Information and Cyber Security Officer
2 Snow Hill, Birmingham B4 6GA
Job Reference: 35101
Skillset: Information Technology, Systems & Governance
Closing Date: 27/04/18
As an Information and Cyber Security (I&CS) you will lead on information security assurance and risk management, ensuring that the organisations IT (information technology) systems are designed and operated in a way that keeps HS2’s information safe and secure. This critical role requires the appointee to safeguard HS2 as it expands the scale and scope of its information applications and systems and ensure that it delivers an IT system that meets government and legal obligations for information security.
About the role:
- Provide accurate advice and guidance on information security for HS2 and advise and support Tier 1 contractor information security management teams where required.
- Assure and update of internal HS2 information risk documentation and ensure that project sponsors and contract delivery partners produce these where appropriate.
- Ensure the maintenance of information risks on a corporate risk register. Provide advice on security strategies to manage identified risks.
- Lead on the assessment of any changes to HS2’s systems to ensure the security impact is assessed and ensure ongoing compliance to Information Assurance (IA).
- Obtain and act on vulnerability and threat information, including cyber threat intelligence to conduct security risk assessments for business applications and computer installations.
- Initiate investigations into IT security incidents and support the IA elements of the overall HS2 Business Continuity Plan.
- Lead on the mitigation strategies post security incident and factor lessons learned from security incidents into IT security policies and processes.
- Ensure that the IT security policy is updated as IT security threats evolve. Developing, implementing and enforcing suitable and relevant information security policies, standards and procedures which are reviewed on a regular basis.
- Maintain the organisation’s relationship with the DfT Departmental Security Unit, NCSC (National Cyber Security Centre) and other organisations; ensures that IT security incidents are reported where appropriate and ensures that warnings and advisory notices are acted upon within HS2.
- Keeping all staff informed on security measures and initiatives, such as the HMG document classification initiative, explaining potential threats, installing software, implementing security measures and monitoring networks.
- Ensuring compliance with GDPR and other legislation and regulations relevant to information security.
- Ability in security management within a matrix organisation.
- Senior stakeholder engagement and management and the ability to deal with external security partners, such as security authorities and agencies
- Working knowledge of the HMG Security Policy Framework (SPF), governance of Information Assurance within the public sector and of ISO27001:2013.
- Working knowledge of Data Protection, and Freedom of Information Acts
- Risk Management Process
- Auditing and compliance of I&CS standards and policies
- Current certification to CISSP, CISM or CESG Certified Professional, or other information security qualification of similar standing.
- Experience of IT architectures and concepts, Cloud, BYOD and Mobile Device Management; OWASP vulnerabilities, tools and methodologies; Security Testing, DPA and ISO27001
It is expected that you will actively promote and embed Equality, Diversity and Inclusion (EDI) in all your work and support and comply with all organisational initiatives, policies and procedures on EDI.
High Speed 2 (HS2) will be the UK’s new high speed rail network. As well as improving capacity, the new scheme will shorten journey times between a number of Britain’s major population centres, boost the economy and create thousands of jobs.
HS2 Ltd is a safety critical organisation with safety being one of our core values. Employees are required to ensure reasonable care of their own and others’ health and safety by taking personal responsibility for working to the HS2 ‘Safe at Heart’ programme principles and following safe working procedures at all times.