Operational Security Lead
Operational Security Lead
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Operational Security Lead
Full time / Flexible Working
Salary: 42593pa48245pa with potential for further progression to 54317pa with our pay progression scheme.
Location: Hybrid
Contracted to our Wilmslow London Edinburgh Cardiff or Belfast office however we offer flexible home and officebased working opportunities. There will be times when you will be expected to attend the office to collaborate with colleagues or travel due to business need.
Why work for the ICO
- Pay progression scheme.
- Hybrid and flexible working options.
- 25 days paid holiday per year plus privilege and public holidays.
- Flexi leave (up to 26 additional days leave per year).
- Pension (employer contribution around 28.9.
- Online discount scheme to at major supermarkets retailers gyms restaurants insurance providers and many more.
- Health Cash Plan.
- Fantastic development opportunities to learn and progress.
Further details can be found on the benefits section of ourwebsite.
Job summary
The ICO Cyber security team is expanding. This represents an exciting time to join the team bringing your experience and capabilities as well as potential to learn and develop in a high profile and dynamic environment. The Cyber Security team is part of our wider Digital Data and Technology (DDaT) directorate and ensures that we support the objectives of secure by design.
The Information Commissioners Office (ICO) is the independent regulator of information rights. In a datadriven world we provide advice guidance and support to organisations enabling compliance with their obligations as well as protecting individuals and their personal data.
As an employer we are passionate about making a positive difference to the lives and careers of our people and we empower you to be curious impactful collaborative and respectful.
Job description
To protect the data and systems within our care from cyberattacks and data breaches. This is essential to enable and support our organisation in successfully achieving its objectives and maintaining and enhancing our legal compliance and reputation.
The Operational Security Lead will play a key role in protecting customer data and essential functions by monitoring our technology environment and ensuring controls are effective in preventing detecting and responding to threats and vulnerabilities.
As part of a growing Cyber Security team you will provide subject matter expertise on operational security risks and opportunities and use your skills and experience to define achieve maintain and improve technical and organisational security measures.
Reporting to the Operational Security Manager and leading a small team of cyber security officers you will work closely with colleagues in our wider Digital Data and Technology team as well as relevant authorities and support partners to drive and deliver effective cyber security.
Key responsibilities:
- Monitoring of system and network activity to identify unauthorised actions by users or potential intrusion by an attacker.
- Preparation for handling of and following up of cyber security incidents to minimise the damage to our organisation and prevent recurrence.
- Management of the configuration of protected systems to ensure that any vulnerabilities are understood and managed.
- Assessment validation and reporting of information on current and potential cyber threats to maintain the organisations situational awareness.
- Management of cyber security risks in line with business objectives and regulatory requirements.
- Management of cyber security education and awareness programme.
- Management of cyber security performance measures.
Person specification
Essential criteria assessed at application stage:
- Experience relevant to the role requirements as described in the role responsibilities and person specification and accumulated through any combination of academic or vocational qualifications or experience.
- Desirable: Professional certifications in good standing including but not limited to: CISSP CCSP CISM. Or equivalent proven Level of experience.
- Minimum of two years experience in a similar role.
- Working experience of security operations and incident management.
- Working experience of risk management and mitigation.
- Working experience of developing and delivering security education and awareness programmes.
- Desirable: Experience of working in a public sector or highly regulated organisation.
- Good time management skills and an ability to remain calm under pressure and manage complex workloads.
- Effective communication and interpersonal skills with people at all levels and an ability to influence change at an organisational level.
- Selfmotivated and dynamic with the ability to identify issues and own remediations.
- Knowledge of security operations and incident management including configuration operation and maintenance of secure systems detection and response to incidents and collection and use of threat intelligence.
- Knowledge of security management systems and organisational security controls including standards best practices and approaches to risk assessment and mitigation.
- Knowledge of human factors including usable security social and behavioural factors impacting security security culture and awareness as well as the impact of security controls on user behaviours.
- Desirable: Knowledge of Microsoft security tools including Defender XDR and Defender for Cloud.
Essential criteria assessed during interview:
- Minimum of two years experience in a similar role.
- Working experience of security operations and incident management.
- Working experience of risk management and mitigation.
- Working experience of developing and delivering security education and awareness programmes.
- Desirable: Experience of working in a public sector or highly regulated organisation.
- Good time management skills and an ability to remain calm under pressure and manage complex workloads.
- Effective communication and interpersonal skills with people at all levels and an ability to influence change at an organisational level.
- Selfmotivated and dynamic with the ability to identify issues and own remediations.
- Knowledge of security operations and incident management including configuration operation and maintenance of secure systems detection and response to incidents and collection and use of threat intelligence.
- Knowledge of security management systems and organisational security controls including standards best practices and approaches to risk assessment and mitigation.
- Knowledge of human factors including usable security social and behavioural factors impacting security security culture and awareness as well as the impact of security controls on user behaviours.
- Desirable: Knowledge of Microsoft security tools including Defender XDR and Defender for Cloud.
Equality diversity and inclusion
The ICO is committed to promoting and enhancing equality diversity and inclusion. We are focused on developing a workforce that is representative of the communities we serve and together we are building an inclusive workplace where all of our colleagues have the opportunity to make a real difference. We are championing this through our Equality Diversity and Inclusion Board together with a number of staff networks. Read more about our commitment on our website.
Candidates with a disability who meet the minimum criteria for this vacancy will be invited to interview as part of the ICOs commitment to the Disability Confident Scheme.
If you are disabled or have an impairment and require an alternative application method please email the HR team at
Closing Date
Please submit yourCV and cover letter detailing your suitability to the role by23:59 Friday 2nd May
We reserve the right to close this vacancy before this date should we receive sufficient applications. Please apply as soon as possible to ensure your application is considered.
Employment Type
Full-Time
