IT Security Administrator

Role Purpose The purpose of this role within the relevant business unit and for HIQA as a whole: HIQA is migrating services from on-premises systems to cloud based technologies, including Microsoft Azure, and is currently in a period of transition in which they are operating a hybrid model with both cloud and on-premises based systems in use. This role is of the IT Security Administrator is part of the Information Governance and Assurance team within the Information Division. The IT Security Administrator will support security activities within the team by ensuring that a range of critical IT security tasks are carried out both routinely and in projects as required to ensure the continuing security of all IT systems with HIQA under guidance from senior engineers within the team. They will also assist with the monitoring and reporting of information security compliance within HIQA covering areas such as user access, security monitoring systems, adherence to security policies and compliance with security directives. They will also be engaged in activities including staff awareness and the management of user security training, security audits and reviews and followup to ensure issues are addressed. This role requires a confident, solutions focused individual with a strong security cyber focus, operational background and good communication and inter-personal skills.

Behavioural Expectations The way that HIQA people are expected to work to role model HIQA values: The incumbent of this role is expected to demonstrate HIQA’s values in the delivery of every day work and interactions with clients and colleagues, by putting people first, being fair and objective, being open and accountable, demonstrating excellence and innovation and working together.

Common Tasks Team Member

• Seek clarity on the tasks associated with own role
• Complete tasks in compliance with policies and procedures
• Adhere to relevant legislation, standards and internal audits
• Fulfil any mandatory or professional competency requirements
• Maintain confidentiality and a professional approach
• Raise any concerns in relation to workplace health and safety
• Actively identify learning needs and development opportunities
• Actively contribute as a team member
• Follow direction and take on new and different tasks
• Set and achieve performance goals that contribute to HIQA strategy
• Regularly seek feedback to meet performance expectations and goals

Role Specific Tasks

The key tasks and activities associated with the role: The key activities associated with this role are:

• Cyber security governance; implementing and policies, processes, concepts, and maintenance are incorporated into systems, software, and hardware platforms in accordance with approved internal standards
• Carry out user access control reviews for all systems and ensure Joiner Mover Leaver processes are followed.
• Providing technical security input to projects along with implementation support to Infrastructure teams.
• Develop and maintain suitable controls around identity access and network access control to secure and support future technology implementations.
• Support the delivery of cyber security training and staff awareness activities.
• Support activities related to security incident management and reported threats to the network.
• Implementation and management of Microsoft Azure security and governance controls including Entra and Purview.
• Management of documentation related to security activities and governance.
• Support investigations related to the suitability of user applications in the network based on security criteria.
• Support activities related to supplier security management including supplier adherence to security policies and NIS2 etc.
• Support internal audit activities related to cyber security.

The content of any role description are not exhaustive and are intended to be indicative of the scope of the role Qualifications The qualifications that are essential to effectively meet the requirements of the role: In determining your eligibility the following are the essential qualifications that will be assessed as part of the shortlisting stage of the selection process.

• Degree qualification (minimum Level 7 on the National Framework of Qualifications or equivalent) in Computer Science, Information Technology or related discipline deemed relevant by the Authority for the post as advertised.

The qualifications that are desirable to effectively meet the requirements of the role:

• Microsoft 365 Fundamentals
• Microsoft Certified; Azure Fundamentals
• Cybersecurity certifications

Experience The experience that is essential to effectively meet the requirements of the role: In determining your eligibility the following are the essential knowledge and experience that will be assessed as part of the shortlisting stage of the selection process.

• Minimum of 3 years direct experience in managing and delivering of various business requirements covering all stages of development and delivery, of which a minimum of 2 years includes working in delivery of information governance.

Other knowledge and experience that are deemed necessary for the role.

• Good understanding of information and data governance.
• Demonstrate strong analytical thinking with the ability to see the ‘bigger picture’.
• Ability to apply critical thinking and to work independently or as part of a multi-disciplinary team.
• Proven experience in the delivery of information governance related documentation on projects. Coaching and mentoring skills.
• Leadership and project management skills demonstrated in a complex environment.
• Excellent ICT skills in all Microsoft tools, such as Project, Visio, Word, Excel, PowerPoint, Teams and Outlook.
• GDPR knowledge and experience, including the implementation and maintenance of policies, frameworks and ongoing activities to maintain compliance.
• Working knowledge of SharePoint and document management, including how to address challenges associated with GDPR, data classification and information security management.
• Working knowledge of information security management in a framework such as ISO27001 or equivalent standard.
• Process mapping skills.

Principal Conditions of Service Probation A probationary period of six months applies to this position.

Pay Candidates will be appointed on the minimum point of the salary scale

(€58,264) and in accordance with the Department of Finance guidelines. The rate of remuneration will not be subject to negotiation. The incremental progression for this scale is in line with Government pay policy. The salary scale for this position is as follows: Higher Executive Officer (PPC) €58,264 €59,967 €61,668 €63,366 €65,072 €66,769 €68,472 €70,928¹ €73,378² 1. After 3 years’ satisfactory service at the maximum 2. After 6 years’ satisfactory service at the maximum Entry will be at the first point of the scale. An exception may occur where an appointee has been serving elsewhere in the public service in an analogous grade and pay-scale. In this case the appointment may be assimilated to the nearest point of the advertised salary scale with their incremental date adjusted accordingly. Please note the rate of remuneration may be adjusted from time to time in line with Government pay policy.

Superannuation Pensionable public servants (new joiners) recruited on or after 1 January 2013 will be members of the Single Public Service Pension Scheme. Please note that the Single Public Service Pension Scheme applies to all pensionable first-time entrants to the public service, as well as to former public servants returning to the public service after a break of more than 26 weeks. In certain circumstances, for example, where the public servant was on secondment or approved leave or remains on the same contract of employment, the 26-week rule does not apply. The legislation giving effect to the Scheme is the Public Service Pensions (Single Scheme and Other Provisions) Act 2012. For those who are not subject to the Single Public Service Pension Scheme (e.g. those transferring from other public service employment where the break in service, if any, is less than 26 weeks), the terms of the Health Information and Quality Authority Superannuation Scheme will apply.