Mae Trac yn falch o bweru recriwtio ar gyfer

Islington Council

Gwybodaeth

Cysylltu

Address
Islington Council
222 Upper Street
London
N1 1XR
Contact Number
020 7527 2000

Darganfod rhagor

Swyddi Gwefan
Closed
Cyf: RS/1123/076-A ID y swydd wag: 5977644

Cyber Security Engineer

Closed for applications on: 5-Chwef-2024 00:13

Closed

Closed for applications on: 5-Chwef-2024 00:13

Lleoliad

222 Upper Street
London
N1 1XR
Llundain

Math o gontract a phatrwm gwaith

Parhaol
Llawnamser - 35 awr yr wythnos

Cyflog

£48,063 - £51,099 per annum
Yn flynyddol

(PO4)

Arbenigedd

Digital Services

Our mission

We are determined to create a more equal Islington, where everyone who lives here has an equal chance to thrive. To do this, everyone who works at Islington Council lives by a set of values which guide us in everything that we do: collaborative, ambitious, resourceful, and empowering. They spell out ‘CARE’, which is what we think public service is all about. 

Trosolwg o'r swydd

Be at the heart of future public service design by joining our Digital Services team. 

 

Are you looking for a challenging and rewarding role in the public sector? Do you have the skills and experience to protect the council’s systems and data from cyber threats? If so, you might be the perfect candidate for the Cyber Security Engineer role at Islington Digital Services (IDS).

IDS is responsible for providing IT infrastructure and services to support the council's operations and the services it offers to the community. IDS works with a variety of technology solution and service providers to ensure the best outcomes for the council and its customers.

Advert

As a cyber security engineer, you will be responsible for:

Working with colleagues to ensure the council protects its systems and data in a robust, cost-effective manner, including developing incident and recovery procedures, reviewing risk assessments, securing relevant certifications and providing an excellent service to colleagues, staff and residents.

Collaborating with the Cybersecurity team to safeguard council information assets. You will assist the Digital Services Leadership Team in identifying threats and solutions and underpinning change and project governance to ensure Cybersecurity principles and practices are implemented.

Managing the relationship with our managed security service partners to enhance our security for the future of digital public services. You will ensure that our partners deliver high-quality and timely services that meet the council’s needs and expectations.

You will work alongside the Cyber Security Analysts, Architects, and the Head of Cyber Security, to deliver a streamlined cybersecurity practice that follows the best practices and standards in the industry. You will help to build and maintain effective relationships with the council's technology suppliers and ensure that the solutions they provide are fit for purpose and deliver value for money.

Gweithio i'n sefydliad

This role will report to the Digital Services, Head of Cyber Security.

Working for the Islington Council Digital Services Cyber Security team means being part of a group responsible for cybersecurity technology solutions to support the council's IT infrastructure and services. As a team member, you will work closely with various stakeholders to understand their requirements and develop cybersecurity solutions that align with the council's goals and objectives.

To be successful in this role, you will need:

  • Relevant qualifications and experience in cyber security
  • Strong knowledge and skills in cloud security, security assessments, security monitoring, incident response, threat intelligence, risk management and security compliance.
  • Excellent communication and collaboration skills to work effectively with internal and external stakeholders, including technical and non-technical staff, senior management, suppliers and customers.
  • A passion for learning and innovation to stay updated on the latest security trends, threats and best practices and to apply them to the council’s environment.

One of the key criteria for selecting candidates for this position is the Person Specification, which outlines the essential and desirable skills, qualifications, and experience required for the role. You should demonstrate in your application how you meet each of these criteria, providing specific examples from your previous work or education. This will help us to assess your suitability and potential for the job.

 Closing date: Sunday 4th February 2024 at 23:59

Interview date:  Week commencing 19th February.

To hear more about our journey and how you might help us to achieve our aspirations, please contact Timothy Rodgers, Head of Cyber Security on [email protected]

Swydd-ddisgrifiad a phrif gyfrifoldebau manwl

Primary Job Function

  • To research, interpret, disseminate and implement best practice in cyber defence and network security including ISO27001, NCSC (National Centre for Cyber Security) guidance and Public Services Network instructions.
  • To verify and audit compliance with Council policy, relevant codes of practice and appropriate legislation including the Data Protection Act in all matters relating to network security.
  • To provide expert domain support for incidents and investigations into breaches of Council policy, relevant codes of practice and appropriate legislation, liaising with the relevant authorities and monitoring our platforms for information risk issues.
  • To design, implement, and maintain security systems and technologies.
  • To conduct security testing and assessments.
  • To assists in incident response and contribute to the development of security policies and procedures.
  • To update all policies and procedures.
  • To run vulnerability scans and leading on mitigations.
  • To monitor and analyse the security events.
  • To monitors and coordinate SOC activities with the managed services.
  • To assess the alerts to ensure they are not false positives and require action.
  • To ensure all daily checks are carried out within their specified time.

Research and advice

  • To research, review, investigate, develop and implement new technologies to maintain and enhance the technical security of the Council’s network in line with business requirements, best practice and regulatory requirements.
  • To engage with suppliers, advisers and regulators to review, upgrade and enhance the security of the Council’s network, ensuring compliance with mandatory codes of connection.
  • To advise the business, Architecture team and the Technical Design Authority on security architecture, network security, reviewing the network security implications of technical designs and implementations.
  • To work closely with programme and project managers advising on projects that have technical security risks.

Compliance

  • To implement and maintain the daily operation and implementation of IT Cyber Security across the Council’s networks.
  • To monitor, verify and audit compliance with best practice in network security including ISO27001, NCSC guidance and Public Services Network instructions on the Council’s network.
  • To enforce and improve existing standards across the council, reacting to national standards and where applicable write these new standards in to council policy.
  • To ensure the technical protection and security of data and technology assets.
  • To define and write the policy for 3rd party connection standards to the council network and systems. Review and augment the policy regularly.
  • To use and be responsible for security event management systems, intrusion prevention systems, vulnerability scanning tools and end point security systems.
  • To demonstrate compliance to Internal Audit and external regulators, leading on relevant audits and technical aspects of the Council’s Public Services Network Code of Connection, NHS Information Governance Toolkit and Payment Card Industry (PCI-DSS) submissions.
  • Create and distribute Cyber Security awareness and training materials within the council using existing distribution methods
  • Conduct controlled, targeted and scheduled Phishing Attack Simulation campaigns. Report on this and push out security awareness accordingly.
  • Administrate critical systems including antivirus management, mail and communication systems, Internet monitoring, infrastructure management tools, storage provisioning, directory services and anti-spam. Cloud, hybrid or on-premises.

Service Management  

  • To ensure that all service incidents and requests are acknowledged in a timely manner, are effectively managed, with good user communication, and are resolved within the agreed SLA (Service Level Agreement). 
  • To contribute to Major Incident reports including recommendations to reduce the likelihood and impact of future incidents. 

Investigations

  • To provide expert domain knowledge for dealing with security incidents, trigger investigations and provide reports to the Head of Cyber Security.
  • To have an exceptional level of discretion and confidentiality to undertake investigations involving access to highly sensitive, confidential material which may be damaging to the reputation of the council, citizens or employees.
  • To provide expert domain knowledge into the response on the technical aspects of data security incidents, breaches of security controls, investigating events and reporting on impacts, ensuring evidence is secured to support further actions by the relevant authorities.
  • To support the Head of Cyber Security in any technical aspects of investigations, ensuring evidence is secured to support further actions by the relevant authorities.
  • To represent the Council in presenting the findings of technical investigations at briefings, hearing and in court.
  • To be able to withstand cross examination by counsel during tribunals and possible prosecutions. Be able to effectively deliver the results of any investigation to the examining bench or panel.

Business Continuity

  • To support the implementation of the council’s strategy and policy for technical disaster recovery. Provide technical advice to the council on disaster recovery and business continuity requirements.
  • To provide guidance on practical business continuity of core infrastructure and systems during planned maintenance (e.g., during monthly service shutdowns).

Staff

  • To support and encourage staff to be creative, flexible and committed to providing solutions to the needs of the business and to relate to their customers in a clear, friendly and prompt manner.
  • To occasionally supervise apprentices, trainees, staff undertaking job shadowing, secondments and other forms of work experience.

Meetings

  • To participate in meetings with colleagues, customers and suppliers including team meetings and service review meetings.
  • To represent Islington Council in external forums.

Documentation and Knowledge Sharing 

  • Create and maintain technical documentation, including system configurations, standard operating procedures, and troubleshooting guides. 
  • Share knowledge and best practices with team members, providing training and mentoring to enhance overall technical capabilities. 

Other

  • To undertake other duties commensurate to the grade of the post.

Additional:

  • The service operates from Monday to Friday, 8am to 5.30pm, and you will be required to work as directed within these hours; and you may be required to carry out essential maintenance work at other times out of hours.
  • To use and assist others in the use of information technology systems to carry out duties in the most efficient and effective manner.
  • To achieve agreed service outcomes and outputs, and personal appraisal targets, as agreed by the line manager.
  • To undertake training and constructively take part in meetings, supervision, seminars and other events designed to improve communication and assist with the effective development of the post and post holder.
  • The post holder is expected to be committed to the Council’s core values of public service, quality, equality and empowerment and to demonstrate this commitment in the way they carry out their duties.
  • Ensure all the services within the area(s) of responsibility are provided in accordance with the Council's commitment to high quality service provision to users.
  • Ensure that duties are undertaken with due regard and compliance with the Data Protection Act and other legislation.
  • Carry out duties and responsibilities in accordance with the Council’s Health and Safety Policy and relevant Health and Safety legislation.
  • At all times carrying out responsibilities/duties within the framework of the Council's Dignity for all Policy. (Equal Opportunities Policy).

 

Budget responsibilities

None

Work style

Flexible/Office-Based. The post-holder is expected to be onsite at 222 Upper Street at least one day a week and at other times as directed by their line manager. 

Person specification

You should demonstrate on your application form how you meet the essential criteria. Please ensure you address each of the criteria as this will be assessed to determine your suitability for the post.

Assessment Guide

A = Application

I = Interview

T = Test

 

Essential Criteria

Qualifications

Essential criteria

Criteria description

 Assessed by

1

Experience of working as part of a multidisciplinary ICT team in a large ITIL aligned organisation in a regulated industry, ideally a local authority.

A/I

2

Trained in and/or experienced in the operation at least two security vendor’s software, hardware or services or holding a relevant and current professional ICT security qualification.

A/I

Experience

Essential criteria

Criteria description

 Assessed by

3

Experience of security issues relating to hardware and software, with experience of the Microsoft technology stack

A/I

4

Experience of Cloud security practices (preferably in in Azure)

A/I

5

Experience in developing and executing runbooks. Refining ingested logs and triggers on a SIEM

A/I

6

Experience in the use of network and database security tools

A/I

7

Experience of patch management

A/I

8

Experience of devops/secops practices and culture and associated methods

A/I

Skills

Essential criteria

Criteria description

 Assessed by

9

Technologies used to protect and secure the perimeter of the organisation including firewalls and intrusion detection systems.

A/I

10

Ability to transfer fundamental knowledge and experience from one technology to other technologies to gain a rapid understanding of its operation.

A/I

11

Ability to work in a high-pressure environment and make sound decisions in emergency situations while empathising with customers and responding sympathetically to circumstances.

A/I

12

Ability to understand, assimilate, create and maintain effective documentation detailing precise, complex technical and operational information to a variety of audiences including other technical experts, senior officers and elected members.

A/I

13

Knowledge of and proven ability to work to standards including ITIL, Prince 2, ISO 27001, ISO 27002 Data Protection Act, General Data Protection Regulations and other legal and regulatory frameworks relevant to the management of a public sector ICT service.

A/I

14

Excellent time management skills combined with prioritisation skills to balance conflicting and often high-profile priorities.

A/I

 

Manyleb y person

Qualifications

Meini prawf hanfodol
  • Experience of working as part of a multidisciplinary ICT team in a large ITIL aligned organisation in a regulated industry, ideally a local authority.
  • Trained in and/or experienced in the operation at least two security vendor’s software, hardware or services or holding a relevant and current professional ICT security qualification.

SPECIAL REQUIREMENTS

Meini prawf hanfodol
  • This role will require you to have a high-level of discretion and confidentiality as investigations involve access to extremely sensitive and confidential material.

Skills

Meini prawf hanfodol
  • Technologies used to protect and secure the perimeter of the organisation including firewalls and intrusion detection systems.
  • Ability to transfer fundamental knowledge and experience from one technology to other technologies to gain a rapid understanding of its operation.
  • Ability to work in a high-pressure environment and make sound decisions in emergency situations while empathising with customers and responding sympathetically to circumstances.
  • Ability to understand, assimilate, create and maintain effective documentation detailing precise, complex technical and operational information to a variety of audiences including other technical experts, senior officers and elected members.
  • Knowledge of and proven ability to work to standards including ITIL, Prince 2, ISO 27001, ISO 27002 Data Protection Act, General Data Protection Regulations and other legal and regulatory frameworks relevant to the management of a public sector ICT service.
  • Excellent time management skills combined with prioritisation skills to balance conflicting and often high-profile priorities.

Experience

Meini prawf hanfodol
  • Experience of security issues relating to hardware and software, with experience of the Microsoft technology stack
  • Experience of Cloud security practices (preferably in in Azure)
  • Experience in developing and executing runbooks. Refining ingested logs and triggers on a SIEM
  • Experience in the use of network and database security tools
  • Experience of patch management
  • Experience of devops/secops practices and culture and associated methods

Dogfennau

Rhagor o fanylion / cyswllt ar gyfer ymweliadau anffurfiol

Enw
Timothy Rodgers
Teitl y swydd
Head of Cyber Security
Cyfeiriad ebost
[email protected]
Rhif ffôn
07794777386
London Healthy workplace
Timewise helps businesses to attract and develop the best talent through flexible working.
London Living Wage is a voluntary commitment made by employers, who can become accredited with the Living Wage Foundation
Good Work Standard
Time to change
Disability confident committed
Stonewall equality policy. Equality and justice for lesbians, gay men, bisexual and trans people.

Ddim yn derbyn ceisiadau mwyach

Ymddiheuriadau, ond nid yw'r swydd wag hon yn derbyn ceisiadau mwyach.

Gallwch chwilio am swyddi tebyg ar fwrdd swyddi'r cyflogwr, neu fynd i'n bwrdd swyddi cenedlaethol Health Jobs UK.