OLDHAM COUNCIL

JOB DESCRIPTION

Job Title: Information Security Manager
Directorate:Performance, Services and Capacity / Division/Section:Internal Services, Information Management and Governance
Grade: 7
Job Purpose:
  • Analyse the information security management needs of the organisation and implement governance and solutions to ISO standards, with the aim to improve the confidentiality, integrity and authenticity of paper and electronic information and reduce the risks to enforcement and business continuity.
  • To contribute to and influence the implementation of corporate and service based systems and processes, both IT and Manual, eg, access controls, training, communication tools, data sharing etc, in relation to information security practice.
  • Meet the obligations from relevant legislation, standards, codes of practice, best practice and wider information/transparency agenda . Communicate these together with core guidance on Information security management issues within the Council and other partners/agencies, and take a key role in future information security initiatives

Key Tasks:
  1. The development and implementation of Information Security management framework of appropriate governance and standardstogether with strategy and policies in accordance with ISO/IEC 27001 and organisational needs.
  1. To work collaboratively with ICT service provider partners in the implementation of the above, ensuring effective use of knowledge and technical resources
  1. To represent the priorities of information security management to the Executive Management Team, Directorate Senior Management Teams, and any other relevant groups within the Council and partners. To build close and effective working relationships throughout the Council to secure culture change, ownership and compliance with information security .
  1. To develop and performance manage the implementation of the Information Security management framework using audit, risk management and performance measures as appropriate.
  1. To lead the collation and review of Information Governance toolkits (social care or otherwise) to meet organisational and evidential obligations with regards the management of information security management.
  1. To develop/review the CorporateInformation Security Policy and associated policy and procedures that reflect and meet the requirements of legal obligations, eg, the Data Protection Act 1998 and any other national standards, rules, definitions
  1. Provide day-to-day advice and guidance to the Council, schools, partners and any other commissioned third party services on Information Security and related matters.
  1. Ensure that Information Security Incidents are managed and escalated appropriately, eg, to senior management and/or the Information Commissioner’s Office. To ensure that the management process includes undertaking the critical analysis of existing processes and systems in relation to Information Security and reducing recurrence by resolution or improvement to same.
  1. To raise awareness of the importance of Information Security and the wider information management agenda throughout the council. To design, deliver and support new and existing training and awareness raising campaigns/materials and produce written guidance bothelectronically and in paper format for those staff with direct or indirect responsibility for Information security.
  1. To work closely with the Records Manager, Council services, partners and third party service providers in overseeing and collating information assets and information asset owners with a view to developing and maintaining an information asset register and information asset owners
  1. To identify, contribute to, and where appropriate lead, projects involving information security of Council records and to ensure that controls are in place to preserve confidentiality, integrity and authenticity. To engage with staff across the Council or any relevant third parties in the directing and implementation of the projects
  1. To ensure that the Council maintains and achieves compliance with relevant codesof connection to develop and maintain secure communication systems internally and externally.
  1. To keep up to date with legal requirements and best practice, particularly in relation to information security of IT systems and governance. Ensure that these are appropriately disseminated/utilized within the Council to ensure business continuity, legal compliance, and effective management of risk

Standard Duties:
  1. To actively promote the equalities and diversity agenda in the workplace and in service delivery.
  1. To be familiar with customer care, health and safety, records management, Information governance, risk management polices of the Council/ Directorate.
  1. To participate in self-improvement in performance through workplace development.
  1. Ensure the Council’s business planning process is implemented
  1. Undertake any additional duties commensurate with the grade of the post.

Contacts:
  • Officers of the Council
  • Elected Members
  • Leader of the Council
  • Schools
  • Designated lead officer with Unity partnership( strategic ICT partner)
  • Partners and commissioned third party service providers of the Council
  • Representatives of Government Departments, Local Government and other external organisations.
.
Relationship To Other Posts In The Department:
Responsible to: Information Manager
Responsible for: Indirect supervision and influence of wider council staff base and any staff that may be assigned as appropriate
Special Conditions:
None
DATE / NAME / POST TITLE
Prepared / April 2012 / Barbara Mulvihill / Information Manager
Reviewed / April 2012 / Lesley Perkins / Acting Head of ICT
Reviewed / June 2012 / Barbara Mulvihill / Information Manager
Reviewed / June 2012 / Lesley Perkins / Acting Head of ICT

OLDHAM COUNCIL

PERSON SPECIFICATION

Job Title: Records Manager

Selection criteria
(Essential) / Selection criteria
(Desirable) / How Assessed
Essential / Desirable
Education & Qualifications / Recognised professional Information Security management qualification
and/or
extensive information security management work experience that evidences practice in large organization and includes elements of IT, manual and governance arrangements / Experience in a public sector environment / Application form, Interview
. / Application form, Interview
Experience / Proven experience of practical Information security management (IT, Manual, and governance)
Proven experience of strategy/policy/process/procedure setting within an organization together with provision of advice and practical solutions
Experience of working with and seeking to influence colleagues of varying seniority in policy implementation or project implementation.
Experience of using project management techniques in the planning and implementation of Information Security / Experience preferably within the public sector
Experience of policy development within a local authority or similar setting
.
Experience of partnership working with public/private/voluntary sectors.
Experience of performance management / Application form/Interview
Application form/Interview/Test
Application form/Interview
Application form/Interview / Application form/Interview
Application form/Interview
Application form/Interview
Application form/Interview
Skills & Abilities / Excellent organisation skills and ability to handle complex and varied workload in a multi disciplinary environment
Self motivated and demonstrable ability to work using own initiative, independently and within a team in the leading and delivery of tasks/projects to required timelines and production of detailed and accurate work.
Able to establish good working relationships that build commitment and co-operation across all levels of an organisation with a view to promoting and implementing effective Information Security management and the wider information agenda.
Excellent communication skills including the ability to explain complex and often technical issues to a wide range of audiences/(non technical audiences) using a variety of methods as appropriate with a view to influence culture and practice change. / Experience in the public sector / Application form/interview
Application form/interview
Application form/interview
Application form/interview/test / Application form/interview
Knowledge / Knowledge of Information security management techniques and best practice to reflect professional standards
In-depth knowledge of relevant legislation/directives/standards and codes of practice such as HMG information assurance, Local Government data handling guidelines, ISO standards, Data Protection ct 1998, etc
competent skills in the use and application of IT systems and Microsoft products / Understanding of technical architectures and the securing of them at all levels from physical to Application level. eg, networks, databases, remote access, intrusion detection, etc.
Knowledge of the major Information Management challenges currently facing local government / Application form/interview
Application form/interview //test
Application form / Application form/interview
Application form/interview
Work Circumstances / Able to travel to different sites across the Borough
Able to work outside of normal office hours on occasions / Application form/Interview

NB. - Any candidate with a disability who meets the essential criteria will be guaranteed an interview.