Current vacancies

IT Security Manager

Job details

No. of posts: 1
Vacancy Reference Number: OGA 138
Grade Grade 7
Salary: £65,701
Location: London
Travel to other locations with UK? Yes
Regular travel between London and Aberdeen
Appointment Type Permanent
Appointment Term Full time
Level of Security clearance SC (ability to attain or currently hold)
Medical required? No

Unless otherwise stated consideration will be given to requests to work on a part time or job share basis. Flexible working hours can also be considered.

Application details

Closing date for applications: 25 Nov 2019

Brief overview of role

The OGA seeks an experienced IT Security professional. The OGA operates a multi-supplier model with several providers working together to deliver a single user experience for all core IT services. The successful candidate will manage the security aspects of those services with responsibility for:

  • The delivery of proactive IT security services that are focused on the timely investigation and resolution of IT system and security issues;
  • Ensuring that all IT “Back Office” Operations services are secure; assessing the risks of identified security vulnerabilities;
  • Working closely with our CIO and other members in the Information Services team to ensure the department's security roadmap is aligned with business needs;
  • Working closely with the IT Service Deliver Manager to ensure that plans for new services are aligned with the OGA security policies and risk posture;
  • Providing security guidance & assistance to all OGA personnel, raising awareness of security updates, published policies, standards and guidelines.
  • Ensure information security frameworks are developed and maintained based on industry and government best practices standards that are fit for audit.
  • Ensuring the proactive approach to the identification, assessment and mitigation of emerging information security risks and business impacts arising from the processing of digital and physical information and operation of IT Services and systems.
  • Managing the OGA Business Continuity Plan.

Detailed job description and key responsibilities

The IT Security Manager plays an active role in the wider business - monitoring, reporting and reviewing the quality of and satisfaction with the services provided and assisting the IT Service Delivery Manager in delivering the IT Strategy.

Key responsibilities include:

  • All IT security strategy, policies and processes
    • Creation/review/enforcement of polices, maintain a register of legal, statutory, regulatory and contractual obligations (related to information security), raising the awareness and highlighting the implications of changes in applicable legislation;
    • Training - undertake initiatives to raise awareness of information security, policies, guidelines and best practices within the organisation as well as with service partners;
    • Audit process for initiating security and safety measures and strategies
    • Work with the CIO to develop the strategy and plan, including a systematic review of legacy databases, systems and business processes
    • Undertake a gap analysis of the OGA’s current IT security arrangements and gain OGA leadership and Board approval for a five-year IT security plan.
    • Ensure that OGA cyber security training is given to all personnel.
    • Owning the OGA Business Continuity Plan and providing input into any Disaster Recovery (DR) procedures
  • IT controls, management, governance and assurance
    • Setting the security architecture that IT should adhere to i.e. NCSC levels, national / international standards and ensure information security frameworks are developed and maintained based on industry and government best practices.
    • Ensuring IT systems are compliant with all applicable / relevant legislation – such as Data Protection Act 2018, GDPR, Office of Cyber Security & Information Assurance (OCSIA), GIAA audit, ISO27001.
    • Ensure that IT services are provided in line with Cabinet Office (Office of Cyber Security & Information Assurance (OCSIA), legal, procurement and Government security guidelines.
    • Protecting network, infrastructure and systems including directing or maintaining device and system configurations
    • Review of IT project designs, associated changes and process
    • Annual Health check and assurance – penetration and vulnerability assessments and associated timely remediation work
    • Liaison with government and industry security networks
  • Oversees the management of the IT security services delivered to the organisation.
    • Regular review of supplier security services and associated remediation work
  • Lead on security incidents, events and investigations including forensic analysis
  • Ensuring the proactive approach to the identification, assessment and mitigation of emerging information security risks and business impacts arising from the processing of digital and physical information and operation of IT Services and systems.
  • Contact regular deep technical inspections of systems and networks to ensure that they are secure and monitored effectively
  • Ensure effective processes for security updates across the IT estate
  • Working closely with the Head of Procurement & IT and Finance to provide input to the annual Security budgets, including managing and monitoring delegated spend against the approved delegated budget and highlight any potential overspend at the earliest opportunity;
  • Liaise with external service support organisations as required.

Person specification

  • Competence 1: Delivering at Pace • Be pragmatic and results-focussed
  • Competence 2: Leading and Communicating • Have leadership, communication and motivational skills yet also be a committed team-player in an environment where priorities and goals can quickly change and evolve; • Have the ability to manage in a modern, empowering way and deputise as required; • Have exceptional inter-personal skills, enabling constructive engagement at all levels.
  • Competence 3: Managing a Quality Service • Experience of managing outsourced services contracts and procurement; • Experience of managing IT Security Operations.
  • Competence 4: Building Capability for All • Able to clearly demonstrate experience in change management and transformational IT security processes.

Specialist Skills, Qualifications, Experience, Licenses, Memberships or Language

Essential Desirable
• Certificate in Information Security Management Principles (CISMP), working towards Certified IT Security Manager (CISM).
• Cyber Security accreditation
• Well-developed IT skills, including Windows server and desktop environments, cloud services, networking, applications, security and virtualised environments
• Proven experience of developing and implementing information security framework systems, tools and processes at a technical implementation level;
• A clear understanding of IT security risks and cyber security, especially within the public sector
• A record which shows a track record of being able to demonstrate effective and diplomatic communication at all levels
• Experience with firewall and networks design, configuration and security
• Principles, practices, tools and techniques of ITT auditing
• Knowledge of tools or systems which provides access security control (ie prevents unauthorised access to systems) for example ACF2
• Methods and techniques for risk management, business impact analysis, counter measures and contingency arrangements relating to the serious disruption of IT services e.g. resilience, security, fall back location/services, mobile back-up, diversity.
• Computer Hacking Forensics Investigator accreditation;
• Experience of public sector / government regulatory environment;
• Certified IT Security Manager (CISM).
• Certified Information Security Professional (CISP)

Application Process and Further Information

Unfortunately you do not meet minimum nationality and educational requirements of this position.

Completed applications will only be accepted via the online application process below, however, if you do require the application form in a different format please contact us at quoting the recruitment reference number and job title.

You should provide examples in your covering letter that best demonstrate your skills and abilities against the competencies and specialist skills. The maximum word count against each competence example is 250 words. The information you provide will be assessed during the short listing stage and if you are invited to attend an interview, the indicated competence areas will discussed further.

When completing your application, you should use the STAR format (Situation, Task, Action and Result) methodology for each competence. All appointments are subject to successful completion of pre-employment checks

For further information please see the Information to Candidates pack (PDF)

Additional information on what you can expect as an Oil and Gas Authority employee

Apply online

Inclusion and Diversity statement

The OGA is committed to embedding equality and diversity into all our policies and processes. We will aim to recruit, retain and promote staff on the basis of competence and regardless of characteristics including those listed under the Equality Act 2010. These protected characteristics are; age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex and sexual orientation.

The OGA is an accredited Disability Confident Committed employer. We have also been awarded silver accreditation for the Gender Diversity Benchmark through Business in the Community, The Prince’s Responsible Business Network.  In addition, we are signed up to their Race at Work Charter and implement its five principles. As a further commitment to attracting, retaining and developing a diverse workforce we have signed up to the Axis Pledge.