AIMP Information Security Project Manager

The AIMP (Antarctic Infrastructure Modernisation Programme) Information Security Project Manager will ensure that the required standards of information security are upheld throughout the complete lifecycle for all AIMP projects. Some projects are delivering systems which are not just mission critical for Antarctic science, but life critical for BAS colleagues working at our Antarctic stations. It is therefore vital to safeguard all infrastructure and data against cyber threats, data breaches and unauthorised access. This role will report to the BAS Information Security Manager and work collaboratively with AIMP project teams, BAS IT, and information security professionals from partner organisations supporting those projects.

• Identify, record, assess and prioritise information security risks for AIMP projects. Conduct risk assessments to identify and mitigate potential security vulnerabilities.
• Provide information security recommendations to the AIMP project teams throughout all stages of the project lifecycle.
• Manage third-party risk through vendors, partners and suppliers for AIMP projects in line with BAS and UKRI policies. This will include due diligence activities throughout the project. Familiarity with the controls required to achieve Cyber Essentials is essential. Knowledge of the ISO27001 Information Security Management Systems standard is highly desirable.
• Share reported vulnerabilities for affected systems to AIMP project teams, suppliers and BAS IT, depending on the stage in the project lifecycle. Liaise with the respective technical team to ensure the patching of highly critical vulnerabilities is fully achieved in a timely fashion.
• Assess new systems being introduced by AIMP projects as part of the UKRI information security framework, as well as liaising with the UKRI Data Protection team for their impact assessments.
• Support the BAS Information Security Manager in responding to information security breaches or cyber security attacks.

• Bachelor’s degree in computer science, information technology, cyber security, and/or equivalent relevant experience.
• In-depth knowledge of the Cyber Essentials Plus certification.
• Experience of drawing up and managing IT/cyber security commercial contracts, including conducting formal reviews with service providers.
• Experience in identifying, assessing, and working effectively with technical teams to mitigate cyber security risks.
• Knowledge of security technologies, such as firewalls, intrusion detection/prevention systems, encryption and SIEM tools.
• Proficient in written and spoken English.
• Ability to effectively communicate security risks, policies and procedures to stakeholders at all levels.
• Ethical integrity to be trusted with a high level of confidential information.

• Knowledge of IT service management frameworks, such as ITIL. Hence ITIL v4 Foundation or equivalent.
• CISSP, CISM
• Experience in implementing/maintaining ISO 27001 or Cyber Essentials Plus certification.
• Ability to develop, document, implement and review security policies and procedures.
• Experience of estates or facilities management within medium to large organisations.

• 30 days annual leave plus bank holidays and 2.5 privilege days
• Civil Service pension (with 26% or more employer contribution, depending on your band)
• 24 hours/365 days access to employee assistance programme (including support with physical, mental, social, health and financial issues)
• Flexible and family friendly working opportunities
• Cycle to work scheme
• Access to discounted shopping on a range of retail, leisure, and lifestyle categories and much more

We will give full consideration to requests for flexible and part time working, such as reduced hours, compressed hours or job sharing. We also offer hybrid working and recognise the many benefits this brings. The nature of the role will determine if flexible and hybrid working options are possible.

The pay band minimum is the normal starting pay for those new to a role. In exceptional circumstances, when relevant skills and experience can be identified, a higher starting salary may be considered.

Different perspectives and collaborative working help us achieve our best work and come together to form a high performing team which makes positive changes in the business. That’s the power of every individual. Our cultural values are built on mutual respect, inclusion, commitment and excellence.

If you are looking for an opportunity to work with world class and amazing people in one of the most unique places in the world, then British Antarctic Survey could be for you.

If you require the job information in an alternative format (i.e. email, audio or video), or would like any further information or support, please do not hesitate to get in touch at jobs@bas.ac.uk or alternatively you can call us on 01223 221508.