Director of Information Security
Sector: Central Government
Type: Fixed Term Contract
Date posted: 03/08/2022
Duration: 2 year FTC
Salary: Circa £95,000 per annum
The role holder will be responsible for implementing and running the enterprise information security program. That will involve identifying, evaluating, and reporting on legal and regulatory, IT, and cybersecurity risk to information assets, while supporting and advancing business objectives.
This is a new role and the senior leader appointed will need to manage the change process required to define and establish it as a pan-Parliament capability. This new capability aims to ensure the use of information within Parliament:
- Meets the needs of Members and their staff in fulfilling their Parliamentary duties
- Enables the two administrations to provide effective procedural and information support to the Chambers and Committees of the two Houses
- Delivers accessible, accurate, open and timely data and information to the public and others with an interest in Parliament and the democratic process
This role is responsible for establishing and maintaining a pan-Parliament information security management program working with both Houses to ensure that information assets are adequately protected. At very high level the role will focus on the following four key principles.
- Confidentiality, information should only be seen by people who are authorised to access it
- Integrity, information should only be modified by people who are authorised to do so
- Availability, information should be available when needed (problems or attacks shouldn’t stop you getting information from the system)
- Non-repudiation, anything enacted in a system must be traced back to a responsible person
- Determine the information security approach and operating model in consultation with stakeholders and aligned with the risk management and cyber security approach and compliance monitoring of non-digital risk areas.
- Develop, implement and lead a strategic, comprehensive information security framework to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the digital ecosystem with pan-Parliament remit. This framework to include:
- Maintaining a document framework of continuously up-to-date information security policies, standards and guidelines. Oversees the approval and publication of these information security policies and practices
- Creating a framework for roles and responsibilities for information ownership, classification, accountability and protection of information assets
- Establishes and operates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the information security, and reviews it with stakeholders at the executive and board levels.
- Implementing a targeted information security culture and awareness training program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of this security training program for the different audiences.
- Operating a clear investigation process into information security breaches and pursuing associated disciplinary and legal matters, liaising with colleagues in relevant teams such as Cyber Security, Information Compliance and Information Rights Management on data protection legislation ensuring root-causes of such breaches are understood and addressed.
- Ensures that information security requirements are implicit in all relevant standards applying within Parliament and contributes in terms of culture, working practices and policy to delivering the strategic imperative of digital solutions secure by design.
- Lead the development and implementation of effective and reasonable policies and practices with relevant stakeholders to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Provide senior leadership and oversight of effective information security risk management, integrated with each Houses’ risk management framework.
The above list of key responsibilities is not exclusive or exhaustive and the post holder will be required to undertake such tasks as may reasonably be expected within the scope and banding of the post.
Strong credentials and experience in successful design, implementation and operation of an effective, evidence based, information security framework within highly complex matrix managed organisations.
An excellent understanding and proven expertise in operating within legislation and regulations that impact information Security e.g. Data Protection Act (2018), Freedom of Information Act, PCIDSS whilst reflecting best practice within Information Security and risk management in a proportionate and effective way, including standards such as ISO/IEC 27001, NIST (including 800-53), Cyber Essentials and CObIT.
Highly effective leader with strong stakeholder management skills and evidence of the ability to translate business requirements and user/stakeholder needs into effective work plans and practical working solutions within a highly complex matrix managed organisation. This includes the ability to work across boundaries and form alliances, and able to transcend the challenges that come with complex decision making, political shifts in direction and distribution responsibilities across Parliament.
A demonstrable ability to provide strong leadership, building and maintaining a high performing and actively engaged network of colleagues, including promoting a diverse and inclusive working environment).
Excellent written and verbal communication skills with the ability to present complex information clearly and effectively in appropriate styles at all levels.
One or more of the following qualifications:
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Certified Information systems Auditor (CISA)
- MSc Information Security
- Achieved Senior or Lead level certification in the NCSC’s Certified Cyber Professional scheme in one or more of Security and Information Risk Advisor (SIRA), IA Architect, IA Auditor, IT Security Officer.
This is a hybrid role which will require 2 days a week in the office.
Please submit your CV to PDS@allenlane.co.uk alongside a supporting statement (up to 1,250 words) saying why you are interested and highlighting your relevant experience. You will be asked to complete a diversity monitoring form, which will complete your application.
Find out more on our dedicated microsite: https://allenlanerecruitment.wixsite.com/uk-pds
Application closing date: Sunday 4th September at 23:55