The Technology Team is undergoing a transformation.
Technology executes a mixture of on-premise, Cloud and 3rd party sourced Technology services, within a hybrid/modern infrastructure that utilises some of the latest technologies. The Technology function serves over 700 staff in NCIs and NCIs co-located bodies and aims to adopt common solutions across NCIs where practical.
Technology provides a broad range of customer focused IT services such as technical architecture and support, networks, change management, business analysis, project management, Procurement, systems administration and applications hosting requiring a range of sophisticated and innovative skills.
As Information Security Officer, you will be responsible for providing expert support and guidance in the area of Information Security to the National Church Institutions (NCIs) as part of our internal Infrastructure Services team.
Reporting to the Infrastructure Services Manager, you will take the lead for all activities, projects, BAU that require cyber security supervision within our technology portfolio, including both on-premise and cloud platforms. You will ensure that all aspects of cyber threat are addressed within an ISMS that meets operational and business requirements, while advocating a culture of knowledge sharing, and excellent customer focus.
This role is based in Westminster and requires working at Lambeth Palace or Bermondsey and occasional travel to supported housing locations across the country.
In return we offer a unique environment with opportunities for continuous learning, generous annual leave for work life balance, season ticket loans and a range of benefits including discounted entry to attractions and what we feel is a market leading package when it comes to our pension scheme.
The Role :
Oversee, evaluate, and support the documentation, validation and assessment of Information Security Management System (ISMS) processes necessary to assure that existing and new information and information processing systems meet the organisation's cybersecurity and risk requirements.
Ensure that the appropriate treatment of risk, compliance, and assurance is followed from both internal and external perspectives
Conduct comprehensive assessments of the management, operational, and technical security controls and control enhancements deployed within or inherited by an information and information processing systems, advising and assisting the Infrastructure Services team to prioritise corrective actions
Build strong relationships within the NCIs to support and enhance a collaborative approach to achieving good Cyber Security goals
Manage the agenda of the Information Security Steering Committee (a new function)
Manage the internal audit plan leading to Cyber Essentials Plus certification with a view to a future ISO27001 certification
Lead, coordinate, communicate, integrate, and be accountable for the overall success of the risk management program, ensuring alignment with agency or enterprise priorities
Works with other NCIs when required to ensure compliance with GDPR requirements and provides IT information and assistance as necessary
Monitors compliance with security policies, standards, guidelines and procedures
Consults with NCI and technology staff on potential business impacts of proposed changes to the security environment
Reviews risk assessments, analyses the effectiveness of information security control activities, and reports on them with actionable recommendations
Assesses threats and vulnerabilities regarding information assets and recommends the appropriate information security controls and measures
Coordinates the development of information security disaster recovery test plans, testing, and documentation for each application
Leads and responds to security incidents and investigations, targets reviews of suspect areas
Produces regular (monthly) reporting on Cyber Security events to highlight trends and effectiveness of threat prevention in place
Leads and reviews application security risk assessments for new or updated internal or third party applications
The requirements :
Knowledge of NIST family of standards
Knowledge of applicable business processes and operations of customer organizations
Knowledge of the specific operational impacts of cybersecurity lapses
Practical experience of applying ISO 27001 controls in a NfP operational environment
Formal education or qualifications in Information Security preferred (e.g. CISSP)
Able to maintain awareness of the cyber security market place and of improvements in technology that will support opportunities for the NCIs to take advantage of these
Broad understanding, hands on experience and evidence of working in the IT Industry and within the IT security compliance and governance agenda
Good infrastructure framework experience e.g. HyperV, client and server operating systems, application, desktop and server virtualisation, storage, networking, software and hardware upgrades, database, systems management
Working successfully with colleagues and 3rd parties to evangelise good cyber defence practices
Significant experience in developing, documenting, planning and implementing information security architectures and roadmaps and ensuring effective compliance by all IT and NCIs staff
Providing professional consultancy, advice and designs for new requirements, impact assessments, technical queries, in a cyber security setting
Experience in writing and presenting reports for and to a variety of purposes and audiences
Demonstrable knowledge and previous work experience of managing cyber and risk processes (e.g., methods for assessing and mitigating risk)
Demonstrable knowledge and previous work experience of Cyber Essential Plus framework and the ISO 27000 family of standards
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
Proficiency in developing and applying ISO 27001 standards in an operational infrastructure environment
Ability to communicate complex information, concepts, or ideas in a confident and well organised manner using ‘plain’ non-technical language
Committed to delivering a high level of customer service
Able to lead by example, engender trust and demonstrate gravitas and credibility
Attention to detail, including tolerance and the ability to handle detail, analyse, understand and produce detailed information accurately
Committed to continuing professional development and identifying means to maintain essential appropriate knowledge
Demonstrates knowledge of good security practice ensuring that all aspects of Confidentiality, Integrity and Availability are adhered to.
An Information Security certification (CISM, CISMP, CISSP or similar).
Knowledge of securing hybrid and cloud infrastructure environments.
Ability to think methodically and logically and have well-honed communication skills.
We in the National Church Institutions support the mission and ministries of the Church all over England. We work with parishes, dioceses (regional offices), schools, other ministries and our partners at a national and international level.
Excellence, Respect, Integrity
We follow these three values in everything we do, whether we are of Christian faith, another faith or no faith. To learn more about working for National Church Institutions and our benefits, please click here
As we are a member of the Armed Forces Covenant, we welcome all applications from those you have served in our Armed Forces and their families
We are committed to building a culturally diverse workforce. As part of this commitment, we welcome applications from people, regardless of their background. As a Disability Confident committed employer, it is important to note that there may be occasions where it is not practical or appropriate to interview all disabled applicants who meet the minimum criteria* due to high volume. We limit the amount of interviews conducted to five applicants per open post we advertise.