Skip to content

Recruitment at the Northern Ireland Assembly

IT Security Officer Recruitment Opportunity

Candidate Information Booklet

Download as a PDF (18 pages, 437KB) ""

""

Assembly Grade: AG4

Salary:£69,032 – £71,083

Deadline: Completed Application Forms must be submitted no later than 12 noon (UK time) on Friday 12 December 2025.

Please retain a copy of this booklet for your reference throughout the selection process (you can download a PDF version of this booklet using the link above).

Foreword

Thank you for your interest in the position of IT Security Officer (‘ITSO’) (grade AG4) in the Northern Ireland Assembly (the Assembly).

The Assembly operates in a dynamic political and parliamentary environment. As a newly appointed ITSO, you will be provided with an excellent opportunity to make an important and valued contribution to the work of the Assembly at Parliament Buildings.

This is a challenging new post within the Information Systems (IS) Office.  The post holder will lead the Assembly’s Information Technology Cyber Security function. This is a critical role within the Assembly, reshaping and supporting the provision of digital services to ensure the Assembly’s position regarding Cyber Security and digital data is robustly managed. The successful delivery of digital services in a rapidly changing technical environment presents many strategic, operational and technical challenges to the post holder.

In turn, we offer a competitive salary and an excellent pension provision where you contribute 7.55% of salary and the Assembly Commission will contribute a further 34.25%.

We offer an annual leave allocation of 25 days, increasing by one day per year up to a maximum of 30 days. In addition, we offer 12 days of public and privilege holidays. We also offer a range of other employee benefits listed on the Recruitment website.

Please read the information provided in the candidate information booklet carefully and if you are interested in this exciting post, I would encourage you to submit your application.

Gareth McGrath, Director of Parliamentary Services.
Gareth McGrath, Director of Parliamentary Services

About Us

The Assembly is at the heart of political and public life as the democratically elected parliament that represents the interests of Northern Ireland and its people.

Established as a key element of the Belfast (Good Friday) Agreement, the Assembly comprises 90 Members of the Legislative Assembly (MLA) and makes laws, scrutinises the work of the Executive and represents the views of the public. It is the prime source of authority in respect of all devolved responsibilities.

The Assembly Commission enables the successful operation of the Assembly by providing the staff, services and facilities which are needed to support parliamentary business. The Assembly Commission is a body corporate, comprising the Speaker and five MLAs. The Assembly Commission delegates the day-to-day running of the Assembly to the Clerk/Chief Executive and the Senior Leadership Team (SLT).

The priorities of the Assembly Commission, as set out in its Corporate Strategy 2023 – 2028, are that:

  • The Assembly will be empowered to achieve its full potential.
  • The public will understand and value the role of the Assembly and be engaged in its work.
  • Our staff will be a motivated, resilient and expert team.
  • Our systems and facilities will be modern, secure and efficient.

The Assembly Commission is a high-achieving and professional organisation, providing impartial support to the Assembly and MLAs.

The Assembly Commission has approximately 400 staff and an annual budget of £67m and is independent of the Executive and the Civil Service. The organisational structure is illustrated on the recruitment website.

Contents

About the Role

The ITSO is a highly skilled and specialised role responsible for developing, implementing and maintaining the Northern Ireland Assembly Commission’s (the Assembly Commission’s) information security policies and procedures in order to ensure information security and compliance with legislation and best practice.

The ITSO will endeavour to ensure the confidentiality, integrity and availability of all data and information systems, by protecting them from external all threats. The ITSO will collaborate with Information Systems (IS) Office teams and the Data Protection and Governance Officer to align security practices with regulatory requirements and business objectives. They will take a lead role in safeguarding the Assembly Commission’s information assets and ensuring a proactive stance against evolving Cyber Security threats. The ITSO will have a key role in strengthening the Assembly Commission’s defences and fostering a security-conscious culture across all business areas.

The ITSO will take a proactive, solution-focused approach to identifying security risks and to managing incident responses. The ITSO will lead in the development and delivery of information security awareness training to staff across the business. The ITSO will monitor and improve security controls, conduct risk assessments and will collaborate with cross-functional teams to maintain a secure IT infrastructure.

This is a key role in the organisation and the postholder will have significant influence on discussion and decision-making relating to IS matters. The post will frequently have a “challenge” role in respect of the operational plans of other Assembly business areas and/or directorates and this will require excellent communication skills and a degree of assertiveness when required.

The structure of the IS Office may be subject to review as technological trends change.

The Person

You will have worked effectively within a team and have the ability to communicate clearly and effectively as you carry out your new and important role. You will bring a positive attitude, which will encourage a likeminded attitude from other colleagues when delivering services.

You must be willing and keen to adopt a customer facing focus, as you engage with a wide range of colleagues within business areas of the Assembly Commission. Collaboration with a range of stakeholders, including MLAs and colleagues, will be imperative in this role.

Delivering excellent services with confidence and integrity will be critical to ensuring success with positive outcomes for the Assembly, the Assembly Commission, MLAs and staff.

Core Responsibilities

The main duties and responsibilities of the post are to:

Strategic

    • Lead alongside the Head of IT to develop and implement the Assembly Commission’s IT vision, strategy and accompanying action plan through a robust programme and project management framework, in line with best practice.
    • Support the continuing digital transformation of Assembly and Assembly Commission business.
    • Identify future challenges in the IT landscape and develop relevant mitigation strategies.
    • Research and evaluate existing and emerging technologies, products and services, particularly cloud computing.
    • Identify potential areas of improvement and support new ways of working.
    • Provide strategic and authoritative technical advice to the Head of IT and the SLT and the on matters relating to Assembly Commission systems, applications and processes.
    • Represent the Assembly at external forums and events, building and maintaining effective and constructive external relationships.

Operational

  • Developing and Leading staff
    • Lead and develop staff and teams to build a high performing team that is focused on delivering excellence in all aspects of service delivery.
    • Promote a culture of learning and innovation with a strong customer ethos.
  • Information Security Management
    • Lead, develop, implement and monitor a comprehensive technical information security programme, including all related policies, standards and guidelines to protect information assets, especially where changes have been made.
    • Provide professional expertise and advice to the Commission, SLT, senior managers and the Data Protection and Governance Officer to ensure that information security adheres to data protection and information security standards, including ISO 27001, NIST and GDPR (as applicable).
    • Lead and define information security best practices and align them with organisational goals and compliance requirements.
    • Implement IT security controls to systems and lead alongside the Head of IT in ensuring that all team members adhere to the controls.
  • Risk Assessment and Incident Response
    • Conduct regular risk assessments to identify information security vulnerabilities and develop strategies for risk mitigation with the Data Protection and Governance Officer.
    • Take the lead, assess risks, interpret complex data and make informed decisions on information security measures, providing advice to the Head of IT and the SLT.
    • Provide professional expertise and advice to the Data Protection and Governance Officer when managing and responding to information security incidents and breaches from a technical perspective, coordinating with internal stakeholders and external authorities as needed.
    • Lead IS Office teams to conduct root-cause analyses of incidents and develop plans to prevent recurrence.
    • Lead and implement solutions, with IS Office teams, to security challenges and adapt quickly and professionally to new threats.
    • Document best practice policies in relation to Incident Management and response.
  • Security Operations
    • Lead the team supporting the daily operations of security systems, such as firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint protection and Security Information and Event Management (SIEM).
    • Lead and provide expertise on reviewing and analysing security alerts and logs for signs of actual and potential vulnerabilities, threats or breaches.
    • Lead and coordinate with IS Office teams to ensure secure system configurations, vulnerability patching and software updates.
    • Lead and support the secure adoption of new technologies from the Microsoft technology stack.
    • Lead and manage the team conducting assessments across all new technical/information-related projects preparing and presenting updates and security risks to the Head of IT and all stakeholders.
    • Provide technical security advice and information to ensure internally developed Assembly information systems and new technologies are secure by design, including ongoing system changes.
  • Compliance and Regulatory Alignment
    • Manage and monitor compliance with relevant regulations and industry standards, such as GDPR, HIPAA, PCI-DSS and SOX.
    • Lead and prepare for internal and external IT security audits, documenting compliance status and remediation efforts.
    • Manage and maintain detailed records of compliance activity and conduct annual security assessments to update policies as needed.
  • Security Awareness and Training
    • Lead Cyber Security incident response efforts, coordinating with Heads of Business as appropriate.
  • Supplier and Third-Party Management
    • Assess and manage security risks associated with third-party suppliers, including reviewing security documentation, conducting periodic audits and mitigating risk through appropriate controls.
    • Contribute to the development of specifications for the procurement of IT-enabled business solutions and provide advice on security aspects.
    • Lead, in an IS Office representational role, in discussions with potential contractors and suppliers within the specialism.
  • Documentation and Reporting
    • Develop and maintain detailed documentation on security policies, procedures and incidents for regulatory and internal auditing purposes.
    • Lead the team to ensure effective proactive technical monitoring of system logs.
    • Create regular reports for the Head of IT and the SLT on the state of the Assembly Commission’s Cyber Security posture, risk management and incidents.
    • Be competent in monitoring security controls, reviewing logs and creating thorough documentation for audits and compliance.

General

    • Comply with all of the Assembly Commission’s staff policies and procedures including Equal Opportunities and Dignity at Work policies and procedures and all mandatory training requirements.
    • Manage information and records in accordance with established policies and statutory requirements.
    • Carry out other duties that the Assembly Commission reasonably requires of you.

Essential Criteria

Applicants for the post of ITSO must, by the closing date for applications:

APPLICATION ROUTE 1

Possess at least a Bachelor’s (or higher) Degree in Computing or other discipline relevant to Information Systems/Information Technology, Cyber Security or Network Administration*.

PLUS

Have a minimum of 3 years’ experience in each of the areas (a) and (b) described below:

(a) Working across a multi-discipline technology stack such as, but not limited to the following:

  • Cloud environments (AZURE/AWS);
  • Firewalls (On premise/Cloud services);
  • Intrusion Detection/Prevention Systems;
  • SIEM tools;
  • Data Loss Prevention (DLP);
  • Endpoint Management;
  • Networking, Protocols and Vulnerability Management;
  • Encryption and Identity Management; 
  • Policy creation; and
  • Developing and delivering Cyber Security related training.

(b) Working in roles such as, but not limited to the following:

  • Security Operations;
  • Incident Response and Investigation;
  • Risk Management and/or Network Security and Architecture; and
  • Having working knowledge/experience of information security management systems (ISMS).

AND

Possess a professional certification that aligns with the responsibilities of the role such as Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP).

*NB only those courses with a computing content of 50% or more will be considered and applicants must give full details on the application form of how the content of the course meets this requirement.

OR

APPLICATION ROUTE 2

Have at least 6 years’ experience working in a Cyber Security role, demonstrating progressive experience in technical and operational aspects of Cyber Security.

PLUS

Have a minimum of 3 years’ experience in each of the areas (a) and (b) described below:

(a) Working across a multi-discipline technology stack such as, but not limited to the following:

  • Cloud environments (AZURE/AWS);
  • Firewalls (On premise/Cloud services);
  • Intrusion Detection/Prevention Systems;
  • SIEM tools;
  • Data Loss Prevention (DLP);
  • Endpoint Management;
  • Networking, Protocols and Vulnerability Management;
  • Encryption and Identity Management; 
  • Policy creation; and
  • Developing and delivering Cyber Security related training.

(b) Working in roles such as, but not limited to the following:

  • Security Operations;
  • Incident Response and Investigation;
  • Risk Management and/or Network Security and Architecture; and
  • Having working knowledge/experience of information security management systems (ISMS)

AND

Possess a professional certification that aligns with the responsibilities of the role such as Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP).

Assembly Skills and Behaviours

The following Assembly Skills and Behaviours will be assessed during the selection process:

Delivering a quality service

…is about providing a high-quality and efficient service to our customers. It is thinking ahead, managing resources effectively and delivering work on time and to a high standard. It is also using professional or technical expertise to enhance service delivery.

Building relationships and effective communication

…is creating and maintaining positive, professional and respectful internal and external working relationships through effective and appropriate communications.

Initiating improvement and delivering change

…is looking for and being open to new and innovative ideas and improvements to the service provided. It is being flexible and adapting positively and professionally to sustain performance when the situation changes, workloads increase or priorities change. It is about forming sound, evidence-based decisions and being accountable for results.

Managing and leading self and others

… is setting high standards for ourselves. It is about guiding, motivating and developing others to achieve high performance. It is about engaging others in delivering a corporate vision of excellence, expertise and innovation in support of the Assembly as a legislature.

Equal Opportunities Statement

The Assembly Commission is committed to equality of opportunity in employment and welcomes applications from all suitably qualified applicants irrespective of religious belief, political opinion, race, age, gender, disability, marital status, sexual orientation or people with dependents or without. All applications for employment will be considered on the basis of merit.

Location

The successful applicant will be based in Parliament Buildings, Belfast. Access to a form of transport is necessary as travel to MLA constituency offices located throughout Northern Ireland may be required from time to time.

The Assembly Commission operates a Hybrid Working Policy and the balance between working in Parliament Buildings and working at home will depend on business and service need.

On occasion, to support professional development and the Assembly’s Cyber Security needs, you will be expected to travel to attend events, conferences etc., in order to keep pace with developments.

Completing the form

Only the information presented in the application form will be considered by the selection panel. CVs or other supplementary material will not be accepted in place of, or in addition to, completed application forms. Completed online forms must be submitted by 12 noon (UK time) on Friday 12 December 2025.

Launch the application portal and complete the application form.

Application forms submitted after the closing time and date will not be accepted.

Recruitment and Selection Framework

There are five elements within the Recruitment and Selection Framework:

Experience – the knowledge or mastery of an activity or subject gained through involvement in or exposure to it.

Ability – the aptitude or potential to perform to the required standard.

Technical – the demonstration of specific professional skills, knowledge or qualifications.

Assembly Skills and Behaviours – the actions and activities that people do which result in effective performance in a job.

Strengths – the things we do regularly, do well and that motivate us.

The elements that will be assessed for this role are Experience, Ability, Technical, Assembly Skills and Behaviours and Strengths and the selection method(s) that will be used are detailed below. Further information on the Recruitment and Selection Framework are included in the Guidance on Recruitment and Selection for Applicants.

Stages of the Selection Process

Eligibility Sift

The essential criteria reflect the experience and knowledge that an applicant must possess in order to be able to undertake the role. An eligibility sift will be carried out on the basis of the information contained in the essential criteria section of the application form. You must therefore demonstrate clearly in your form how, and to what extent, you meet the essential criteria for the post.

Interview Stage

Applicants invited to interview will be assessed using the Essential Criteria, Strengths and Assembly Skills and Behaviours as outlined above.

Interviews are planned for: 15 January 2026

Further Interview Stage

The Selection Panel reserves the right to hold a further interview stage if deemed necessary. 

Disability Confident

The Assembly Commission is a Disability Confident Committed Employer and for our recruitment, we have committed to:

  • ensuring our recruitment process is inclusive and accessible;
  • communicating and promoting vacancies;
  • offering an interview to disabled people who meet the essential criteria for the job (the Guaranteed Interview Scheme); and
  • anticipating and providing reasonable adjustments as required.

The Guaranteed Interview Scheme (GIS) supports applicants with disabilities or those with a long-term impairment or health condition, that is expected to last for at least 12 months by offering an interview to disabled people who meet the essential criteria for the job. If you are applying under GIS it is therefore important that you include all relevant information in your application form. You should refer to the Guidance on Recruitment and Selection for Applicants for more information.

If an assessment or test is used as a shortlisting tool, then applicants applying under GIS will not be required to complete the assessment or test and will be offered a guaranteed interview, provided that they demonstrate in their application form that they meet the essential criteria for the role.

In instances where an assessment or test forms part of the selection process and is not a shortlisting tool, then all applicants must meet the minimum standard required for that assessment or test, including those applying under GIS.

As shortlisting is not part of this recruitment competition GIS does not apply. However, if you require adjustments to enable you to participate in any part of the selection process, please indicate this on the application form or contact us at [email protected].  Please note that you will be required to provide written confirmation of your disability or long-term health condition from a general practitioner or an appropriate specialist, by the closing date for applications.

You can get advice or assistance with making an application from your local Jobs and Benefits Office – contact details are available on nidirect:

Find contact details for your local Jobs and Benefits Office.

Key Employee Benefits

We offer a competitive salary, excellent pension provision and generous annual leave allowance.

We also offer a range of non-salary benefits which include hybrid working; supportive family friendly policies; flexi-time; health and wellbeing initiatives including an Employee Assistance Programme; supported learning and development; Cycle to Work Scheme; Payroll Giving; and volunteering opportunities.

The successful applicant will be given suitable training, including formal specialised courses as necessary.

View further details of our employee benefits.

Terms and Conditions of Appointment

This is a permanent appointment. The successful candidate will be an employee of the Assembly Commission. All appointments are subject to the satisfactory completion of pre-appointment enquiries which include an Access NI basic check and the satisfactory completion of a six-month probationary period.

The standard working week is 37 hours, (excluding meal breaks). Working hours will be dictated by the mode of operation of the Assembly and will occasionally involve work into the evening and very occasionally at weekends and on public holidays.

The taking of annual leave will be influenced by the parliamentary timetable or a Cyber Security Incident.

Equality Monitoring

Under Fair Employment legislation, we are required to monitor the community background and gender of those applying for jobs. You must therefore complete the equal opportunities monitoring section of the application form when applying for the post.

Merit List

The merit list of applicants deemed to be appointable will normally remain “live” for 18 months from the date it is signed and may be used to fill any further permanent or fixed term opportunities for the same post.

Communication during the recruitment process

The Assembly Recruitment Team will issue most communication electronically. You should therefore regularly check your email account to make sure you do not miss any important communication. Please note, sometimes the Recruitment Team emails are automatically filtered as spam by email providers.

Further Information

If you require more information on the recruitment process, please contact the Assembly Recruitment Team on 02890 521741 or email us at [email protected].

Further information about the Assembly can be obtained on the Northern Ireland Assembly website.

The Candidate Information Booklet does not constitute any term or condition of employment.