Senior ISP IT Security

Teqniq is searching for a Senior ISP IT Security to work in the public sector.

37 hours per week.

3 months contract.

09:00-17:00

Job Description:

Strategic Planning and Governance

Develop, review, and maintain the IT Security Strategy in line with organisational goals and regulatory obligations.

Lead the creation and enforcement of cybersecurity governance frameworks.

Align security objectives with enterprise architecture and digital strategy.

Participate in board-level or senior management discussions around cyber risk.

Identify and manage strategic security risks (technical, legal, reputational, financial).

Evaluate and advise on emerging technologies (e.g. AI, RPA, cloud, hybrid infrastructure) from a security perspective.

Policy, Procedure, and Guidance Oversight

Review and update security policies, procedures, standards, and guidance regularly (e.g., acceptable use, remote access, incident response, etc.).

Ensure alignment with frameworks such as NCSC guidance, ISO 27001, NIST, Cyber Essentials, and GDPR.

Develop and communicate clear roles and responsibilities for information security across departments.

Support Information Governance and Data Protection with policy harmonisation and compliance efforts.

Technical Review and Oversight

Undertake technical reviews of:

New and existing systems, applications, and infrastructure.

Cloud service configurations (IaaS, SaaS, PaaS).

Network architecture, including firewalls, VPNs, and segmentation.

Identity and Access Management (IAM) implementations, including PIM/PAM.

Security configurations in Microsoft 365, Azure, Active Directory, etc.

Conduct or oversee vulnerability assessments, penetration tests, and threat modelling.

Review and approve technical designs and solution architectures from a security standpoint.

Assurance, Compliance, and Audit

Develop and maintain the IT Security Assurance Framework.

Lead or coordinate internal/external audits and security assessments.

Track and report on compliance with standards and regulatory requirements.

Work with internal and external partners to deliver accreditation or certification activities (e.g., PSN, Cyber Essentials Plus, ISO 27001).

Monitor and respond to findings from SIEM, threat intelligence feeds, or monitoring tools.

Performance Monitoring and Reporting

Define and monitor key security performance indicators (KPIs).

Produce regular security reports for senior management and boards.

Track risk registers, exceptions, and remediation actions related to security.

Stakeholder Engagement and Leadership

Act as the senior security point of contact for internal and external stakeholders.

Provide advice and consultancy to IT projects, business units, and leadership teams.

Influence and guide project governance to embed security early in the lifecycle.

Represent the organisation at regional and national forums (e.g., WARP, NCSC, iNetwork).

Training, Awareness, and Culture

Lead and support cybersecurity awareness and training campaigns.

Build a security-conscious culture across the organisation.

Work with HR and Learning & Development to embed cyber hygiene into inductions and role-based training.

Incident Management and Business Continuity

Develop and review the Disaster Recovery and Business Continuity Plans for IT Services and support the Disaster Recovery and Business Continuity for the services areas in the workplace.

Oversee and periodically test the incident response and disaster recovery plans.

Provide strategic direction and escalation oversight during major incidents.

Conduct post-incident reviews and feed findings into policy, technical, and training improvements.

Continuous Improvement and Innovation

Keep abreast of emerging threats, vulnerabilities, and industry best practices.

Champion innovation in security practices, tools, and automation (e.g., SOAR, XDR).

Evaluate and recommend security products and services.

Lead or contribute to security maturity assessments and roadmaps.

TEQ-

INDJS1

Disclaimer: On applying for this vacancy, you agree that your personal details will be passed onto our client, (or any third parties we have dealings with) for their consideration of your suitability for the role. I acknowledge that it is my responsibility to notify teqniq of any hirer who I do not want my details to be passed onto.