Principal accountabilities
1. Build, lead and manage the in-house cyber security and risk function, recruiting to key posts and developing skills and competencies, with key focuses on security practice and information governance.
2. Own the IT & Digital audit schedule of internal and external audits; accountable for commissioning appropriate work, organising the activities, and tracking and overseeing compliance work and remedial actions resulting to agreed timetables.
3. In consultation with the Director of Innovation and senior leadership team for IT & Digital, devise the cyber security strategy for the council – setting the council’s posture, objectives and approach to cyber – and oversee the execution of the strategy to time.
4. Own and manage the overall IT & Digital risk register, ensuring appropriate processes for risk management and ensuring collective staff and leadership buy-in to managing risks.
5. Act as the council’s most senior consultant on matter of cyber security: writing position papers, providing advice to projects and staff, briefing senior leaders and members where appropriate, and building a function that ensures good practice is adopted and followed within the council.
6. Maintain up-to-date knowledge, research and intelligence of the cyber security landscape, ensuring the latest practices, methods, mitigations, tools and advisories are provided to the council.
7. Own, manage and advise the council’s compliance with appropriate advice (such as the NCSC), certification where appropriate (including but not limited to Cyber Essentials+, CAF, PCI-DSS, ISO27001), and any other relevant standards.
8. Accountable for overseeing and coordinating all audits commissioned by or on behalf of IT & Digital, including internal and external audits. Maintain a full list of audit recommendations and actions and ensure these are acted upon in a timely fashion.
9. In the event of a cyber incident, provide emergency support and advice to manage and mitigate attacks in progress, secure the council’s digital estate and ensure rapid recovery and effective investigation; acting as the organisation’s most senior subject matter expert, direct the council’s response in consultation with the Director of Digital Innovation.
10. Deputise for the Director of Digital Innovation as required, both for normal cover and as a point of escalation and authority in a crisis or emergency.