Job Description

We support peace and prosperity by building connections, understanding and trust between people in the UK and countries worldwide.We work directly with individuals to help them gain the skills, confidence and connections to transform their lives and shape a better world in partnership with the UK. We support them to build networks and explore creative ideas, to learn English, to get a high-quality education and to gain internationally recognised qualifications.Working with people in over 200 countries and territories, we are on the ground in more than 100 countries. In 2021-22 we reached 650 million people.British Council Pay band SMP (9)Location: Noida, India
Department: Digital and Technology.
Contract type: Indefinite ContractClosing Date: 03rd Nov 2024 at 23:59 UK Time.Interviews will be held in the following weeks, shortlisted candidates will be informed a week in advanceYou must have the legal right to work in India at the time of application. There is no relocation or sponsorship support.British Council supports working in new ways such as hybrid working, subject to full approval by line management and conditional upon our ability to provide the appropriate level of service. This may not be appropriate for all roles but can be explored at interview.Role purposeThe Security Service and Incident Management Lead is responsible for performing security risk, vulnerability assessments, and business impact analysis for information systems, investigating suspected attacks and managing security incidents. In addition they are responsible for working with the business to explain the purpose of, and providing advice and guidance, on the application and operation on physical, procedural, and technical security controls vital to maintaining a safe and secure working environmentRole contextThe Digital and Technology Directorate leads the British Council\'s digital strategy and transformation. It creates and executes technology initiatives to fulfil the organisation\'s mission and corporate priorities.Key focus areas are:

• Creating digital products that attract and retain customers, delivering business value through digital design and delivery expertise.
• Developing and optimising digital platforms that provide seamless customer interactions and use scalable and secure capabilities.
• Enhancing digital capability across the organisation.
• Enabling growth, impact and efficiency through technology.

Digital and Technology is a global Directorate organised into four divisions: Product, Engineering, Operations and Performance which collectively create digital products and services, maintain, and improve products, services and platforms and optimise performance. Areas of responsibility include digital and technology strategy, architecture, infrastructure, software, development, data, innovation, and cybersecurity. It ensures that technology initiatives are customer and value focused, accessible, efficient, and secure.The Operations division is accountable for the continuing delivery of secure, performant enterprise platforms and applications and the connectivity and modern workplace environment to access those platforms. This is achieved through partnerships with external suppliers and delivery through ITIL based processes. The unit is also responsible for transitioning new products and services into the live environment. It interfaces across the Digital and Technology departments, Suppliers and Managed Services.Main accountabilitiesLeadership & management

• In a lead role for British Council working with the service provider to review, update and create, test, and implement security incident management policies and processes across the British Council.
• Work with the service provider to integrate Security Incident Management with the ITIL Major Incident Management.
• Work in collaboration with the service provider and businesses to ensure security incidents are identified, reported, and managed in a timely manner.

Strategy and/or Planning

• Contribute to the development of security polices and standards.
• Support the Service Provider to develop and deliver cyber security services managed through consultation with key business stakeholders, engagement with third-party suppliers and industry expertise.
• Ensure appropriate content of the cyber security service portfolio are in place.
• Ensures the service provider adheres to security policies and standards relating to the service managed and ensures business and third-party compliance with these and our ways of working.

Relationship and Stakeholder management

• Act as a primary point of contact for managing high level stakeholder relationships that will provide assurance, effectiveness and reliability of the security services to the organisation

• Actively support and engage with the service provider and subject matter experts and stakeholders to ensure continuous improvements are identified through review and benchmarking processes and to gain a wider buy-in into performance strategies.

Service improvement

• Create Security Incident collateral working with the business and the service provider SOC.
• Support the service provider SOC to improve process and automate monitoring and reporting of security threats and incidents
• Act as a primary point of contact for managing high level stakeholder relationships that will provide assurance, effectiveness and reliability to the organisation.
• Actively support and engage with the service provider, subject matter experts and stakeholders to ensure continuous improvements are identified through review and benchmarking processes and to gain a wider buy-in into performance strategies.

• Support the service provider SOC to improve process and automate monitoring and reporting.

Professional services expertise

• Overall responsibility for managing the security incident management service throughout the entire lifecycle.
• Creates and then maintains oversight of Service Level Agreements (SLAs) and Operational Level Agreements (OLA) for the British Council
• Ensures the establishment of maintenance of operational and business methods, procedures and facilities in assigned area of responsibility and reviews them regularly for effectiveness and efficiency.
• Overall accountability for ensuring reliability of cyber security services to ensure that British Council can effectively meet service targets in accordance with planned business objectives.
• Provides overall direction and set appropriate governance standards to ensure the services managed remain within British Council risk appetite and adheres to appropriate standards (cyber essentials, ISO 27001).
• Strategically assesses and implement appropriate risk controls, will be accountable for maintaining key risks indicators and ensuring British Council operate services within the specified risk appetite.
• Overall responsibility for ensuring high level elements required to maintain and restore the services managed are known and in place in the event of a crisis.

Sector/subject expertise

• Working with the service provider SOC Lead on security incidents and support the provision end to end to resolution.
• Define the skills, roles and tools to establish security incident management and response.
• Create Security Incident collateral working with different teams and colleagues, including the SOC.

Consultancy, analysis and problem solving.

• Provides support to the managed services provider high level crisis management team (Service Restoration Team) for high-priority incidents impacting on the services owned and engage with the business where required.
• Collaborate with the wider IS Service team and wider British Council stakeholders to identify where security changes are required, analyse the impact for the business and/or the procurement element of programmes/projects.
• Provide guidance to the business and other D&T teams in working with the managed services partner SOC to ensure adherence to contracts and standards.
• Support wider organisational change on working practices with a supplier.

Role specific SkillsMinimum/essential

• Cyber Security Management
• Risk Management
• IT Management
• Development of security standards and policies

Role specific knowledge and experienceMinimum/essential

• Proven experience of working with an external supplier in a complex global security environment
• Extensive knowledge of threat and vulnerability, attack types and response
• Proven experience of creating, testing establishing security incident management and response policies and processes, playbooks.
• Hands on experience of leading on and managing security incident response.
• Clear understanding of security standards including ISO/IEC 27001:2022, Cyber Essentials and Cyber Essentials Plus
• Clear Understanding of NCSC guidelines and experience of their implementation

EducationMinimum / Essential

• Degree level or equivalent experience

Professional Qualification and CertificationMinimum / Essential

• ISACA Certified Information Security Manager (CISM) or equivalent qualification. Microsoft Certified Azure Security Engineer Associate

Language RequirementsThe British Council systems and global processes operate in English. Written and verbal proficiency (CEF C1) in English is required.A connected and trusted UK in a more connected and trusted world.Equality , Diversity, and Inclusion (EDI) StatementThe British Council is committed to policies and practices of equality, diversity and inclusion across everything we do. We support all staff to make sure their behaviour is consistent with this commitment. We want to address under representation and encourage applicants from under-represented groups, in particular, but not exclusively, on grounds of ethnicity and disability. All disabled applicants who meet the essential criteria are guaranteed an interview and we have Disability Confident Employer Status. We welcome discussions about specific requirements or adjustments to enable participation and engagement in our work and activities.The British Council is committed to safeguarding children, young people and adults who we work with.We believe that all children and adults everywhere in the world deserve to live in safe environments and have the right to be protected from all forms of abuse, maltreatment and exploitation as set out in article 19, UNCRC (United Nations Convention on the Rights of the Child) 1989.Appointment to positions where there is direct involvement with vulnerable groups will be dependent on thorough checks being completed; these will include qualification checks, reference checks, identity & criminal record checks in line with legal requirements and with the British Council\'s Safeguarding policies for Adults and Children.If you have any problems with your application please emailPlease note: Applications to this role can only be considered when made through the Apply section of our careers website. Our \'ASK HR\' email is only to be used in case of a technical issue encountered when applying through the careers website. Emails with supporting statements and CV/Resumes sent to this email address will not be reviewed and will be deleted.

British Council