IT Support & Security Specialist
Duncan and Todd · Kirkhill/ Aberdeen
Job Title: IT Support & Security Specialist
Reports To: CFO
Location: Aberdeen – Head Office / Hybrid working
Main Purpose of Role
The role of the IT Support & Security Specialist is pivotal in ensuring seamless IT operations, effective service delivery, and regulatory compliance.
Acting as a liaison between internal stakeholders and the outsourced IT team, the IT Support & Security Specialist oversees day-to-day helpdesk operations, coordinates resolution of technical issues, and ensures that IT services meet the needs of the organisation.
Additionally, the role plays a crucial part in safeguarding data privacy and information security, ensuring compliance with regulations such as GDPR and ISO 27001.
By providing strategic input, managing relationships with external service providers, and driving continuous improvement initiatives, the IT Support & Security Specialist contributes to the overall efficiency, security, and strategic alignment of IT within the business.
Core Responsibilities
Help Desk Support:
- Handle straightforward help desk queries from employees, ensuring timely and effective resolution.
- Act as a point of contact for internal staff seeking IT assistance.
- Provide guidance and support to users on IT-related issues and incidents.
Liaison with Outsourced IT Helpdesk:
- Establish and maintain a strong working relationship with the outsourced IT helpdesk provider.
- Collaborate with the outsourced team to ensure seamless communication and resolution of issues.
- Monitor and evaluate the performance of the outsourced helpdesk against service level agreements (SLAs), including monitoring of weekly and monthly usage.
- Collaborate on continuous improvement initiatives to enhance the efficiency and effectiveness of IT support services.
Quality Assurance:
- Conduct regular reviews of helpdesk performance, ensuring adherence to quality standards.
- Gather feedback from users and stakeholders to identify areas for improvement in IT support services.
Escalation Management:
- Manage the escalation of complex or critical issues to appropriate levels within the outsourced helpdesk or escalate to internal IT teams if necessary.
- Ensure that escalated issues are resolved promptly and in line with business priorities.
Strategic Input:
- Participate in strategic discussions related to IT within the business.
- Provide input on technology trends, innovations, and best practices that can positively impact the organisation.
- Contribute to the development of IT policies, procedures, and guidelines.
Training and Documentation:
- Develop and deliver training programs for end-users to enhance their IT literacy and reduce the frequency of common issues.
- Maintain and update documentation for IT processes, procedures, and user guides.
Budget Management:
- Assist in the development and management of the IT budget, ensuring cost-effectiveness in IT operations.
- Identify opportunities for cost savings or optimisation without compromising service quality.
- Review and approve invoices for third-party suppliers, ensuring best value of money is achieved.
Communication:
- Communicate IT policies, updates, and changes effectively to internal stakeholders.
- Act as a bridge between the outsourced helpdesk and the internal teams, facilitating clear communication and understanding.
Security & Compliance
GDPR Compliance:
- Ensure that IT systems and processes comply with GDPR regulations regarding the handling and protection of personal data.
- Collaborate with relevant stakeholders to implement data protection measures and procedures.
- Conduct regular audits and assessments to ensure ongoing compliance with GDPR requirements.
- Serve as a point of contact for data subjects regarding data privacy inquiries and requests.
- Work with the outsourced IT helpdesk to ensure that data handling practices align with GDPR guidelines.
Information Security:
- Develop and enforce information security policies, procedures, and controls in accordance with industry best practices and regulatory requirements.
- Conduct risk assessments and vulnerability scans to identify and mitigate potential security threats.
- Monitor security incidents and coordinate incident response efforts with internal teams and the outsourced helpdesk.
- Implement access controls, encryption, and other security measures to protect sensitive data.
- Stay updated on emerging security threats and technologies to proactively address security risks.
ISO 27001 Compliance:
- Work towards achieving and maintaining ISO 27001 certification for information security management.
- Implement and maintain the Information Security Management System (ISMS) based on ISO 27001 standards.
- Coordinate internal audits and reviews to assess compliance with ISO 27001 requirements.
- Provide guidance and support to ensure that the outsourced IT helpdesk complies with ISO 27001 standards.
- Continuously improve the ISMS through regular reviews and updates to address changing security threats and business requirements.
Training and Awareness:
- Coordinate training sessions and awareness programs to educate employees about GDPR compliance, information security best practices, and ISO 27001 requirements.
- Promote a culture of security awareness and accountability throughout the organisation.
- Provide guidance to employees on handling sensitive information securely and adhering to data protection policies.
Incident Management and Response:
- Establish incident response procedures for addressing security incidents, data breaches, and other security-related incidents.
- Lead incident response efforts, including investigation, containment, mitigation, and recovery.
- Ensure timely reporting of security incidents to relevant authorities and stakeholders as required by GDPR regulations.