IT Security Officer

Job Description

IT Security Officer Location: Taunton, Somerset Salary: £40,329Permanent Opening statementWe work with a wide range of data suppliers and partners to support maritime navigation, safety, security and marine development around the UK and worldwide.The successful candidate must be prepared to gain DV Clearance, or already have DV Clearance. Job Description General security related tasks will include security monitoring, incident management, contributing to Risk Balance Cases and representing IT Security at the Technology Change Authority Board (CAB). The post holder is expected to be the subject matter expert in many aspects of IT Security, providing an escalation point for all IT security incidents and issues raised. The post holder will report to the Head of Information Security, who will be the first point of escalation for line management and IT Security questions. Responsibilities Candidates can expect to: *Lead the security event monitoring activities and provide clear direction to the junior IT Security Officers to ensure that the processes and desk instructions used are comprehensive and provide sufficient IT security coverage to protect UKHO from any identified threats. Specific areas include Intrusion Detection and Prevention, Security Information and Event Monitoring and Vulnerability Management. To act as the first point of escalation for IT security incidents.*Work with the Delivery Teams to ensure that IT security is given the appropriate focus by stakeholders and that IT security risks are identified and appropriately and proportionately managed and, where necessary, ensuring that residual risks are escalated to the appropriate risk owner. Facilitate and review the results of Threat Modelling Workshops to ensure that all threats and risks have been captured.*Reviewing change across the Business; investigating those that are new, contentious or innovative and making appropriate recommendations for action, including carrying out snapshot Technical Risk Assessments, agreeing mitigations when necessary. This will include a recommendation with supporting evidence which will then lead onto Approval, Rejection or Escalation by the Head of Information Security, Head of Technology Operations or DCIO.*Contribute to the development and maintenance of all UKHO IT Security policies and ensure that good IT security practices are embedded across the organisation.*Conduct ISO27001 Information Security Management Systems audits. This will include producing audit plans, conducting audits, analysing evidence and producing reports which will include findings and actions.*Maintaining the organisations relationship with external MoD and HMG bodies such as JSyCC or GovCertUK and ensuring that IT security incidents are reported upward where appropriate and that JSyCC or GovCertUK warnings and advisory notices are reported downward and acted upon as necessary.Specific technical/ functional skills and experience *Minimum 4 years of relevant experience and able to clearly demonstrate recent experience of working within an Information Security and Assurance environment*Ability to design complex technical solutions in an inclusive and participatory manner, to negotiate with and influence other design parties (business stakeholders, technical architects, software developers, third party suppliers), to reconcile IT security, technical and business considerations in order to arrive at the optimal solution*Experience of working within accreditation frameworks to ensure systems/service meet acceptable security requirements. Experience of identifying, assessing, and managing risk*Experience of conducting basic security testing and familiarity with security testing tools such as Metasploit, Nmap, Wireshark, OWASP ZAP and Burp suite etc *Good understanding of physical, personnel, procedural and technical security controls and how to apply them*Effective verbal and written communication skills.Desirable:*Experience and knowledge of Security Analyst tools and techniques (SIEM, red teaming etc.)*Experience in achieving ISO27001 certification*Experience of the UK Defence Industry or of managing IT Security on a List X site to HMG Standards & MoD regulations*Certified Ethical Hacker or similar*Professional IT Security certifications such as CISSP, CISM or CESG Certified Professional.Things you need to know *This role is open to full time, part time, job share. The UKHO will consider flexible working or workplace adjustments, where appropriate.*Security - successful candidates must pass a disclosure and barring security check and be able to gain DV Clearance *As this role involves working in Defence, candidates must be British Nationals only. Nationality Statement Candidates will be subject to UK immigration requirements as well as Civil Service nationality rules. If youre applying for a role requiring security clearance, please be aware that foreign or dual nationality is not an automatic bar. However certain posts may have restrictions which could affect those who do not have sole British nationality or who have personal connections with certain countries outside the UK. Selection Process details This vacancy is using success profiles, and will assess your Behaviours, Experience and Technical Skills. The selection process will be designed specifically for the role. As a result, your assessment could include:*An interview with one of more exercisesShort-list Criteria You will be short-listed against the following criteria Behaviours:*Seeing the Big Picture*Changing & Improving*Communicating and influencingTechnical:*Minimum 4 years of relevant experience and able to clearly demonstrate recent experience of working within an Information Security and Assurance environmentIf you are looking to be part of a friendly, energetic company in the Somerset then please click the apply now function or alternatively please contact Jaxson.