Template Job Description



Last updated:29 January 2021Job Evaluation:15 February 2021JE Reference:P10102JOB DESCRIPTIONPost title:Senior Information and Cyber Security AnalystSchool/Department:iSolutionsFaculty/Directorate:Professional ServicesCareer Pathway:Management, Specialist and Administrative (MSA)Level:5Post title of Line Manager:Information and Cyber Security ArchitectPost base:Office-basedJob purposeTo provide specialist expertise on information and cyber security in order to defend the University’s digital services from cyber-attack. The Analyst will responsible for the day to day operational and technical management of information and cyber security issues within the University including responding to security incidents, addressing security vulnerabilities in the Universities digital systems and services, supporting critical IT platforms, monitoring and driving compliance with policies, providing expert advice and guidance on information and cyber security issues and building security capability in other teams across the University. Key accountabilities/primary responsibilities% TimeTechnical and OperationalResponsible for the overall day to day technical and operational management of cyber and information security within the University.Responsible for the management of patching, vulnerability analysis and penetration testing of University IT systems, to ensure our internal security objectives and KPIs are maintained or improved, and recommendations are risk assessed and implemented in a timely manner.Regularly monitor cyber response platformsRespond to, investigate and resolve cyber security incidents. Manage vulnerabilities and work with teams to resolve and migrate issues.Design, implement, and support technical security controls to defend University IT systems (both internally and cloud hosted) against security threats. These controls include Security Incident and Event Monitoring (SIEM), Data-Loss Prevention (DLP), anti-virus/anti-malware, Multi-Factor Authentication (MFA), Mobile Device Management (MDM), and other such technologies.Design, implement and support technical solutions to address specific security challenges across the University, ensuring strong understanding of stakeholder needs and context to influence and ensure the most appropriate solution is delivered. Assess security infrastructure, network and systems design to evaluate and identify security risks, threats and vulnerabilities of networks, systems, applications, and new technology initiatives and ensure overall system / network security. Conduct assessments of existing and new software deployments, whilst continuously looking at ways to mature our processes and improve the services.Present Security solutions for approval via internal processes such as the Technical Architecture Board (TAG) and Change Advisory Board (CAB).50 %Programme DeliveryProvide technical project leadership for operational cyber security improvement projects and programmes. Ensure that products delivered by the cyber security project are effectively implemented into day to day security management.Ensure that the delivery of the digital transformation initiatives is aligned with University Cyber Security strategy, providing technical security operations input as part of the overall governance process.20 %Expert AdviceSubject Matter Expert for Information and Cyber SecurityProvide expert advice across the University regarding identification and management of security risks and issues.Act as an experienced advisor to staff and external stakeholders on security compliance, in addition to managing and publishing knowledge articles to help educate the wider business.Develop the knowledge and capability across the University (including other iSolutions teams) to identify and consider cyber security and information management issues within projects and research, education, and operational business as usual activities.Represent the Information and Cyber Security Architect on cyber and information security management in internal committees and forums.15 %Continuous Improvement and Contribution to StrategyConduct assessments of existing and new software deployments, whilst continuously looking at ways to mature our processes and improve the services.Contribute expert knowledge in the development of Information and Cyber security strategies and business cases.Use initiative to propose new and innovative solutions to cyber and information management challenges and make recommendations to the Information and Cyber Security Architect for continual improvement of systems and services10%Any other duties as allocated by the line manager following consultation with the post holder.5 %Internal and external relationshipsWorking with staff and students across the University to provide advice, solutions and recommendations on cyber and information security mattersWorking with technical staff within iSolutions as well as with IT system suppliers, contractors, and consultants.Work with senior members of iSolutions, Legal Services and the wider University to support the investigation and resolution of security incidents, as well as to provide security advice and guidance.Special Requirements of the RoleOccasional travel to other University sites and supplier offices may be required.Out of hours work may be required to resolve major incidents.Due to the nature of Information and Cyber Security, the post holder will be expected to always maintain appropriate levels of confidentiality.PERSON SPECIFICATIONCriteriaEssentialDesirableQualifications, knowledge and experienceSkill level equivalent to achievement of a professional qualification or postgraduate degree in Cyber Security (or other relevant subject), or substantial relevant information/cyber security experience.Experience working with Microsoft Azure/Office 365 (or similar) security technologies, such as:Microsoft Defender familyMicrosoft SentinelAzure MFAIntuneCloud App SecurityAzure Information ProtectionExperience with software vulnerability detection, assessment, and management.Knowledge of security frameworks such as:NCSC Cyber EssentialsNHS Data Security and Protection ToolkitIEC/ISO 27000 seriesNIST SP-800 seriesPCI-DSSOWASP Top 10Knowledge of data protection legislation.GDPRData Protection Act 2018Relevant professional certification, e.g., CISSP, SSCP, CCSP, Security+Experience working with cloud ‘SaaS’ software products and providers.Expected BehavioursAble to apply and actively promote equality, diversity, and inclusion principles to the responsibilities of the role. Demonstrate the Southampton Behaviours and work with colleagues to embed them as a way of working within the team.Management and teamworkAble to harness the commitment and contribution of other iSolutions team members and others across the University in building security capability.Able to provide expert guidance and advice to colleagues across the University to resolve complex problems.Able to work effectively as part of a matrix/project team whilst also being able to prioritise and manage own workload.Planning and organisingAble to prepare and implement a programme of activity over time to pro-actively monitor security in the University.Able to plan and prioritise a range of one’s own standard and nonstandard work activities and effectively meet deadlines.Able to plan and manage new projects or significant new activities, ensuring plans complement broader organisational strategy.Problem solving and initiativeAble to identify broad trends to assess deep-rooted and complex issues.Able to take ownership for resolving security issues and deciding appropriate solutions. Able to identify and solve complex problems by applying judgement and initiative to tackle some situations in new ways and by developing improved work methods.Able to conduct research into new security technologies and present recommendations.Pro-active and able to work on own initiativeCommunicating and influencingAble to work with Senior level stakeholders, advising, influencing, and gaining support for security initiatives.Able to deal with sensitive information in a highly confidential manner.Able to communicate specialist technical information clearly and confidently to staff and Senior Stakeholders.Special requirements (of the postholder)Version Control Job description authorMark WattsEvaluated by Job Evaluation PanelDate evaluated:15 February 2021Career Pathway:MSAUnique Reference Number:P10102Amended:Yes/NoDate amended:Amendment author:Name – Job TitleRe-evaluated:Yes/NoDate re-evaluated:JOB HAZARD ANALYSISIs this an office-based post, with routine hazards?? YesThis is an office-based post with routine office hazards (eg: use of VDU), no further information needs to be supplied. Do not complete/remove the section below.? PartlyThis is an office-based post with some non-routine hazards (eg: contact with the public and/or shift work). Please complete the analysis below.? NoThis is a non-office-based post and has some hazards. Please complete the analysis below. HIRING MANAGERPlease complete this section as accurately as possible to ensure the safety of the post-holder.ENVIRONMENTAL EXPOSURESOccasionally (<30% of time)Frequently(30-60% of time)Constantly(> 60% of time)Outside work Extremes of temperature (eg: fridge/ furnace)## Potential for exposure to body fluids## Noise (greater than 80 dba - 8 hrs twa)## Exposure to hazardous substances (eg: solvents, liquids, dust, fumes, biohazards). Specify below:Frequent hand washingIonising radiation EQUIPMENT/TOOLS/MACHINES USED## Food handling ## Driving university vehicles (eg: car/van/LGV/PCV) ## Use of latex gloves (prohibited unless specific clinical necessity)## Vibrating tools (eg: strimmers, hammer drill, lawnmowers) PHYSICAL ABILITIESLoad manual handlingRepetitive crouching/kneeling/stoopingRepetitive pulling/pushingRepetitive liftingStanding for prolonged periodsRepetitive climbing (ie: steps, stools, ladders, stairs)Fine motor grips (eg: pipetting)Gross motor gripsRepetitive reaching below shoulder heightRepetitive reaching at shoulder heightRepetitive reaching above shoulder heightPSYCHOSOCIAL ISSUESFace to face contact with publicLone working## Shift work/night work/on call duties ## - HR will send a full PEHQ to all applicants for this position. Please note, if full health clearance is required for a role, this will apply to all individuals, including existing members of staff. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download