ICT Assurance GRC Data Analyst in Belfast

PERSON SPECIFICATIONNOTES TO JOB APPLICANTS1. You must clearly demonstrate on your application form under each question how and to what extent you meet the required criteria as failure to do so may result in you not being shortlisted. You should clearly demonstrate this for both the essential and desirable criteria where relevant.2. You must demonstrate how you meet the criteria by the closing date for applications unless the criteria state otherwise.3. The stage in the process when the criteria will be measured is outlined in the table below.4. Shortlisting will be carried out on the basis of the essential criteria set out in Section 1 below using the information provided by you on your application form.5. Please note that the Selection Panel reserves the right to shortlist only those applicants that it believes most strongly meet the criteria for the role.6. In the event of an excessive number of applications the Selection Panel also reserves the right to apply any desirable criteria as outlined in Section 3 at shortlisting in which case these will be applied in the order listed. It is important therefore that you also clearly demonstrate on your application form on how you meet any desirable criteria.Section 1 - Essential CriteriaThe following are essential criteria which will initially be measured at the shortlisting stage and whichmay also be further explored during the interview/selection stage.You should therefore make it clear on your application form how and to what extent you meet these criteria. Failure to do so may result in you not being shortlisted.FactorEssential CriteriaMethod of AssessmentQualifications/ExperienceHold a Bachelors degree relating IT related field Computer Science Data science Data Analytic IT or Cyber-Security and have two years experience of performing a role involving IT data analytics or data engineering ideally with security context;ORfive years experience of performing a role involving IT data analytics or data engineering ideally with security context.Demonstrable experience of the successful operation of a compliance framework and governance model including policies procedures and systems.Shortlisting by Application FormSkills/AbilitiesA good level of IT literacy using a range of ETL tools such as Power BI.Ability to analyse security compliance data and reporting findings to a variety of stakeholders from Executive Summaries to SRO Reports.Shortlisting by Application FormKnowledgeDemonstrable knowledge of the current and anticipated cyber security challenges.Knowledge of a range of information security governance risk and compliance.Shortlisting by Application FormOtherWillingness to work outside of normal working hours as and when required.The successful candidate will be required:to have access to a suitable vehicle (appropriately maintained and insured for Education Authority business) that will enable them to carry out the mobility requirements of the post in an efficient and effective manner and thus meet this essential criterion; OR be able to provide sufficient information on the application form that will satisfy the employer that he/she has access to an appropriate alternative form of transport that will enable them to carry out the mobility requirements of the post in an efficient and effective manner and thus meet this essential criterion. Shortlisting by Application FormSection 2 - Essential CriteriaThe following are additional essential criteria which will be measured during the interview/selection stage in line with EAs Game Changing People Model.FactorEssential CriteriaMethod of Assessmentalifications/ExperienceDemonstrable knowledge of management of IT security and compliance in a large organisation. This includes supporting development and implementation of strategic vision for the ICT Assurance Service.Demonstrable Knowledge/experience of information Security frameworks governance and operation models including but not limited to:compliance monitoring tools and associated documentation.Experience of the implementation of compliance monitoring solutionsDesign and implementation of data integrations for a variety of sources to present a single pane of glass for data reporting.Knowledge of Compliance reporting.Interview/PresentationSkills/AbilitiesIn line with EAs Game Changing People Model we will look for evidence of:A proven ability to analyse and solve problems using their broad knowledge of information security. Good collaborative skills to build genuine and productive relationships with internal & external stakeholders.Coach Support motivate and develop employees effectively promoting inclusion and engagement.Ability to respond to cyber security incidents in a calm and effective manner.Proven ability to achieve targets/objectives and to meet challenging deadlines through the engagement of teams or working groups.InterviewValues OrientationEvidence of how your experience and approach to work reflect EAs ethos and values. You will find information about our Values hereInterviewSection 3 - Desirable CriteriaSome or all of the desirable criteria may be applied by the Selection Panel in order to determine a manageable pool of candidates. Desirable criteria will be applied in the order listed. You should make it clear on your application form how and to what extent you meet the desirable criteria as failure to do so may result in you not being shortlisted.FactorDesirable CriteriaMethod of AssessmentKnowledgeKnowledge of Risk Management standards such as ISO 27005.Shortlisting by Application FormOur ValuesThrough the selection process we will also seek evidence that the personal values of candidates align with those of the EA. This will include evidence of commitment to equality and excellence in service delivery. These reflect our aim which is to meet the needs of all our children and young people equally removing barriers to learning and ensuring equality of access to excellent education services so that every child can develop to his or her full potential. DISCLOSURE OF CRIMINAL BACKGROUNDThe Safeguarding Vulnerable Groups (Northern Ireland) Order 2007 defines working directly with children or young people or in specified places as regulated activity.In the event that you are recommended for appointed to a post that involves regulated activity the Education Authority will be required to undertake an Enhanced Disclosure of Criminal Background.Please note that youWILLbe expected to meet the cost of an Enhanced Disclosure Certificate. Details of how to make payment will be sent to you at the pre-employment stage.Further information can be accessed atNI Director theDepartment of Justice.APPLICANT GUIDANCE NOTESTo view the applicant guidance notes please clickhere.To learn about the many great benefits of joining the Education Authority click hereThe Education Authority is an Equal Opportunities Employer.JOB DESCRIPTIONREPORTS TO: Compliance LeadRESPONSIBLE FOR:The GRC Data Analyst will be responsible for managing compliance with EA ICT Assurance and other applicable cyber and information security policies and standards (e.g. those issued by the NCSC). The GRC Data Analyst will also be responsible for monitoring compliance for software licensing and for engaging with wider organisational and external compliance functions as necessary. The GRC Data Analyst will be responsible for engaging with the IT Security Officers to review the implementation of security policy and with the Network and Infrastructure teams in developing a means to monitor and measure compliance with policy for technical and procedural security controls. The GRC Data Analyst will be responsible for managing and leading the ICT Assurance compliance team. The GRC Data Analyst will be required to liaise with the Head of Services ICT Assurance on compliance issues to ensure consistency across EA service areas.JOB PURPOSETo implement information security compliance activities for EA ensuring compliance with relevant cyber and information security policies standards and guidance.To operationally manage cyber incident response for the organisation co-ordinating external and internal resources in responding to suspected security breaches and leading the subsequent root cause analysis and lessons learned reviews.To ensure that the confidentiality integrity and availability of EAs assets information data and IT services supports the organisation to achieve the corporate objectives.To protect the interests of those relying on information and the systems and communications that deliver the information from harm resulting from failures of confidentiality integrity and availability.The objectives of the post will be met when:Information is observed by or disclosed to only those who have the right to know (confidentiality)Information is complete accurate and protected against unauthorised modification (integrity)Information is available and usable when required and the systems that provide it can appropriately resist attacks and recover from or prevent failures (availability)Business transactions as well as information exchanges between enterprises or with partners can be trusted (authenticity and non-repudiation)Leadership and management responsibilitiesThe GRC Data Analyst has the following leadership responsibilities for this portfolio of services:Setting Vision and StrategyWork with the ICT Assurance Compliance Lead to establish maintain and communicate a clear and compelling strategic direction for information security across EA.Contribute to the development of a strategic plan for cyber security Risk and compliance in EA.Contribute to the development and implementation of new compliance metrics and reporting including policies compliance frameworks and processes in line with strategic direction and other public sector/cyber security organisations.Challenge conventional approaches harness new approaches and technology and maximise efficiencies and take an automated approach to report on Cyber Security Risk and Compliance within EA.Managing the Organisation to DeliverManage service delivery effectively to ensure that the section achieves the highest possible standards of performance and focuses on the needs of internal and external customers.Agree service performance targets with the ICT Assurance Compliance Lead and other EA Head of Services and provide regular progress reports at SMT/ Directorate level and occasional reports to Board level.Regularly engage with the Compliance Lead to monitor and review plans and make adjustments as required.Manage and continuously improve the section to ensure delivery against performance targets and to ensure that best value for money is achieved.Ensure that the service contributes to overall Directorate and Corporate performance as appropriate and provide update reports as required.Ensure that the ICT Assurance Compliance Lead receives high quality service-specific advice.Apply resources effectively across the section to maximise the delivery of front-line services.Ensure compliance with relevant legal regulatory and statutory performance requirements.Assist the Compliance Lead to ensure that ICT Assurance compliance service budgets are managed in accordance with all relevant financial policy and procedures.Contribute effectively to quality and performance management systems and ensure that the section is being managed as per the requirements of these systems.Assist the Compliance Lead to investigate all complaints and adverse incidents where outcomes are below expected standards.Establish effective and rigorous quality assurance systems to maintain high standards.LeadershipWork closely with the Head of ICT Assurance and the Compliance Lead to provide the section with leadership and direction ensuring that corporate directorate and service performance standards are achieved.Promote the ethos and values of the authority and ensure that the section is focused on customer needs.Foster a culture that supports achievement of the authoritys Strategic Plan by role modelling core values and leadership behaviours to staff in the section.Lead/manage and communicate change and improvement initiatives within the section.Lead manage and develop staff within the section.Actively encourage teamwork and self-development and create opportunities to maximise individuals potential stimulate innovation and connection at all levels with front line services.Promote a positive culture of performance management within the section through individual and small-team accountability. Foster a culture of constructive feedback and learning and a genuine commitment to regular and effective appraisals. Prepare and deliver reports on behalf of the ICT Assurance Compliance Lead as required.Building Relationships and Working with OthersBuild and maintain effective professional and respectful stakeholder relationships.Ensure efficient and effective internal communication with staff in the section.Work closely with partner organisations the ICT Assurance Compliance Lead and colleagues to benchmark services and lead/manage and monitor change.Build and maintain effective working relationships and clear lines of communication with the ICT Assurance Compliance Lead and the Head of ICT Assurance other Heads of Service within the Directorate and in other Directorates and the ICT Senior Management Team.Develop and maintain clear lines of communication and effective working partnerships with relevant external stakeholders and service user groups.Work with the Compliance Lead to manage engagement with staff schools and the public on major changes in the service that may affect them.Work with external agencies; for example education sector partner organisations to identify opportunities for joint working that might bring greater consistency across the sector and/or improve efficiency and effectiveness of service delivery.Section-specific responsibilitiesThe following list provides an outline of the key responsibilities. It does not however represent a comprehensive list of tasks.ControlSupport the Compliance Lead to establish a compliance Reporting System.Support the Compliance Lead to establish in taking a data driven approach to inform Cyber security standards policies and controls.Support the Compliance Lead to develop governance and an operational team for monitoring indicators of compromise and responding to information security incidents.Establish and control compliance with information security auditing monitoring and evaluation against policy standards and guidance.PlanDevise and recommend appropriate mechanisms for measuring security compliance based on an understanding of the requirements of the organisation.Gather requirements from such sources as security tools business and service risk plans and strategies service and operational level agreements and legal moral and ethical responsibilities for information security.Consider factors such as the amount of funding available and the prevailing organisational culture and attitudes to security.Develop a data driven approach to cyber security risk assessment to inform the development of security requirements.Develop compliance and cyber incident monitoring plans.ImplementEnsure that appropriate procedures tools and controls are in place including security compliance monitoring and reporting.Determination of a clear and agreed compliance framework integrated with the needs of the business.Provide effective marketing and education in security compliance risks and requirements.Provide security data to support organisational audits.Evaluate operational information security implementation risk.Promote security awareness by developing and implementing a security awareness and training programme around compliance using a data driven approachEstablish a mechanism for measuring and managing compliance and incident management improvement.EvaluateSupervise and check compliance with the security policy and security requirements in service and operational level agreements and in underpinning contracts with suppliers.Carry out regular audits of the technical security configuration of IT systems and supporting processes during and post implementation.Provide compliance and incident management information to external auditors and regulators as required.Monitor Critical Success Factors (CSFs) and Key Performance Indicators (KPIs) for information security.MaintainImprove security arrangements as specified in service and operational level agreements and other documentation.Improve the implementation of security measures and controls.Carry out continual service improvement in relation to information security.Work towards independent certification against ISO/IEC 27001 and CAF.This job description is intended to provide a broad outline of the responsibilities and is not intended to be exhaustive. Other reasonable duties may be assigned by the ICT Assurance Compliance Lead and Head of ICT Assurance in consultation with the post-holder.This job description will be subject to review in light of changing circumstances and is not intended to be rigid and inflexible but should be regarded as providing guidelines within which the individual works. Other duties of a similar nature and appropriate to the grade may be assigned from time to time.In accordance with Section 75 of the Northern Ireland Act (1998) the post-holder is expected to promote good relations equality of opportunity and pay due regard for equality legislation at all times.To view the summary of terms and conditions for this post clickhere.Required Experience:IC Key Skills Data Analytics,Microsoft Access,SQL,Power BI,R,Data Visualization,Tableau,Data Management,Data Mining,SAS,Data Analysis Skills,Analytics Employment Type : Full Time Experience: years Vacancy: 1