The principal responsibility of the role is to ensure that Devon & Cornwall Police (DCP) and Dorset Polices’ (DP) Chief Constables ensure they discharge their statutory duties under legislation plus national and local standards.  

Required to provide advice and guidance to both Forces on all aspects of Information Security, ensuring that the Force is consistent and compliant with national and local requirements.

The Alliance Information Security Manager is required to deliver compliance to the Force’s Information Assurance Strategic position. In particular to:

• Ensure that all new IT systems are subject to a formal review in accordance with Information Assurance Standards, incorporating the conduct of technical risk assessments, risk treatment activity and vulnerability testing to provide assurances that systems have adequate technical, physical, procedural and personnel security management measures applied to protect police data.
• Hold responsibility for the development and maintenance of appropriate policies, procedures and guidance in relation to Information Assurance.
• Contribute towards both Forces’ Information Security Management System (ISMS) and ensure continuous alignment to the required standards and business needs.
• Be responsible for the Alliance Data Breach process, and as such would work with key colleagues to develop and implement security awareness training and supporting material to promote information security.
• Report on relevant trends of Data Breaches to appropriate Boards and Groups, both internally and nationally.
• Identify risk, detailing mitigating factors as needed and putting these into practice. This role is required to manage and mitigate any non-compliance and resolve or escalate as necessary.
• Undertake physical security surveys of police and non-police premises and produce relevant reports including observations and recommendations.
• Identify and communicate to information risk owners, senior managers and other stakeholders on the causes, likelihood and potential business impacts of information risks.
• Working in conjunction with the Data Protection Manager (DPO) and Records Manager to review all Data Protection Impact Assessments (DPIAs) for new products, initiatives and systems to ensure they are compliant.
• Managing the day-to-day activities and staff within the Alliance Information Assurance Team
• Undertake local, regional and national responsibilities as required.

This list of duties is not restrictive or exhaustive and the post-holder may be required to carry out duties from time to time that are either commensurate with/or lower than the grade of the post. In some posts this might include the ad-hoc provision of guidance and informal training of new colleagues.