Operational Security Lead

Requirements of the role

The ICO Cyber security team is expanding. This represents an exciting time to join the team, bringing your experience and capabilities as well as potential to learn and develop, in a high profile and dynamic environment. The Cyber Security team is part of our wider Digital, Data and Technology (DDaT) directorate, and ensures that we support the objectives of secure by design.

The Information Commissioner’s Office (ICO) is the independent regulator of information rights. In a data-driven world, we provide advice, guidance, and support to organisations enabling compliance with their obligations, as well as protecting individuals and their personal data.

As an employer, we are passionate about making a positive difference to the lives and careers of our people, and we empower you to be curious, impactful, collaborative and respectful.

Job description

To protect the data and systems within our care from cyber-attacks and data breaches. This is essential to enable and support our organisation in successfully achieving its objectives and maintaining and enhancing our legal compliance and reputation.

The Operational Security Lead will play a key role in protecting customer data and essential functions by monitoring our technology environment, and ensuring controls are effective in preventing, detecting, and responding to threats and vulnerabilities.

As part of a growing Cyber Security team, you will provide subject matter expertise on operational security risks and opportunities, and use your skills and experience to define, achieve, maintain, and improve technical and organisational security measures.

Reporting to the Operational Security Manager, and leading a small team of cyber security officers, you will work closely with colleagues in our wider Digital, Data and Technology team, as well as relevant authorities, and support partners, to drive and deliver effective cyber security.

Key responsibilities:

• Monitoring of system and network activity to identify unauthorised actions by users or potential intrusion by an attacker.
• Preparation for, handling of, and following up of cyber security incidents, to minimise the damage to our organisation and prevent recurrence.
• Management of the configuration of protected systems to ensure that any vulnerabilities are understood and managed.
• Assessment, validation and reporting of information on current and potential cyber threats to maintain the organisation’s situational awareness.
• Management of cyber security risks in line with business objectives and regulatory requirements.
• Management of cyber security education and awareness programme.
• Management of cyber security performance measures.

View on member website