In an emergency call 999
For general enquiries call 01158388100
Monday - Friday -

Updated Guidance For Places Of Worship - We've recently published updated safety and security guidance for Places Of Worship across Nottinghamshire. This can be found on a dedicated webpage that seeks to ensure the safety of all those we serve.

ICT Security Manager

Grade: Career Graded 7-8

Post Number: A2005

Conditions of Service: NJC for Local Government Services National Scheme of Conditions of Service

Responsible to: Area Manager for Strategic Support & ICT

Responsible for: ICT Security & Security Information Governance

General Description of the Post

Working within the ICT Department, the post holder will be responsible for management, monitoring and governance of Information Security Management. The postholder will be required to liaise closely with the ICT Service Delivery Manager, ICT Change & Projects Manager, Information and Governance Officer and the Senior Information Risk Owner and other department heads within Nottinghamshire Fire and Rescue Service (NFRS).

Specific Duties

This is a career graded post with stage one at grade 7 before achieving full competency at grade 8. To achieve full competency the postholder will need to have achieved competency in the range of activities set out at grade 7.

Stage 1 – Grade 7 (entry level)

  1. Ensure that the information security risks faced by NFRS are under explicit management control through a structured Information Security Management System.
  2. Provide expert advice to managers on a range of data and information matters to ensure that the Service complies with information legislation and security requirements, such as the General Data Protection Regulation (GDPR) 2018.
  3. Manage the Information Security Incident Management Process and proactively monitor the ICT infrastructure (including the East Midlands Tri-Service Control Room Wide Area Network) using the Security Incident Event Management tool, amongst other security tools, to prevent and/or resolve widespread issues.
  4. Develop and implement, operate and maintain the Information Security Management System, processes and procedures based on the ISO/IEC 27000 series standards and ITIL Framework, including alignment against, but not limited to, ISO/IEC 27001, PSN (Public Service Network), Airwave Code of Connection (Code of Connection), MDT (Mobile Data Terminals) Code of Connection and ESN (Emergency Services Network) Code of Connection.
  5. Take all reasonable steps to ensure that ICT systems are secure from unauthorised access and that all software in use is adequately licensed.
  6. Lead, conduct and document investigations relating to information technology security incidents, ensuring compliance.
  7. Liaison with and offer help to the Information and Governance Officer and other managers throughout the Service as necessary, on information security matters.
  8. Develop, implement, deliver and ensure the operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations.
  9. Monitor compliance with security policies and the security documentation and to develop procedures for effective security.
  10. Produce service metrics in the form of KPIs, documentation and reports to support the management of the Information Security Management System and its activities.
  11. Support the Assets and Resources Area Manager in developing and maintaining an ICT strategy.
  12. Any other duties which may reasonably be regarded as within the nature of the duties, responsibilities and grade of the post as defined, subject to the proviso that normally any significant changes of a permanent nature should be incorporated into the job description in specific terms.

Stage 2 – Grade 8

  1. Develop, manage and provide direction for Information Security Management, ranging from planning and budgeting, to motivational and promotional activities expounding the value of information security.
  2. Develop and implement the necessary information security policies, standards, procedures and guidelines, in conjunction with the Protective Security Steering Group.
  3. Verify appropriate security testing of the ICT infrastructure, networks, disaster recovery and business continuity plans are conducted and documented.
  4. Design, implement and deliver suitable information security awareness, training and educational activities such as general site security awareness.
  5. Develop and implement information security risk assessment procedures and act as lead accreditor to information risk and GDPR compliance.
  6. Contribute to security aspects of the design of information systems and the overall ICT infrastructure of NFRS.
  7. Ensure that any proposed system changes are formally reviewed and that implemented system modifications do not adversely affect the security of the system.
  8. Manage specific budgets as agreed with the Assets and Resources Area Manager, providing regular expenditure and outturn reports as required.
  9. Coach, mentor, motivate and supervise ICT Department staff to ensure positive action, responsibility and accountability for all assigned tasks.
  10. Ensure that ICT Department staff have the requisite technical and service management skills and knowledge to undertake their roles competently.
  11. To ensure the health, safety and well-being of ICT Department staff, including stress risk assessments where applicable.

General Responsibilities (all employees)

Health and Safety

To take reasonable care for your own health and safety and work and that of other persons who may be affected by your work activities.

To co-operate with Nottinghamshire Fire & Rescue’s attempts to comply with health and safety legislation. Where appropriate you must safeguard the health and safety of all persons affected by the work activities you supervise at any premises you have control over.

To work in a safe manner in which you have been trained and instructed and advise your line manager of any health and safety problems you become of aware of.

To familiarise yourself with the contents of the Service’s Written Safety Policy.

Use of equipment and other appliances

To take proper care in handling, operation and safeguarding of any equipment, vehicles or appliance, used or issued by the Service or provided or issued by a third party for individual or collective use in the performance of the job holder’s duties

Equalities

To uphold the Nottinghamshire Fire and Rescue Service’s Fairness at Work and Equal Opportunities policies and practices and to treat all colleagues, service users and contacts with respect and in accordance with the expectations laid down by the Service.

To promote and deliver fair and quality services that are sensitive and responsive to all service users.

Code of Conduct

To adhere to the standards of the Code of Conduct established by the Service.

Personal Development

To keep up to date with current practice, undertake training and Continuous Professional Development as appropriate.

Information Technology

To comply with security measures to protect against unauthorised access to, alteration or disclosure of information held on computer and ensure adherence to the principles of the Data Protection Act.

To undertake any training and operation of new technologies and associated systems as required.

Core Code of Ethics

To act in accordance with the Fire and Rescue Service Code of Ethics and NFRS Behavioural Framework.