Information Security Specialist - Policy
The BBC Information Security Team sits within the Design & Engineering division of the BBC, and is responsible for ensuring that data within the BBC is protected, in accordance with the needs of the business and according to Information Security principles of Confidentiality, Integrity and Availability. The team provides advice and guidance to all areas of the BBC and its Third Party Partners globally, striving to make all our new apps and systems ‘secure by design’.
The Information Security Specialist will support the delivery of the Information Security Strategy & Policy across the BBC. Reporting to the Information Security Management Team, the candidate will be responsible for ensuring that data within the BBC is protected, in accordance with the needs of the business and according to Information Security principles of availability, integrity and confidentiality. It is also to provide advice and Security Consultancy to all areas of the BBC and its Third Party Partners.
- Lead the development of the Policy Team function and report to the Information Security Management Team.
- Lead development and promote the BBC Information Security Policy Development Plan
- Lead the coordination of the Information Governance Review Process
- Write, update and communicate Information Security Policies, Standards and Guidelines in line with BBC working practices for both Public Service and Worldwide
- Oversee the maintenance of the Information Security Policy Framework together with any associated documentation and awareness materials
- Ensure policies, standards and guidelines meet the requirements of NIST and ISO for all areas of the business (Broadcast, Support, Digital and Worldwide)
- Ensure key stakeholders through the Policy review panel are notified and briefed on significant changes or new policies, standards and guidelines.
- Liaise with the Quality, Risk and Assurance division to assist and coordinate Policy Compliance activities
- Work with immediate Information Security Governance team on building processes such as the Information Risk Management process
- Oversee the research of new guidance, recommendations and assess against current policy guidelines relevant to the BBC.
- Support the teams and divisions responsible for writing information security policies and associated documents and ensure they are aware of their obligations in respect of maintaining and reviewing such documentation
- Work with the relevant parties to introduce new and updated policies in an easy to understand format to BBC staff
- Ensure that document changes are promoted and briefed to the Information Security team, the BBC and 3rd party partners
- Experience of developing, publishing and maintaining information security policies, standards and guidelines
- Excellent working knowledge of ISO27001:2013
- Excellent working knowledge of the NIST framework
Are you the right candidate?
- Demonstrable broad-ranging and comprehensive knowledge of information security theory and practice.
- In-depth knowledge of relevant legislation, codes of practice, guidance and operating procedures.
- Proven track record of Information Security Delivery.
- The ability to identify and solve varied problems by the application of a suite of complex tools and techniques.
- Highly effective and creative problem-solving skills, across a broad range of scenarios, that both deliver novel solutions and enable continual improvement in existing threat mitigation and counter measures.
- Ability to convey and explain complex technical information to non-technical staff.
- Ability to communicate and collaborate at all levels of the corporation, and externally.
- Demonstrable experience of writing information security reports, documentation and standards accurately and to designated timescales.
- Excellent written and verbal communication and presentation skills.
- Highly IT literate, able to work quickly and precisely on a variety of systems, often under pressure and to important deadlines.
- Confidence to make decisions where appropriate and to ask for assistance when necessary.
- Ability to manage multiple tasks and work streams effectively and prioritise accordingly.
- Be able to work on own initiative with minimal supervision.
- Agile & flexible.
- Previous experience of Public Sector and/or Media organisations would be beneficial but not essential
- An understanding of the culture and ethos of the BBC
- View Security as an enabler to the business
- Experience of working in an organisation with a distributed hierarchy and using multiple outsourced support companies
- Understanding of how information security strategy aligns with business and technology strategies
Salary: Grade 9 (Band D)
London will be considered as a location as well.
About the BBC
We don’t focus simply on what we do – we also care how we do it. Our values and the way we behave are important to us. Please make sure you’ve read about our values and behaviours in the document attached below. You’ll be asked questions relating to them as part of your application for this role.
The BBC is committed to building a culturally diverse workforce and therefore strongly encourages applications from underrepresented groups. We are committed to equality of opportunity and welcome applications from individuals, regardless of their background.