESCRIPTION
Post title: / Senior Cyber Security AdvisorAcademic Unit/Service: / iSolutions
Faculty:
Career Pathway: / Management, Specialist and Administrative (MSA) / Level: / 5
*ERE category: / n/a
Posts responsible to: / Head of Information Security
Posts responsible for: / None
Post base: / Office-based/Non Office-based (see job hazard analysis)
Job purpose
To assist and lead in the development and implementation of cyber security and related privacy controls, to increase the protection of University assets.
Key accountabilities/primary responsibilities / % Time /
1. / Consultative - Providing cyber security and or Privacy advice to Staff and Management within Professional Services and Faculties in respect of their current and future requirements for best practice. Improving cyber security / privacy requirements from an operational and strategic perspective. Proactively scanning the environment for new threats and opportunities that need to be addressed. Aligning Cyber Security and privacy controls with legal and regulatory requirements. / 25 %
2. / Proactive – You will lead the development and implementation of security controls by undertaking an active view of the cyber landscape by ensuring appropriately reasonable and proportionate risk based controls are applied and would include but not limited to:
· Authorised devices and software
· Secure configurations of software
· Vulnerability Assessment and Remediation
· Secure Network configuration – Firewall, Router Management, DMZ etc.
· Malware Defence
· Access Control – via wired / wireless, role based, physical
· Data Recovery and destruction
· Security Skills assessment and training
· Risk based limitation of network Controls and Protocols
· Controlled Use and monitoring of Administrative privileges
· Boundary Defence controls
· Audit Log management and review
· Account Monitoring and Control
· Penetration and Red team exercises
· Data Protection Systems and Processes
· Privacy Impact Assessments
· Policy Development
· Risk Assessment / 70 %
3. / Reactive
· Supporting or deputising for the Cyber Security Incident response Lead and subsequent management and co-ordination of information.
· To undertake any other duties as required by the Head of Information Security / 5 %
Internal and external relationships /
The post holder will be expected to undertake the duties as part of a team and will be expected to lead priorities and engage in activities which promote the effective working of the whole team.
The post holder will be working with varying stakeholders across the University who will have either potentially very limited experience or knowledge of cyber security issues to those who are regarded as and qualified as leaders in their field of cyber security and other disciplines. You will be sufficiently confident to ensure you are able to develop and maintain productive working relationships.
The nature of the role is to sensitively challenge current practice at all levels and have the ability to persuade through a calm and reasoned approach of how matters can be improved through objective assessment of risks and identifying mitigation options.
Special Requirements /
To maintain the relevant level of professional expertise and qualifications to discharge the duties of a professional specialist and to agree with the team manager on a relevant professional development programme.
There may be a requirement to work varying core hours, or on occasion to work outside normal hours, to ensure that service commitments are met.
PERSON SPECIFICATION
Criteria / Essential / Desirable / How to be assessedQualifications, knowledge and experience / Degree in a technical, scientific or numerate discipline
Recognised Qualification in Security such as MSc, CEH, CESG CCP, IISP, CISSP, CISM or similar / equivalent
Or
Equivalent higher post graduate qualification
Demonstrable technical understanding secure network communications, data encryption, Switching, Routing and Firewall Security.
Demonstrable understanding of enterprise level server and storage hardware including its management, support and security requirements.
Demonstrable understanding in systems administration of enterprise level server operating systems, including Linux and Microsoft Windows Server
Formalised Risk Management Methodologies
At least 5 of the following on a demonstrably in depth basis:
· Information Asset Management
· Secure configurations of software ( Windows / Linux)
· Vulnerability Assessment, Remediation and resolution management.
· Secure Network configuration – Firewall, Router Management, DMZ etc.
· Malware Defence
· Access Control techniques
· Data Recovery and destruction techniques
· Security Skills assessment and training needs analysis
· Risk based limitation of network Controls and Protocols
· Controlled Use and monitoring of Administrative privileges
· Boundary Defence controls
· Audit Log management and review
· Account Monitoring and Control
· Penetration and Red team exercises / Knowledge and /or experience of:
· Centre For Internet Security 20 Critical Security Controls
· ISO 27001 implementation and certification
· “Internet of Things”
· Government Information Security Accreditation processes
· Cyber Essentials
· GDPR / CV, references, interview
Planning and organising / Ability to manage own workload including time management
Ability to fully plan and own technical projects and have significant input to planning of major infrastructure projects
Experience of producing timely Management Reports / CV, references, interview
Problem solving and initiative / Strong troubleshooting skills with logical and pragmatic thought processes.
Consistent drive to proactively follow problems through to resolution
Ability to quickly gain an understanding of the hosting and security needs of unfamiliar, existing applications and services
Methodical, calm and clear-thinking under pressure
Ability to clearly identify and understand customer needs and service implications
Confidence to challenge existing work practices; to produce options and proposals; to strive to make improvements; participate in or lead constructive technical /operational discussions / CV, references, interview
Management and teamwork / Able to work as part of and lead a team and to collaborate effectively with other technical specialists in both the academic unit and iSolutions
Able to manage team dynamics, ensuring any potential for conflict is managed effectively.
Able to formulate development plans for own staff to meet current and future skill needs.
Able to provide expert guidance and advice to colleagues to resolve complex problems. / CV, references, interview
Communicating and influencing / A professional and sensitive approach to responding to security issues
A collaborative and supportive approach to working and dealing with other university teams and colleagues in the academic units
Ability to thoroughly document all outputs; to review and improve existing documentation
Ability to provide clear and concise reporting to Senior Management and Team Manager
Ability to disseminate information clearly and effectively and to give guidance to others as appropriate
Able to persuade and influence in order to foster and maintain relationships.
Able to resolve tensions and difficulties as they arise. / CV, references, interview
Other skills and behaviours / Flexible and open to change yet with the ability to prioritise.
Confidence, experience and skills to take initiative, but know when to refer queries upwards
Eagerness to research current environment and keep up to date with developments
Able to work in a pressurised environment with conflicting demands and priorities. / CV, references, interview
Special requirements / The post-holder will be required to occasionally work outside normal office hours
JOB HAZARD ANALYSIS
Is this an office-based post?
☒ Yes / If this post is an office-based job with routine office hazards (eg: use of VDU), no further information needs to be supplied. Do not complete the section below.☐ No / If this post is not office-based or has some hazards other than routine office (eg: more than use of VDU) please complete the analysis below.
Hiring managers are asked to complete this section as accurately as possible to ensure the safety of the post-holder.
## - HR will send a full PEHQ to all applicants for this position. Please note, if full health clearance is required for a role, this will apply to all individuals, including existing members of staff.
ENVIRONMENTAL EXPOSURES / Occasionally(<30% of time) / Frequently
(30-60% of time) / Constantly
(> 60% of time)
Outside work
Extremes of temperature (eg: fridge/ furnace)
## Potential for exposure to body fluids
## Noise (greater than 80 dba - 8 hrs twa)
## Exposure to hazardous substances (eg: solvents, liquids, dust, fumes, biohazards). Specify below:
Frequent hand washing
Ionising radiation
EQUIPMENT/TOOLS/MACHINES USED
## Food handling
## Driving university vehicles(eg: car/van/LGV/PCV)
## Use of latex gloves (prohibited unless specific clinical necessity)
## Vibrating tools (eg: strimmers, hammer drill, lawnmowers)
PHYSICAL ABILITIES
Load manual handling
Repetitive crouching/kneeling/stooping
Repetitive pulling/pushing
Repetitive lifting
Standing for prolonged periods
Repetitive climbing (ie: steps, stools, ladders, stairs)
Fine motor grips (eg: pipetting)
Gross motor grips
Repetitive reaching below shoulder height
Repetitive reaching at shoulder height
Repetitive reaching above shoulder height
PSYCHOSOCIAL ISSUES
Face to face contact with public
Lone working
## Shift work/night work/on call duties
Template Job Description - MSA Level 56