Job Description

Purpose of the post:

We are looking for a strategic leader with deep technical expertise in operational cyber security management, and a clear understanding of how to apply it across a complex, multi-site organisation.

It is a dynamic and high impact role where you will provide expert advice to Senedd Members and Commission Staff on technical security requirements helping shape and deliver the Senedd ICT strategy.

Your work will directly support the integrity of our democratic processes by ensuring robust compliance and governance across the organisation.

You will lead on the design and delivery of a technical architecture that controls and mitigates our cyber security risk. Through this, you will ensure that we satisfy any related legal and regulatory responsibilities and deliver a compliant environment that can continue to evolve in line with the Senedd requirements.

Working closely with Senedd Members, Independent Advisors, auditors and senior managers you will define our cyber security strategy and continually assess the effectiveness of the Senedd's information security arrangements.

Reporting to the Head of Infrastructure and Operations, you will manage and coordinate the security controls and processes that underpin our information security framework, such as, vulnerability management and incident response.

Core responsibilities:

Security Architecture Design:

Develop and maintain the organisation's ICT security architecture, ensuring alignment with business objectives, regulatory requirements, and industry best practices.

Threat and Vulnerability Management:

Define and implement architectural standards for threat detection and vulnerability management, including automated scanning, penetration testing, and threat modelling.

Secure System Assurance:

Lead the technical assurance of new systems and services, embedding secure-by-design principles and conducting cyber risk assessments to ensure resilience and compliance.

Incident Response Architecture:

Architect and validate incident response capabilities, integrating them with monitoring and alerting systems to enable rapid and effective response to security incidents.

Technical Advisory and Communication:

Provide expert guidance to Senedd Members, Senior Officials, and technical teams on security architecture, translating complex concepts into clear, actionable advice for both technical and non-technical audiences.

Collaboration and Governance:

Work closely with the Governance and Assurance Service to embed security architecture into risk management processes and drive continuous improvement in technical assurance.

Security Awareness and Training:

Promote architectural security awareness across the organisation through policy development, technical training, and the integration of secure design principles into operational practices.

Standards and Compliance:

Establish and maintain security architecture standards aligned with frameworks such as ISO 27001, NIST, and Cyber Essentials Plus, ensuring consistent application across ICT systems.

Technical Problem Solving:

Lead the resolution of complex security architecture challenges, providing expert input on secure system design, integration, and remediation strategies.

Line Management Responsibilities:

The role includes direct line management of cyber security team members, fostering a collaborative and supportive environment. Responsibilities involve setting clear objectives, conducting regular one-to-ones, supporting professional development, and ensuring the team operates in line with organisational values and performance standards. Additionally, the post holder will be expected to mentor staff, oversee workload allocation, and provide guidance to ensure the effective delivery of security architecture functions across the organisation.

Job Specific criteria:

1.

Proven experience in designing and implementing security architecture within a large, multi-site organisation, with the ability to communicate complex technical concepts clearly to stakeholders at all levels--including translating architectural decisions into business-relevant language for non-technical audiences.

2.

Deep technical understanding of cyber security principles, threat landscapes, and mitigation strategies, with the ability to apply these effectively to the organisation's infrastructure, applications, and operational processes in alignment with strategic objectives.

3.

Demonstrable experience in leading end-to-end improvements to ICT security architecture, including the design, delivery, and integration of secure systems and services, as well as managing project lifecycles and ensuring smooth service transition into operational environments.

Job Type: Full-time

Pay: 47,254.00-56,632.00 per year

Benefits:

Canteen Company pension Cycle to work scheme Flexitime Free flu jabs Free parking On-site parking Paid volunteer time Sabbatical Sick pay Transport links Work from home
Work Location: Hybrid remote in Cardiff