Job Evaluation Number B963
1
Evaluated on 14/06/2019 Updated on 26/02/2024v4
JOB DESCRIPTION
Job Title: Force Information Risk Assurer
Job Family: ICT Role Profile Title: BB3 Police Staff
Reports To: Information Assurance Manager Band level: 3S
Staff Responsibilities (direct line management of): Nil
a. OVERALL PURPOSE OF THE ROLE: Defines the role, put simply, why it exists.
The overall purpose of the role is to: Contribute to the accreditation and compliance of forces’ systems with legal, national and local Information Assurance requirements in support of the Cyber Security Strategy.
b. KEY ACCOUNTABILITY AREAS: Define the important aspect of the role for which the job holder is responsible for results or outcomes.
The key result areas in the role are as follows:
1. Maintain the accreditation of the forces’ systems and maintain compliance with national and local standards such as Cyber Security Strategy. Identify information and physical security risks and propose recommendations for mitigation to management.
2. Contribute to the development, maintenance and testing of the forces’ ICT Disaster Recovery and Business Continuity Plans ensuring the availability of forces’ information.
3. Contribute to the development of standards, policies, processes and procedures to support the Cyber Security Strategy, to maintain the security of forces’ information.
4. Contribute to the creation and delivery of guidance, user education and operational procedures to support the Cyber Security Strategy. Cultivate relationships with stakeholders in order to raise awareness and proactively contribute to improving the two forces’ adherence to information assurance standards.
5. Provide security requirements, in line with forces’ policies and procedures, for 3rd party suppliers to support the on-going effectiveness of the Cyber Security Strategy
6. Provide advice on security requirements for new and existing ICT systems, to ensure that controls are proportionate, pragmatic, cost-effective and commensurate with national and local requirements.
7. Assist the forces’ Accreditor through preparing and reviewing security design documents, ; risk assessments and other key security documentation as required to identify security risks. Represent the Information Assurance Manager at local, regional and national meetings in relation to information security and information assurance, as required, and provide peer support and assistance when appropriate.
Job Evaluation Number B963
2
Evaluated on 14/06/2019 Updated on 26/02/2024v4
c. DIMENSIONS: Include matters as key result areas that make the greatest demands on the role holder, seasonal pressures, items processed, the number of customers and/or level of authority to make financial decisions or commit other resources.
Further Comments:
Advises Technical Architects and Project Managers.
Must be delivery focused and able to appreciate Information Security matters in a wider business context, enabling the business to meet its objectives. Must have a customer service ethos and be an effective advocate for Information Security.
Provide advice and guidance that is aligned to current HMG and police policies (such as the Cyber Security Strategy) and supports new technologies such as Cloud Mobile and Artificial Intelligence technologies.
The role holder will work with immediate and or / wider ICT team members to share best practice whilst providing development and performance assistance when required. They will act as a subject matter expert to provide guidance and advice to all TVP staff where necessary.
d. CHARACTERISTICS OF THE ROLE Expertise: Concerned with the level of administrative, professional and/or technical expertise (knowledge and skills) needed to perform the role effectively; may be acquired through experience, specialised training, and/or professional or specialist education and training.
The knowledge or skills required in the role are as follows (essential or desirable): E/D
1. Appropriate qualification or significant experience in one or more of the following specialisms: Data Protection, Information Assurance, Risk Management, IT Security, NIST Cyber Security Framework.
E
2. Effective communication skills, dealing with customers and stakeholders at all levels. E
3. Be able to exhibit practical experience in Information Assurance and/or Information Security.
E
4. Technical understanding of IT systems and/or risk management processes. Must be familiar with Cloud and Mobile technologies.
E
5. Maintain a high degree of integrity and trust when dealing with sensitive and classified information.
E
6. Proven ability to work under pressure, prioritise and manage workload whilst remaining positive and motivated.
E
7. Must have capability to travel to different locations across both Forces and undertake all assignments in a timely manner. Due to the requirement to work flexibly, unsocial hours and personal safety for lone working; public transport may not be available or suitable at these times. For this reason a full UK driving licence is considered essential.
E
8. Proven understanding of Risk Management and Information Assurance principles, relevant legislation and Standards.
D
9. Appropriate professional qualification in relevant discipline (such as: MSc Information Security, CISSP, CISMP, CESG Certified Professional etc.)
D
10. Appropriate qualifications and/or experience in Management of Police Information (MoPI) and Physical Security of Police Assured Secure Facilities (PASF)
D
Job Evaluation Number B963
3
Evaluated on 14/06/2019 Updated on 26/02/2024v4
Additional comments:* At interview, candidates will be asked to confirm their willingness to undertake this Basic Driving Assessment, which in turn will enable the use of a police authorised vehicle.