This document includes information about the role for which you are applying and the information you will need to provide with the application.

Further Particulars

This document includes information about the role for which you are applying and the information you will need to provide with the application.

1. Role details

Vacancy reference: 7770

Job title: Security Specialist Reports to: Head of IT Security

Salary: Up to £49,539

Terms and conditions: Academic Related and Support Staff

Grade: 7

Duration of post: Permanent

Working hours: Full time (37 hours per week)

Due to the nature of the role you will be included within the ‘On call’ rota and may need to be contacted in relation to an Information Security incident out of hours.

Location: Walton Hall, Milton Keynes Closing date: 12pm 19 January 2012

Type of application form accepted: Short version application form (with CV) Number of referees required: 3

2. Summary of duties

Main Purpose of the Post

Working within a technical team to maintain the confidentiality, availability and integrity of the Open University’s information and information systems. This will primarily be achieved through identification and mitigation of risk through security systems management and technical risk analysis / remediation.

 To take responsibility for the operational support of specific security technologies, products and services within The Open University to ensure that they satisfy the organisation’s security needs economically, efficiently and effectively

 To provide a focal point within The Open University for information security expertise  To take responsibility for the delivery of a quality security service

 Operate as a security design authority for both security solutions and business initiatives

 Analysis and appropriate mitigation of risk. Description of Duties of the Post:

 Responsible for operational support of technical security systems, including: installation, configuration, tuning, coverage, support and maintenance  Completion of technical risk analysis (ISO27001/5)

 To establish and maintain security technical standards, procedures and guidelines in conjunction with relevant technical teams

 To provide IT teams with security-focused technical support, training and

consultancy to ensure compliance with security standards, policies and legislation.  Facilitate a process of continuous improvement in the delivery of security services to

the Open University

 To have extensive security knowledge to provide technical expert consultancy to project teams in their use of the technology or product

 Liaise with external bodies and organisations to keep abreast of emerging trends, technologies and legislation that have an impact on Information Security to maintain technical expert status

 To assist in the development of The Open University security technical strategy.  Evaluate products and related technologies that mitigate risk and recommend and

plan their introduction into The Open University infrastructure services.

 Become familiar with related technical areas such as communications, database management etc., to enable effective liaison with other technical groups and the coherent adoption of new technologies

 Working with our security partners (penetration testing, support, upgrades etc)  Working to protect information and the intellectual property of the Open University

3. Person specification

KNOWLEDGE AND EXPERIENCE

The jobholder must have a thorough understanding of the IT security marketplace and must be aware of significant technical developments and directions.

Strong interpersonal skills are essential, as the jobholder must be able to operate effectively at all levels within and outside of The Open University.

Minimum of 10 years’ experience in the IT marketplace, of which 4 years must be as a security practitioner.

COMPLEXITY AND CREATIVITY

Information security is an extremely dynamic arena requiring constant updating of knowledge in both trends and the threat landscape. Technical design decisions are crucial to the security of The Open University, the flexibility of the resulting system and the re-usability of the technical solution in future systems. These require the jobholder to critically examine all current and future requirements for the technology or product and to balance the often-conflicting requirements of usability and security.

The jobholder will be expected to be a key provider of creative solutions to business problems, acting as a catalyst for ideas and encouraging innovation in the security of Open University products, services and solutions.

JUDGEMENTS AND DECISIONS

The jobholder must be able to make judgements on technical issues involving hardware, software and financial considerations as well as general business issues. The jobholder will make purchase recommendations for strategic technologies and products which will be used throughout The Open University’s services, technologies and products which will represent significant capital investment for The Open University and which will play a key role in The Open University’s ability to deliver effective, secure, appropriate and cost-effective solutions. OPERATIONAL RESPONSIBILITY

The jobholder is indirectly responsible for the efficient utilisation of many of The Open University infrastructure services’ computer systems, as technical decisions made can affect operational effectiveness. Poor strategic and technical decisions can also adversely affect our ability to respond effectively to business demands for new computer systems.

CONTACTS AND COMMUNICATION

The job involves developing and maintaining a close and continuing working relationship with all levels of staff and academics within The Open University, particularly with Infrastructure and project teams.

ADDITIONAL INFORMATION Knowledge

 An excellent understanding of best practice within Information Security and risk management including standards such as ISO/IEC 27001

 An understanding of legislation and regulations that impact information Security, e.g. Data Protection Act, Freedom of Information Act, PCIDSS.

organisational challenges to addressing these threats.

 An understanding of Application Security threats and countermeasures.

 A good practical knowledge of security technologies and wider business solutions including Firewalls, IDS/IPS, Identity and access management, SIEM, remote working and cloud technologies.

Skills

 A self-starter with the ability to lead and drive change through an organisation.  Excellent communication skills, both written and verbal. Ability to build strong

relationships and influence decisions with internal and external stakeholders.  A good understanding of project management methodology and how to implement

security within them.

 Good analytical skills and the ability to challenge the norm.

 An ability to think and plan strategically and systematically while recognising the need to deliver to the business requirements.

 The ability to be pragmatic while balancing the needs of the University against security.  The ability to cut through organisational and political barriers to achieve the overall

goal.

Qualifications

 An appropriate degree, equivalent qualification or experience.  One or more of the following qualifications are highly desirable.

o Certified Information Systems Security Professional (CISSP) o Certified Information systems Auditor (CISA)

o MSc Information Security

4. Role specific requirements e.g. Shift working

Due to the nature of the role you will be included within the ‘On call’ rota and may need to be contacted in relation to an Information Security incident out of hours.

5. About the unit/department

INFORMATION ABOUT INFORMATION TECHNOLOGY (IT)

Information Technology provides and supports all central University IT services and is

responsible for the institution's Technical Infrastructure. In addition to this service and support provision, it develops systems to support the business requirements of the organisation.

Information Technology comprises six sections – Curriculum Planning, Finance and HR, Sales & Marketing, Learner Services, CRM & Business Intelligence, Assessment, Qualification and Research, System Architecture and Business Process Consultancy.

The system development function in Information Technology is responsible for the development and maintenance of the University's key operational applications. The main systems support Student and Customer Administration, Course Development and Production, Finance and Staff. Teams of Analysts and Developers are responsible for developing and

maintaining systems for particular business areas. There are also specialised teams responsible for Data Administration, Transaction Processing and communication facilities, including for printing and emailing.

While much of the software is developed in-house, there are a number of packages. These include applications from the Siebel Customer Relationship Management suite, EMC Documentum’s Content Management as well as Finance Ledger, Payroll and Stock Control packages. In-house developed software includes transactional websites to provide self service facilities for students and staff; information websites; decision support; workflow and student and staff records management.

The Higher Education sector in England will undergo dramatic change in the next three years as institutions adjust to serious reductions in state funding for teaching and as students bear more of the cost of their education. As well as these cost drivers, the entry of more private providers to the sector and the increasing consumer power of high fee-paying students will put a premium on service delivery and cost efficiency. In turn, this will throw emphasis on the development of robust, efficient, enterprise-scale IT systems to increase efficiency and customer choice.

6. How to obtain more information about the role or application process

If you would like to discuss the particulars of this role before making an application please contact James Hall, Head of IT Security - james.hall@open.ac.uk

If you have any questions regarding the application process please contact Glyn Bailey on 01908 653285 or email glyn.bailey@open.ac.uk

7. The application process and where to send completed applications

Please ensure that your application, including covering letter and CV, reaches the University by: 12pm 19 January 2012

E-mail your application to: IT-Recruitment@open.ac.uk Or post to: Mrs G Bailey / Recruitment Coordinator Department/Unit: Information Technology

Address: Berrill Level 1 Walton Hall Milton Keynes Post Code: MK7 6AA

8. Selection process and date of interview

The interview panel will be chaired by James Hall, Head of IT Security. The other members of the interview panel will be are to be confirmed. Interviews dates are to be arranged.

We will let you know as soon as possible after the closing date whether you have been shortlisted for interview. Further details on the selection process will also be sent to shortlisted candidates.