The Technology & Information Security Officer (TISO) will report to the Business Solutions Manager and work with the ICT Team to; continuously improve solutions and systems, the supporting architecture, infrastructure and the related security environment, ensuring security is a key enabler to deliver strategic objectives and business goals. The TISO will determine security policy, have responsibility for compliance, audit and quality assurance ensuring defined standards are adhered to and overall responsibility for employee cyber security education and awareness training. The TISO is responsible for validating change requirements based on advances in technology, proof of concepts, strategic goals and user requirements (internal/external) whilst considering the need to reduce organisation costs and deliver organisational efficiencies in a secure manner. Key Responsibilities • Lead on Information Security Governance, Security Programme Management, Risk Management, Incident Response and Incident Management • Lead the development and implementation of cyber security strategy and operational programme of security activities. • Proactively contribute to ICT Strategy, policies, processes and standards setting, strategic initiatives and architecture development. • Author and implement relevant security policies, procedures, standards and guidelines. • Implement the CIS Controls security framework, comply with the Public Sector Baseline and ensure appropriate processes and controls are in place • Ensure compliance with security standards including management of the ICT audit programme, manage the interaction with external auditors, and evaluate the adequacy and timeliness of management response and corrective action taken on significant audit recommendations • Ensure compliance with legislative requirements such as GDPR, Data Protection and relevant maritime regulations • Develop, maintain and manage the Cybersecurity Education and Awareness programme and follow up on any emerging results/trends. • Report on cyber security risks and general information to a range of audiences from end users to senior management and Board. • Procure and work with independent external consultants to conduct penetration testing of networks, web applications and operational technology. • Proactive and ongoing vulnerability management, system scanning and reporting on vulnerabilities and managing any remediation or risk mitigation actions. • Lead and manage security assessments as systems move from on premise to cloud infrastructure. • Active participation in Business Continuity and Disaster Recovery planning, testing and continuous improvement. • Research and develop “proof of concept” systems/solutions, monitor and track security and technology trends, identification and recommend adoption of appropriate new security technologies and report on defined organisational benefits • Ensure security is embedded in projects organisation-wide and managing supply chain risk General Responsibilities • Ability to prioritise work & deliver agreed work programmes on time and to budget • Excellent communication (verbal and written) and relationship building skills to lead and maintain an organisational-wide 'security aware' culture • Be a team player, customer focussed, proactive and innovative • Ensure relevant information is published & maintained on the various systems and platforms • Deliver on objectives agreed in the Performance and Development System (PADS) • Commitment to delivering the ICT Strategy.
Qualifications, Experience and Core Skills Essential • ICT qualification or related field with at least 5 years relevant experience • Good working knowledge and experience of ICT Security frameworks, auditing processes and procedures • Good working knowledge and awareness of emerging security technologies, trends and solutions of benefit • Understanding of the business impact of security threats on business • Proactive, with analytical, business impact and problem-solving capabilities • Ability to develop effective working relationships at all levels (internally and externally) • Ability to manage complex information with accuracy and attention to detail • Project Management experience and knowledge of the Systems Lifecycle Desirable • CISM (Certified Information Security Manager) qualification or equivalent • MCSA or MCSE