Job Title: Information Technology Security Officer

Job Description

Grade: G5

Details
About SLC
Student Loans Company is a non-profit making Government-owned organisation set up in 1989 to provide loans and grants to students in universities and colleges in the UK.We are responsible, in partnership with Local Authorities in England and Wales, the Student Awards Agency for Scotland, the Education and Library boards in Northern Ireland, the Higher Education Institutions and HM Revenue & Customs, for student support delivery in the UK.
Job Purpose

Ensure that Information Security controls are delivered and operated effectively, meeting appropriate standards (ISO 27001/COBIT/PCI DSS).
Ensure that security risks are reduced or mitigated through effective security practices
Lead in the development of technical security standards and related policy
Provide a technical point of escalation for Information Security issues.
Ensure the effective delivery of security operations across the company
Monitor the changing threat landscape to identify and report emerging threats and issues
Maintain security incident response capability; providing advice and expertise to major incident teams
Provide line management to security operational team.

Key Accountabilities

Resource Management ensuring that appropriate skills are available and maintained ensuring no single points of failure
Provide leadership and subject matter expertise to incidents and management of the organisational response where the key issues are security related.
Define the standard security requirements and communicate these to operational, architecture and Project functions.

Specification and design of automated security monitoring tools and, in conjunction with the ICT technical teams, support the installation, configuration of such tools and assist ICT in maintenance and monitoring activities.
Develop technical policies and standards and promote compliance in line with Government security, corporate policies and corporate or local procedures and legal and international security standards (i.e. HMG IA framework, ISO27001, COBIT).
Support the security programme.
Deliver a comprehensive Threat management process highlighting the risks and controls relevant to the organisation over the next year.
Ensure all system security definitions and implementations are in an accreditable state as defined by the PSN Code of Conduct or the company Accreditor.
Manage the yearly accreditation process for PSN.
Provide ICT security advice and consultancy on a day to day basis.

Essential Skills / Experience / Qualifications

Extensive experience in Information Security Management in a senior role.
A good ICT background in ICT infrastructure (UNIX, NT, Windows, LAN/WAN/VLAN, firewalls, web servers, IDS etc) and/or systems and application development (Oracle, Java, UNIX, Notes, web services etc).
Formal Security Qualification such as CISSP (Certified Information Systems Security Practioner)
Excellent presentation skills including the ability to articulate complex security principles to a diverse audience.
Strong stakeholder management skills
A comprehensive Knowledge of current security standards, including UK Government requirements.
A proven record of accomplishment of analysis of requirements and implementing solutions to defined security requirements.
Experience in developing and implementing security policyand compliance programmes.
Detailed Knowledge of security monitoring tools.
Educated to post graduate level in a relevant field of study.