Information Security Officer

Role Purpose The purpose of this role within the relevant business unit and for HIQA as a whole: The Information Security Officer role is part of the Information Governance and Assurance team within the Information Division. The Security Officer will assess HIQA’s digital platforms to identify areas of security vulnerability and work with other teams and external partners to provide solutions, manage on-going proactive monitoring of security for HIQA systems and educate staff on information security. This is an additional position within the Authority and is in line with the strategy of supporting the expansion of HIQA and to support our digital and data transformation program. HIQA is undergoing significant transformation of its systems and migrating strategic systems to cloud.

Reporting to the Information Governance Manager and working closely with colleagues across the organisation, the Information Security Officer will act as a vital link between HIQA’s business objectives and information governance capability driving to drive security across the organisation.

The Security Officer will provide specialised subject matter knowledge and clear guidance on security policy, procedures and assess risks and ensure systems are secured. They will also be engaged in security aspects of assigned projects. They will monitor and assess security threats or incidents working with HIQA security systems, security tools and with our external technology and security partners. This role requires a confident, solutions focused individual who has a strong operational background and possesses excellent communication and inter-personal skills. Behavioural Expectations The way that HIQA people are expected to work to role model HIQA values: The incumbent of this role is expected to demonstrate HIQA’s values in the delivery of every day work and interactions with clients and colleagues, by putting people first, being fair and objective, being open and accountable, demonstrating excellence and innovation and working together.

Common Tasks Team Member

• Seek clarity on the tasks associated with own role
• Complete tasks in compliance with policies and procedures
• Adhere to relevant legislation, standards and internal audits
• Fulfil any mandatory or professional competency requirements
• Maintain confidentiality and a professional approach
• Raise any concerns in relation to workplace health and safety
• Actively identify learning needs and development opportunities
• Actively contribute as a team member
• Follow direction and take on new and different tasks
• Set and achieve performance goals that contribute to HIQA strategy
• Regularly seek feedback to meet performance expectations and goals

Role Specific Tasks The key tasks and activities associated with the role: The key activities associated with this role are:

• Perform security risk assessment security and testing of cyber security for data processing systems.
• Assess firewalls, data encryption and other security measures for IT security compliance.
• Review and analyse the cyber security monitoring system reports to identify the areas of improvement and provide guidance on alternative or compensatory controls.
• Document and implement information security procedures / policies
• Train other staff on network and information security procedures and policies.
• Develop and maintain security assurance by ongoing monitoring and implementation of controls systems.
• Ensure data security is applied by design and by default.
• Work closely with technical teams on proposed solutions to ensure alignment with business needs and existing technologies
• Participate in system testing and user acceptance testing to ensure best practices are followed.
• Report current status, risks and issues to the

Information Governance manager.

• Escalate security risks and issues in a timely manner within HIQA.
• Translate security technical reporting into business language for management.
• Work with multiple vendors and internal staff to ensure security actions proactively followed up and recommendations are addressed.

The content of any role description are not exhaustive and are intended to be indicative of the scope of the role Qualifications The qualifications that are essential to effectively meet the requirements of the role: In determining your eligibility the following are the essential qualifications that will be assessed as part of the shortlisting stage of the selection process.

• Degree qualification (minimum Level 7 on the National Framework of Qualifications or equivalent) in a discipline deemed relevant by the Authority for the post as advertised.

The qualifications that are desirable to effectively meet the requirements of the role:

• Recognised cyber security qualifications such CISSP.

Experience The experience that is essential to effectively meet the requirements of the role:

In determining your eligibility the following are the essential knowledge and experience that will be assessed as part of the shortlisting stage of the selection process.

• Minimum of 3 years’ experience working as an IT cyber security analyst or in a related cyber security or ICT role deemed relevant by the Authority for the post as advertised.

Other knowledge and experience that are deemed necessary for the role.

• Experience in deploying security-related initiatives in a structured manner using project management methodologies
• Best practices for TCP/IP Networking, routers and switches / Firewalls / VMware / NAC or similar products
• Best practice for design of user access controls including AD, Azure AD or similar products
• Experience of working with and securing cloud applications, particularly in Microsoft Azure environment.
• Excellent ICT skills in all Microsoft tools, such as Visio, Word, Excel, PowerPoint and Outlook
• Working knowledge of SharePoint and document management, including how to address challenges associated with and information security management.
• Working with security monitoring systems and tools

The experience that is desirable to effectively meet the requirements of the role:

• Microsoft Dynamics 365 CRM experience is beneficial
• Knowledge of Threat Models and simulation of threat is beneficial
• Recognised Microsoft Azure Security Certification
• Recognised Cloud Cyber Security Qualification
• Knowledge of Web Application Firewalls such as Cloudflare and ZTNA
• Hands on experience of security testing and security test tools.

HIQA Competencies (Behavioural) Resilience Maintains personal confidence and is able to manage self and emotions in a flexible and adaptive manner when faced with adversity or challenging situations

Proficient Integrity Is sincere, respects and values others, maintains a high standard of personal ethics, reliably delivers on promises and takes a rights-based approach to all decisions and actions

Proficient Collaboration Builds relationships based on collaboration and trust, is politically and socially astute in approach and is able to resolve difficult situations and conflict

Skilled Leadership Orients self and others to a vision, engages with and contributes to an inclusive and productive work environment; holds to account, promotes learning and challenges self and others to achieve a shared purpose

Proficient Customer Focus Recognises internal and external customers and stakeholders, and proactively seeks to understand, uphold and respond to their needs Proficient Good Judgement Seeks and analyses information to better understand complex situations, applies an ethical framework to make critical and objective evaluations and reaches high-quality decisions that are contextually relevant

Skilled Results Orientation Can deliver results in challenging situations with and through others, strives to exceed expectations and creates as much value as possible Principal Conditions of Service Probation A probationary period of six months applies to this position.

Pay Candidates will be appointed on the minimum point of the salary scale (€73,961) and in accordance with the Department of Finance guidelines. The rate of remuneration will not be subject to negotiation. The incremental progression for this scale is in line with Government pay policy. The salary scale for this position is as follows: Engineer Grade II (PPC) €73,961 €75,651 €77,337 €79,031 €80,720 €81,169 €82,834 €84,562 €87,376¹ €90,198² 1. After 3 years’ satisfactory service at the maximum 2. After 6 years’ satisfactory service at the maximum Entry will be at the first point of the scale. An exception may occur where an appointee has been serving elsewhere in the public service in an analogous grade and pay-scale. In this case the appointment may be assimilated to the nearest point of the advertised salary scale with their incremental date adjusted accordingly. Please note the rate of remuneration may be adjusted from time to time in line with Government pay policy.

Superannuation Pensionable public servants (new joiners) recruited on or after 1 January 2013 will be members of the Single Public Service Pension Scheme. Please note that the Single Public Service Pension Scheme applies to all pensionable first-time entrants to the public service, as well as to former public servants returning to the public service after a break of more than 26 weeks. In certain circumstances, for example, where the public servant was on secondment or approved leave or remains on the same contract of employment, the 26-week rule does not apply. The legislation giving effect to the Scheme is the Public Service Pensions (Single Scheme and Other Provisions) Act 2012. For those who are not subject to the Single Public Service Pension Scheme (e.g. those transferring from other public service employment where the break in service, if any, is less than 26 weeks), the terms of the Health Information and Quality Authority Superannuation Scheme will apply. Annual Leave Annual leave is 27 days, rising to 30 days after 5 years’ service.

Hours of attendance Hours of attendance will be fixed from time to time but will amount to not less than 35 per week. The appointee may be required to work additional hours from time to time as may be reasonable and necessary for the proper performance of his or her duties subject to the limits set down under working time regulations.

Blended Working Arrangements HIQA has introduced blended working to offer more flexible working arrangements to all employees. We aim to strike a balance between being flexible, efficient, and resilient by facilitating blended working where practical, while enabling onsite interaction, collaboration, and support as required. All roles in HIQA have been assessed under the criteria of business needs and role suitability for blended working. This determined the proportion of time that employees will spend working in HIQA offices and working from home, depending on their role. Depending on the role, there may be a requirement to attend the office for more than the allocated number of days for training and on boarding purposes at the start of your employment and during the probation period. A review of our blended working model confirmed that this model is working well in HIQA therefore we are now moving from Interim Blended Working to a long term Blended Working Model. Our existing policy and documentation will be revised and updated once the framework for the Work-Life Balance and Miscellaneous Provisions Act is published. Our model is in line with the Civil Service Framework for Blended Working in Ireland. Further guidance on HIQA’s Blended Working Policy, which includes eligibility criteria will be issued to successful candidates. This is an opt-in policy and details on how you can apply will be issued to you before you start