Share this Job
Apply now »

IT Security and Policy Manager HCC10894

Job Details:

Salary Range: £32,752- £45,524 per annum dependent on experience
Work Location: The Castle, Winchester
Hours per week: 37
Contract type: Permanent
Closing date: 27 January 2020

Become an IT Security Leader with Hampshire County Council.


We are offering a new opportunity for an experienced Security and Policy Manager to join our highly established and forward-thinking IT department. Recognised nationally as one of the highest performing local authorities, Hampshire County Council is advancing through a period of exciting technological change so it’s the perfect time to join us.

This unique opportunity would suit a highly skilled IT professional who can apply their extensive understanding of information security to the development of policy, governance, risk analysis and procedures for Hampshire County Council. 


About you

The post holder set and maintain good information security practice, coordinating with the Enterprise Security Architect and collaborating with key stakeholders to ensure technology and processes support the Councils overall security posture. You will be highly analytical in your approach to investigating security risks, developing reports and recommendations for remedial actions whilst developing plans that will assist in reducing the impact and frequency of future security risks.  
As a natural leader, you will develop and deliver a programme of compliance reviews whilst promoting security awareness implementing training plans across the IT department and wider.


What we offer you

Hampshire County Council promotes a flexible working culture and offers continued support and developmental opportunities. This is offered alongside a generous benefits package, including; 

•    Flexible working
•    Minimum 25 days annual leave
•    Access to Local Government Pension Scheme 

Your Responsibilities:
  • Develop and maintain the information technology security policies and accompanying standards, procedures and guidelines, including attendance at any boards, or governance/working groups for operating and maintaining security controls and as required throughout the council.
  • Develop and deliver a programme of planned compliance reviews and work with the IT team and Enterprise Security Architect to ensure that any gaps are addressed whilst developing and documenting procedures.
  • Promote security awareness through developing and implementing a security awareness and training programme, including annual refreshers for all IT staff and wider, where applicable.
  • Investigate potential and validated security incidents in accordance with the security incident management process, developing reports and recommendations that will assist with execution and traceability of required remedial actions.
  • Reporting, analysing and developing plans that will assist in reducing the impact severity and frequency of security incidents in conjunction with Problem Management, including the provision of regular reports to IT Management about current security posture, threads and trends.
  • Assisting with business impact analyses, performing security risk analysis and risk management.
  • Respond to enquiries from IT staff and provide security and data protection advice as required.
  • Work with internal stakeholders to develop relationships and to help promote, educate and improve information security awareness at all levels.
  • Leading the council’s efforts in maintaining our ISO27001 certification, internal audit activities related to security, and ensuring IT evidence requirements are met for PSN, PCI and other compliance returns.
  • Maintain awareness of emerging security trends, risks, new guidance of standards and security enhancing technologies.
  • Ensuring that the confidentiality, integrity and availability of the services are maintained at the levels agreed in the SLAs and that they conform to all relevant internal and statutory requirements.
  • To keep up to date with security developments, threats and control measures and to be an active member of relevant security and data protection management communities.
  • Continuously assess any shortfall between actual security measures in place and being effective, and those established at a policy level in order to highlight deficiencies for remedial action and policy improvement.
  • Provide input into the wider development of the governance strategy and Service Management planning processes.
  • Participate in Business Continuity, Disaster Recovery and IT Service continuity planning, Co-ordinate system penetration testing in accordance with compliance guidelines.
  • To manage other activities that may arise through evolution, growth or changes to the current IT operating model.
  • Undertake any other duties commensurate with the grading of the post.
What we are looking for:

Essential Qualifications, Knowledge, Skills and Experience:

  • Educated to degree level or equivalent experience at a level demonstrating graduate ability.
  • Experience of working with IT Security baselines ISO/IEC 270001 or higher.
  • Experience of working in a regulated and/or financial industry.
  • Good working knowledge of information security including ISO27001 Information Security Management Standard.
  • Ability to lead and deliver change and contribute to cultural change successfully.
  • Excellent analytical, presentation skills, and communications skills (verbal/written).
  • Strong inter-personal skills.
  • Ability to work independently and in a team environment.
  • Deadline oriented individual.
  • Ability to focus on the fine detail to ensure product quality.  
  • Demonstrates a strong personal commitment to customer needs and council objectives.
  • Ability to influence at senior levels on matters relating to security and information risk.
  • Good working knowledge of information risk analysis/management.
  • Track record of leading on successful audit compliance outcomes.
  • Able to demonstrate excellent analytical and problem-solving abilities.
  • Collaboration with internal and external stakeholders.

Desirable Qualifications, Knowledge, Skills and Experience:

  • IT Industry recognised accreditation in information security.
  • CoBiT and ITIL control frameworks
  • Experience with managing and auditing PCI and / or PSN compliance
  • Experience of Information Risk Management
  • Experience of Business Continuity and disaster recovery practices
  • Experience of matrix management of people resources
  • Experience in the creation and delivery of training
  • Good working knowledge of quality assurance principles and practices
Contact details for an informal discussion:

Claire Mead, IT Services Fulfilment Manager, on 01962 846315.

Hampshire County Council is committed to safeguarding and promoting the welfare of children, young people and adults. We expect all employees, workers and volunteers to share this commitment. We will ensure that all our recruitment and selection practices reflect this commitment.


Corporate Equalities Employment Policy:  In order to combat indirect discrimination, no unnecessary conditions or requirements will be applied to any for achieving equality of opportunity in its employment practices. All sections of the population will have equal access to jobs. No applicant or employee will receive less favourable treatment because of their gender, disability, age, ethnic or national origin, marital status, creed, sexuality, trade union activity or responsibility for dependants unless a Genuine Occupational Qualification (GOQ) applies. In order to combat indirect discrimination, no unnecessary conditions or requirements will be applied to which would have a disproportionately adverse effect on any one group. 

Job Segment: Manager, Risk Management, Quality Assurance, Internal Audit, Information Security, Management, Finance, Technology

Apply now »