Head of IT Security

Location: West Wiltshire

Position: 4-6 Month Contract

Salary/Rate: £350 - £450 per day Negotiable

Must be security cleared

The Head of IT Security is responsible for the effective planning and control of IT security to ensure that data, network resources and systems within the Services are secure and compliant with client Security guidelines and directives.

As a security process owner, this role directs and is accountable for categorizing the various types of data and information in terms of their sensitivity from a regulatory, legal and commercial perspective. The Head of IT Security develops directives, guidelines and procedures for handling, storing and distributing various types of data and information tin relation to their respective sensitivity. He/ she will establish a Security Framework that provides the foundation for logical and physical security processes, guidelines, staffing and technology. To this end, the Head of IT Security works closely with the client´s business leaders, executive management, Legal, Risk Management, Compliance and Finance representatives in creating such framework.

The Head of IT Security is overall responsible for raising awareness amongst client business leaders and management with regard to the purpose and application of IT security, its policies and the conducting of the necessary audits and reviews to ensure process adherence. He/ she works with other process owners to ensure overall alignment and integration of Service Management processes.

 - Develop and deploy a Security Management Framework

 - Regularly review performance of the Framework and initiate and oversee improvement activities

 - Perform regular reviews to verify adherence to guidelines and standards

 - Regularly liaise with other Process Owners to evaluate effectiveness, efficiency and integration of Service Management processes and procedures

 - Provide guidelines and directives for operational Security Management

 - Define resource requirements, investment levels, technology and staffing to ensure adequacy of security levels and measures"

 - Design security policies and guidelines that meet the requirements’ for multiple clients

 - Ensure integration of multiple clients/ service providers into IT Security management

Has defined authority and responsibility for a significant area of work, including technical, financial and quality aspects. Establishes organisational objectives and delegates responsibilities. Is accountable for actions and decisions taken by self and subordinates.

 Influences policy formation on the contribution of own specialism to business objectives. Influences a significant part of own organisation. Develops influential relationships with internal and external clients/ suppliers/ partners at senior management level, including industry leaders. Makes decisions which impact the work of employing organisations, achievement of organisational objectives and financial performance.

Performs highly complex work activities covering technical, financial and quality aspects. Contributes to the formulation and implementation of IT strategy. Creatively applies a wide range of technical and/or management principles.

Absorbs complex technical information and communicates effectively at all levels to both technical and non-technical audiences. Assesses and evaluates risk. Understands the implications of new technologies. Demonstrates clear leadership and the ability to influence and persuade. Has a broad understanding of all aspects of IT and deep understanding of own specialism(s). Understands and communicates the role and impact of IT in the employing organisation and promotes compliance with relevant legislation. Takes the initiative to keep both own and subordinates' skills up to date and to maintain an awareness of developments in the IT industry.

Excellent communicator. Has proven negotiation skills. Builds and leads team to clear objectives and performance expectations, creating vision and clear direction. Fosters an environment conducive to open and constructive communication with Service providers and client stakeholders on all levels, and maintains productive relationships with executive level sponsors.

Has had a managerial role in Service Integration and Provider Management across multiple clients and providers, e.g. on Contract Executive level, leading Sourcing Management team. Has profound experience in balancing and aligning the interests of stakeholders on both business and provider side, demonstrating excellent negotiation and stakeholder management skills. Key decision maker, working with C-Level clients and providers.

Regularly makes decisions and takes independent action to achieve strategic objectives and/or resolve issues. Guides team in

applying useful problem solving approaches. Works cross-functionally with stakeholders in understanding and creating opportunities and making decisions in a timely manner.

Identifies and initiates solutions in unprecedented situations.

SCTY 6: Provides leadership and guidelines on information assurance security expertise for the organisation, working effectively with strategic organisational functions such as legal experts and technical support to provide authoritative advice and guidance on the requirements for security controls. Provides for restoration of information systems by ensuring that protection, detection, and reaction capabilities are incorporated.

INAS 6: Develops corporate Information security policy, standards and guidelines. Prepares and maintains organisational strategies that address the evolving business risk and information control requirements. Operates as a focus for Information assurance governance expertise for the organisation, working effectively with strategic organisational functions such as legal experts and technical support to provide authoritative advice and guidance on the requirements for security controls. Ensures architectural principles are applied during design to reduce risk, and advances assurance standards through ensuring rigorous security testing.

SCAD 6: Develops strategies for ensuring both the physical and electronic security of automated systems. Ensures that the policy and standards for security are fit for purpose, current and are correctly implemented. Reviews new business proposals and provides specialist advice on security issues and implications.

Security Board, Service Management Committee, Service Delivery Committee

Bachelor's degree in Computer Science, IT OR Business Studies and equivalent relevant work experience in IT.