Technical Specialist, Cyber Security
Computing and Information Services
Grade 7: - £34,304 to £40,927 per annum (plus a market forces supplement of £3779 per annum, reviewable after 3 years)
Open-Ended/Permanent - Full Time
Contracted Hours per Week: 35
Closing Date: 30-Oct-2021, 6:59:00 AM
Job Family: Estates and Information Infrastructure Services
OUR CHARACTERISTICS: We are a globally outstanding centre of teaching and research excellence, a collegiate community of extraordinary people, in a unique and historic setting.
OUR VALUES: We are inspiring, challenging, innovative, responsible and enabling.
The Department and role purpose
The role will supervise the University's day-to-day cyber security activities, performing initial security investigations (who and what affected, what is the risk, next steps) and contribute significantly to developing improvements to a range of key University IT security services, processes and technologies. This includes Endpoint Detection and Response, email security, authentication, vulnerability management and Security Information & Event Management solutions. The role involves supporting and advising academic and professional services staff (including IT) as well as students on cyber security matters. Managing activities and professional development for a small and established team of security analysts will be essential to support the University's ambitious Information & Cyber Security and Digital Strategies.
The Computing and Information Services (CIS) has an annual operational budget in the order of £10m, multi-million pound programmes of change within year, and approximately 165 staff. The Senior Leadership Team report directly to the Chief Information Officer with the following portfolios: Strategy and Change; Operations; and Information Systems. CIS provide academic, teaching and administrative services across the organisation that underpin the day-to-day activities of the whole organisation.
Recent infrastructure improvements include investment in a new network backbone, including new cable runs throughout the city to all of the Universities core buildings, network virtualisation, new scalable user facing storage, and a new hosting environment. Corresponding business led investment also continues to be made with a new web programme, training platform, student relationship management system, investment in research administration, and maximising the breadth of opportunities available to the University through Office365, alongside numerous other important initiatives. Investment is aligned to the University’s Digital strategy which seeks to provide a clear vision for how digital services can be an enabler to the overall University strategy and objectives.
CIS is a friendly, but demanding department, where much is expected and can be achieved by competent, self-motivated individuals who are demonstrable in their team work ability.
Durham University is one of the world's top universities with strengths across the Arts and Humanities, Business, Sciences and Social Sciences. We are home to some of the most talented scholars and researchers from around the world who are tackling global issues and making a difference to people's lives.
The University sits in a beautiful historic city where it shares ownership of a UNESCO World Heritage Site with Durham Cathedral, the greatest Romanesque building in Western Europe. A collegiate University, Durham recruits outstanding students from across the world and offers an unmatched wider student experience.
Durham University seeks to promote and maintain an inclusive and supportive environment for work and study that assists all members of our University community to reach their full potential. Diversity brings strength and we welcome applications from across the international, national and regional communities that we work with and serve.
University Reward & Benefits information:
It is expected that all staff within the University:
- Contribute to our learning culture by engaging in mentoring, training and coaching.
- Positively contribute to fostering a collegial environment; as well as demonstrating commitment to equality, diversity and inclusion.
- Have due regard to Health and Safety requirements appropriate to grade and role.
University Reward & Benefits information:
Family key attributes
Roles in this family manage and maintain the integrity of University buildings, estates and information services.
Overall family purpose
- Ensure safe, sustainable and fit for purpose buildings, internal and external environments in and on which to conduct University business.
- Liaise and engage with stakeholders across the University to identify and plan infrastructure projects to update and improve services and facilities.
- Align services to meet organisational strategic and operational objectives.
- Design new, adapt existing and implement services, working with external contractors and suppliers.
- Manage and monitor systems, mechanisms and processes to ensure compliance with internal and external regulations.
- Implement procedures to ensure safe and secure buildings, facilities, estates and information networks.
- Design and construct real and virtual test environments to ensure the most fit for purpose technology and services are available to underpin University business needs.
- Manage technology driven services and third-party platforms to underpin teaching, learning, research and administrative activities across the University.
- Engage with external suppliers, contractors, manufacturers and developers to ensure the highest-standards and quality of buildings, estates and information services.
- Work collaboratively and network across the University with staff in other families to ensure a smooth, timely and high-quality delivery of service.
Link to key strategic plan
- An economically sustainable approach to delivering infrastructure services across the University;
- Develop an academic estate that will allow the University to deliver world-class education, research and student experience;
- Ensure the long-term availability of suitable residential accommodation;
- Ensure the continuing renewal and maintenance of our estate;
- Improve the environmental sustainability and ease of travel around our estate and city locations;
- Support and facilitate a first-rate digital learning environment and experience on a par with the best in the UK;
- Running and ongoing development of a first-rate digital learning environment on a par with the best in the UK;
- A stakeholder-focused orientation, offering satisfying careers to all staff;
- Ensure that an increasingly diverse workforce is treated equally, fairly and with respect, and that all staff are demonstrably valued and actively engaged.
- Recognised professional practitioner and management and/or service specialist with responsibility for the management of team members.
- Provide input to the design and development of service processes, techniques and deliverables for one or more service areas or projects, including assisting with management of security risk and issue logs and the development of plans to manage these as appropriate.
- Contribute to the analysis of stakeholder feedback to help define needs and requirements, inputting to the design and planning of services.
- Internal and external relationship development and partnership working, networking and participation to engage and influence future services and the University reputation.
- Provide feedback on team and individual performance and identify development needs, conducting regular staff ADR and performance reviews.
- Handle the vast majority of welfare issues within a team, referring more complex welfare issues to appropriate support services/senior management.
- Delivery of ongoing coaching, mentoring and training to team members.
- Maintain an awareness of current policy for University business goals such as widening participation and access.
- Contribute to business meetings, working groups and sub committees at departmental and operational service levels.
- Devolve responsibilities to team members to ensure continuity of service provision and encourage skills development.
- Provide management for the delivery of high-quality infrastructure support services across the University, including anti malware, encryption, Network Access Control, web & email filtering, Security Information Event Monitoring and authentication capabilities, championing security best practice, principles and standards.
- Promote and foster positive and highly collaborative approaches to problem solving and project implementation, helping to motivate, mentor and coach other team members.
- Supervise team members, ensuring work streams and activities are allocated correctly and performance expectations are met.
- Make decisions about the nature and level of problem solving, physical and analytical tools, techniques and protocols to deliver project and security service objectives.
- Perform initial security investigations (who and what affected, what is the risk, next steps).
- Collaborate with other specialists within the service and across the University, regarding the use of modelling and analytical tools, methods and standards to deliver secure IT services.
- Schedule and monitor maintenance and installation works, projects and work streams related to security across the University.
- Manage and monitor systems to ensure security and compliance with relevant external legislation and regulations for information security.
- Provide regular status reports and identify security risk management and contingency planning to other service staff, specialists, users and managers.
- Liaise with internal and external agencies, local authorities, industries and visitors where appropriate.
- Take responsibility for monitoring and updating security risk assessments and procedures, providing guidance to others where necessary.
- Plan, review, monitor and investigate mechanisms to ensure all organisational stakeholder security requirements have been met.
- Create repeatable solutions and processes (test scripts, checklists, etc.).
- Track security risks including unpatched systems, clients and applications, escalating to management where necessary.
- Contribute to the preparation and maintenance of user security documentation (web pages, FAQs, guides).
- Develop, modify and optimise security protocols and methodologies, making effective use of a range of security technologies.
- Any other reasonable duties.
Specific role requirements
Able to work flexibly to cover 8am-6pm if this is determined to be necessary.
Work out of hours if this is determined to be necessary.
The University if flexible to remote working approaches for this role.
Recruiting to this post
In order to be considered for interview, candidates must evidence each of the essential criteria required for the role in the person specification.
In some cases, the recruiting panel may also consider the desirable criteria, so we recommend you evidence all criteria in your application.
Please note that some criteria will only be considered at interview stage.
How to apply
We prefer to receive applications online.
Please note that in submitting your application Durham University will be processing your data. We would ask you to consider the relevant University Privacy Statement https://www.dur.ac.uk/ig/dp/privacy/pnjobapplicants/ which provides information on the collation, storing and use of data.
What you are required to submit
- A CV;
- A covering letter which details your experience, strengths and potential in the requirements set out above, including essential criteria point 3 Demonstrable knowledge of the wider security threat landscape and issues, which is not included in the Questions Section;
- Examples of how you satisfy the essential criteria in the person specification, this will require completion of the 'Questionnaire' application section.
Please ensure that you submit all documentation listed above or your application cannot proceed to the next stage.
At Durham University, our aim is to create an open and inclusive environment where everyone can reach their full potential and believe our staff should reflect the diversity of the global community in which we work. We welcome and encourage applications from members of groups who are under-represented in our work force including people with disabilities, women and black, Asian and minority ethnic communities.
When appointing to this role the University must ensure that it meets any applicable immigration requirements, including salary thresholds which are applicable to some visas.
Person specification - skills, knowledge, qualifications and experience required
- Broad IT Knowledge and specialist expertise in security technologies such as anti-malware, encryption, SIEM, web & email filtering, firewall and authentication.
- Proven experience performing risk assessments and recommending mitigating controls in the information security space.
- Demonstrable knowledge of the wider security threat landscape and issues.
- Experience of effectively line managing a team or teams and/or line management qualification.
- Excellent oral and written communication skills.
- Experience of providing specialist advice and guidance to a range of customers and colleagues, including more senior colleagues.
- Experience of being able to network effectively and develop strong and productive working relationships.
- Ability to solve problems and resolve issues, plan solutions and make pragmatic decisions.
- Evidence of planning and delivering projects to achieve desired outcomes in a timely fashion.
- High levels of self-motivation, initiative and ability to promote and demonstrate a flexible 'can do' attitude to direct reports.
- Knowledge of key UK legislation such as the Data Protection Act and the Computer Misuse Act.
- Relevant industry and professional recognition and certification of achievement of skills and knowledge.
- Regulatory, local and national professional knowledge and experience of compliance.
- Continuing professional development required to maintain professional recognition.
- Experience of delivering and developing specialist services for buildings, estates, services, or IT provision.
- Knowledge and experience of ensuring compliance with regulatory and organisational policy and guidelines.
- Experience of implementing policy and procedures and involvement with future changes for a service area.
Realising Your Potential Approach
The Realising Your Potential Approach clarifies the behaviours expected to be demonstrated by all staff across Professional Services in the University regardless of their role. Along with the core responsibilities, role responsibilities and the person specification, the Realising Your Potential Approach behavioural indicators are used to inform the recruitment and selection process. Further information on the Realising Your Potential Approach is available here.
DBS Requirement: Not Applicable.