Be aware of budgetary constraints and seek approvals from manager

Transcription

1 Job Description and Person Specification Job title Reports to (Job Title) Directorate Salary Managing people responsibilities Budget Responsibilities IT Security Analyst IT Operations Manager Information Services None Department Information Services Be aware of budgetary constraints and seek approvals from manager The organisation and the role Introduction The CII s vision is that working together, as one united profession we will drive confidence in the power of professional standards. Our Strategic Manifesto Roadmap 2021 can be accessed using this link. To achieve this vision, we are working to provide insightful leadership, relevant learning and a valued membership proposition to maintain and grow an engaged membership. The Information Services team provide the IT solutions and user support required to help the organisation meet its objectives effectively, providing its people with access to the tools and information they require, where and when they require them, so that they can add value. This is a varied and interesting role in the IS Operations team, the post holder will be responsible for IT Security for the CII, both in terms of policy and procedure, IT Audits, implementing technical resolutions or recommendations to secure the data and infrastructure estate and managing Security related Incidents with the legal team such as a cyber attack ensuring logs and data ae retained for forensic analysis. What we are looking for Experience, knowledge and The role includes covering CII core business hours at CII locations and may involve travel to remote non-cii locations from time to time. An enthusiastic dedicated Analyst who is able to multi task and a tenacious problem solver. Willing to research and learn about new technologies. Team player willing to work the hours needed to complete tasks including some weekends and evenings. Security conscious with a bias towards customer satisfaction. Able to work on own initiative or with minimal supervision Must have at least 2 years experience in a similar role. To be successful in this role we believe you need to: Hold the following qualifications

2 Qualifications in the related area ITIL Foundation qualified (as a minimum) (essential) CISSP, CISA, CISM, MsC (essential) CCNA (Essential) CCIE (Desireable) Know about and understand A good appreciation of enterprise architecture principles (essential) Knowledge of Microsoft server and desktop products (essential) Microsoft System Centre Microsoft Azure Microsoft Office 365 VMware vsphere and associated technologies HP server hardware Cisco Networking equipment and firewall management Developing and automating processes and procedures Understanding of GDPR, PCIDSS and COBIT, OWASP Technical knowledge of Microsoft security tools Ability to analyse log files and carry out basic forensic investigations Knowledge of and experience in managing PKI (Essential) Possess the following transferrable skills Ability to learn / pick up new concepts quickly (essential) Excellent verbal, written communication and interpersonal skills (essential) An ability to work calmly under pressure (essential) Ability to innovate and work in an environment of continuous improvement (essential) Able to manage high volume of workload and prioritise appropriately Ability to train others Be able to demonstrate experience of Document writing (work instructions etc) (essential) Capable of working and managing in a cross matrix team (essential) Experience of managing and maintaining IT Network and Server infrastructure (essential) Mobile device management (essential) Working with cloud technologies (desirable) Problem solving (essential) Implementing technical solutions to pen test results Managing own workload This is a busy role and in addition to the above it is essential that you can Manage multiple objectives and see things through to completion within inevitably changing deadlines (essential) Self-organise and self-manage (essential) Have a flexible approach both to the type of work undertaken and working hours as required to meet team objectives and ultimately internal customer needs (essential) Progression in the role

3 within the first month of employment within the first six months of employment for post holder for the period after 12 months in the business Within one month you ll: Understand the architecture of our current infrastructure Understand the critical systems and infrastructure components Have understood and documented the current security protocols in place Within six months you ll: Resolve O365 and Azure security issues and alerts Own large tasks/small projects Within twelve months and ongoing you ll be Completing 15+ security initiatives underway such as o Resolve all issues with internal and external penetration testing using Nessus tool, working with colleagues in development teams o Configure Firesight to be aware for external web servers and Best Practice o Review and resolve issues to raise our O365 security score and put in place automations or delegate to Service Desk where appropriate to maintain a high score o Azure security, review, implement remedial actions and put in place automated processes or delegate to Service Desk where appropriate to raise our score and maintain the higher score o Implement a method of sending secure s internally and externally o Review and implement Best Practice, practical og retention policy o Carry out quarterly review of all firewall rules and make remediations where appropriate o Assist with the new office move to ensure security is maintained o Investigate and implement MDM to include BYOD Have automated as many processes as possible Have documented and handed to Service Desk appropriate security daily/weekly/monthly tasks Implemented MDM The competencies we are looking for Judgement: Decision Making and Problem Solving That you will. Operate with day-to-day autonomy, especially if a subject matter expert. Deal with some ambiguity and complexity in areas where a subject matter expert. Identify relevant external factors, at times need involvement of others to interpret and address these. Assess issues especially medium-term and short-term factors. Make operational decisions that are clear and practical and escalate those that are non-operational.

4 Leadership accountability and delivery Influencing and persuading: relationship building and managing stakeholder relationships Technical Knowledge: your experience, qualifications and subject matter knowledge Operate as operational project manager for projects about product, process or system improvements. Display all necessary project management skills manage outcomes, allocate tasks, monitor progress. Identify and deliver operational level actions that will advance the strategic priorities. Try to break new ground and be creative when generating solutions. Create innovative working methods to generate new ideas. Use resources creatively and think laterally to identify new solutions. Have a flexible approach to problem solving. Look beyond the obvious and immediate information when generating solutions. Demonstrate resourcefulness in identifying and exploiting trends and developments. Exemplify positive service behaviours and promote a culture focused on ensuring members/ customer needs are met. Make clear, pragmatic and manageable plans for service delivery using programme and project management disciplines. Build effective, mutually beneficial relationships with key internal and external stakeholders Have good communication skills, although may display a preference for either verbal or written forms of communication. Speak with confidence and credibility especially in your own specialist area. Present effectively with or without props (e.g. slides). Operate effectively with preferred style. Use body language, eye contact, physical presence to enhance impact. Form and articulate fact and evidence based opinion, educated on topics. Be able to convince others and open to changing opinion. Hold ITIL Foundation CISSP, CISA, CISM, MsC or equivalent qualification from a professional body relevant to functional specialism, and/or relevant degree. Evidence a strong understanding and expertise in your functional specialism. Display a passion for a specific market/technical issue for which you are one of the key go to people. Apply relevant experience to CII issues including experience from your time within the CII, or experience from previous employers. The CII story We are here to build public trust. To find out more about the CII and the Personal Finance Society (PFS) - the body of the CII dedicated to the financial advice market - visit or We value very highly the benefits of having different points of view and experiences. Accordingly, we hope to receive applications from a wide range of talented people irrespective of their religion or belief, gender, age, gender identity, disability, sexual orientation, ethnic origin, political belief, relationship status or caring responsibilities.

5 We are committed to promoting equality and diversity and to building a workforce reflective of the communities we serve.