Page 1 of 2

Position Description Form

Document Name Position Description

Document Number QMF207

Job Title Group IT Manager

Department IT

Reports to Chief Financial Officer (CFO)

Employment Status Full-time x Part-time Temporary Trainee

Hours worked 40 hours per week Pay period Monthly

Date Reviewed October 2024 Reviewed by LJM

Purpose of position: This is a standalone IT role to ensure a robust and high performing IT infrastructure is in place, to support the delivery of business objectives and ensure maximum efficiency. The IT Manager will be responsible for implementing the IT strategy across the Group and ensuring the correct processes and structure is in place.

Reports to: Chief Financial Officer (CFO)

Skills/Attributes required: • Hands-on approach and a versatile IT skill set, ready for strategic planning and daily operations

• The ability to communicate effectively with stakeholders, including senior management, to provide updates and recommendations

• Problem-Solving: Strong analytical and problem-solving abilities

Education/Experience required: • Extensive experience in system management and IT leadership roles

• Technical expertise in IT infrastructure and systems administration, with proficiency in networking and security

• Excellent ERP support experience • Proficiency in User Support, including Office 365, SharePoint

and Teams

Certificate/License required: N/A

Primary Responsibilities: • Identify, develop and implement IT strategies and improvement opportunities that align with the company's goals and objectives

• Identify gaps in IT across the Group and implement processes to overcome these

• Manage and monitor controlled access to the company's network and associated systems

Page 2 of 2

• Evaluate potential IT investments and identify areas of organisational growth

• Roll out training and educate employees across the Group on system use

• Manage user’s rights on local infrastructure & access control • Deliver comprehensive 1st, 2nd, and 3rd line support to

internal users on business systems • Ensure robust cybersecurity measures are in place to

safeguard the business against potential threats • Responsible for ensuring the ERP system is fit for purpose

and meets internal stakeholder requirements • Accountable for facilitating software and hardware upgrades,

ensuring they are delivered successfully and within budgetary limits

• Work with other departments as and when necessary to support with the implementation of automation

• Manage the IT and telecoms budgets • Liaise with third party IT support provider to ensure the

Group is receiving the best service • Be the point of escalation for all technical issues • Set up IT equipment and systems for new team members and

ensure new employees have a detailed IT induction • Resolve other day to day issues as and when they arise

Performance Objectives: • Ensure the IT infrastructure is reliable and robust

Key Performance Indicators (KPIs):

TBC

This Job Description forms part of the contract of employment of the person appointed to this post. It reflects

the position at the present time only, and may be changed at the discretion of the management. As a general

term of employment the Company may affect any necessary changes in job content, or may require the post

holder to undertake other duties, at any location in the Company, provided that such changes are appropriate

to the employee's remuneration and status.

Director Authorisation

Name Date

Employee Signature Date

Job Title Identity & Access Management (IAM) Specialist

Department

Cyber Resilience Team

Reports to Cyber Resilience Manager

Grade

Grade 5

Purpose & Overview ­ The Identity & Access Management (IAM) Specialist in Wales & West Utilities (WWU)’s Cyber Resilience Team is responsible for designing, implementing and managing robust IAM strategies and solutions to safeguard WWU's information assets.

­ The role involves ensuring secure and efficient access to resources, mitigating insider threats and enhancing overall cyber resilience.

­ Reporting to the Cyber Resilience Manager, this role is instrumental in maintaining a secure and efficient access control environment within WWU. By implementing IAM strategies, ensuring compliance with policies and managing access to resources effectively, this role significantly contributes to WWU's cyber resilience.

­ Strong collaboration across the business (e.g. IT, HR) is essential for success in this role.

Key Responsibilities ­ Develop and implement a comprehensive IAM strategy aligned with WWU’s Cyber Security Strategy.

­ Design IAM architectures that support secure and efficient access controls across the business.

­ Establish and enforce access governance policies and procedures.

­ Conduct periodic access reviews and certifications to ensure compliance with security policies and regulatory requirements.

­ Design and implement processes for the entire identity lifecycle, including joiners, movers and leavers (JML).

­ Collaborate with HR and IT teams to automate and streamline identity provisioning and de-provisioning.

­ Implement and manage SSO solutions to enhance user experience and security across the business.

­ Deploy and oversee MFA mechanisms to strengthen authentication controls.

­ Implement and manage PAM solutions to control and monitor privileged access.

­ Enforce least privilege principles for privileged accounts and conduct regular audits.

­ Regularly review and update role assignments to reflect changes to WWU’s active directory.

­ Integrate IAM solutions with other cyber security and IT systems, such as identity sources, directories and applications.

­ Collaborate with the appropriate IT teams to ensure seamless user experiences across different systems.

­ Develop and enhance IAM-related incident response plans to address potential security incidents.

­ Collaborate with the incident response team to investigate and remediate IAM-related incidents.

­ Ensure IAM practices comply with relevant regulations, industry standards and internal policies.

­ Support internal and external audits related to IAM controls.

Technical Skills ­ Significant experience in a similar role, ideally some of which has been spent in a CNI environment.

Qualifications Essential: ­ Proven experience in IAM or related roles. ­ In-depth knowledge of IAM principles, technologies, and best

practices. ­ Familiarity with IAM frameworks and standards. ­ Strong analytical and problem-solving skills.

Desired: ­ Bachelor's or Master's degree in Cyber Security, Information

Technology or related field. ­ tbc ­ Other relevant cyber security certifications

Additional Information ­ Vetting

Job Title Incident Response Analyst

Department

Cyber Resilience Team

Reports to Cyber Threat Intelligence Expert

Grade

Grade 5

Purpose & Overview ­ This position plays a crucial part in enhancing WWU's cyber

resilience by providing actionable insights, informing decision-

making, and proactively contributing to mitigating potential

threats.

­ The Incident Response Analyst collaborates with various

teams, both internal and external, to ensure a comprehensive

understanding of the threat landscape and WWU’s response to

any incidents.

­ Often working within the security operations centre (SOC), the primary responsibility of an incident responder is to rapidly investigate and document cybersecurity incidents within an organization.

­ Once a possible incident has been identified, the incident responder is tasked to investigate events and mitigate potential impact.

­ As a member of the CSIRT, the incident responder works closely with the enterprise’s security organization to categorize and classify attack methods and intended payloads in support of an effort to build protection for further similar incidents.

Key Responsibilities ­ Monitor and analyse network traffic, system logs, and other data sources to identify potential security incidents.

­ Investigate alerts and suspicious activity to determine if an incident has occurred.

­ Contain affected systems and networks to prevent the incident from spreading.

­ Implement temporary measures to mitigate the impact of the incident.

­ Work with other teams, such as IT and security operations, to develop and implement a containment strategy.

­ Analyse incident data to determine the root cause of the incident and identify recommendations for improvement.

­ Document and report incidents to the incident response team and other relevant stakeholders.

­ Develop and implement security plans, policies, and training to prepare the organization to respond efficiently and effectively to cyber threats.

Technical Skills ­ Experience in a similar role, ideally some of which has been spent in a CNI environment.

Qualifications Essential: ­ Proven experience operating in a SOC or a related cyber

security role. ­ In-depth knowledge of cyber threats, threat intelligence

frameworks and cyber security best practice. ­ Strong analytical and problem-solving skills. ­ GIAC Certified Incident Handler

Desirable: ­ Bachelor’s or master’s degree in cyber security or related field. ­ Other relevant cyber security certifications

Additional Information ­ Vetting

A\\DvM. INISTRATION\23523223\v.1 1 Classification:

Job Title: Full-stack and Power Platform Developer Department: IT Solutions Team: Operations Reporting to: Senior IT Solutions Architect Contribution framework: Specialist

Your place in the team:

Responsible for designing, developing, testing, and deploying custom applications. You will work closely with other developers, business analysts, and stakeholders to deliver high-quality solutions that drive business value.

Your role:

The role holder will be primarily responsible for designing, developing, testing, supporting and deploying custom applications and workflows that leverage the Power Platform, and full-stack development tools to meet business needs.

The candidate will also ensure compliance with data governance policies and best practices. This includes ensuring that data is adequately secured, that there are clear data ownership and stewardship policies in place, and that data is appropriately documented and catalogued.

Integration with 3rd party systems is critical to building effective solutions. Therefore, you will need to work closely with other Solution team members to integrate with 3rd party systems and applications. This may include integrating with solutions such as iManage, InterAction, Aderant or cloud-based SaaS services.

You will also work closely with business analysts and stakeholders to understand their requirements and translate them into technical designs. Therefore, having strong business analysis skills will be essential for this role.

You will act as a subject matter expert (SME) for the Power Platform, full stack development tool set, and AI tools such as Azure AI. You will stay up to date with the latest features and functionality, working closely with Microsoft and other suppliers to understand platform roadmaps and license changes. This will enable you to provide guidance to the broader organisation on the best use of the Power Platform, full-stack development tools, and AI solutions to meet its business requirements.

JO B

D ES

C R

IP TI

O N

IT Solutions Technology & Operations

Chief Operating Officer

IT

Infrastructure & Security Service Desk Applications Team

A\\DvM. INISTRATION\23523223\v.1 2 Classification:

You will ensure adherence to best practices and secure coding guidance, maintaining a high standard of security and efficiency in all development activities. You will help the organisation leverage cutting-edge technologies to achieve its goals by keeping up with industry trends and advancements.

The role will sit within the IT Solutions team, which is often a conduit through which projects are delivered to the Firm; as such, strength in multiple IT disciplines and impeccable interpersonal skills are essential to support the delivery of a cohesive set of IT services.

In addition, there may be occasions when you will need to work outside of regular business hours to support solution go-live activities or to address critical incidents. This may include performing system upgrades, testing and deploying new features or resolving production issues. As such, flexibility in working hours and a willingness to work occasionally out of hours is essential for this role.

Assist with the creation of or updates to various policies and procedures regarding the client intake processes

What you’ll be doing:

• Develop and maintain custom solutions using Power Apps, Power Automate, Power BI, and full- stack development tools such as C#.

• Work with business analysts and stakeholders to gather functional and non-functional requirements and translate them into technical designs. A confident and assertive communicator, enabling confident interaction with partners, lawyers, and business services teams.

• Ensure compliance with data governance policies and best practices.

• Collaborate with other developers to integrate Power Platform solutions with other systems and applications.

• Collaborate with the Innovation team on client service delivery projects.

• Develop and maintain documentation for the solutions built by the team.

• Test and deploy solutions, ensuring they meet functional and non-functional requirements.

• Provide ongoing support and maintenance for solutions built.

• Ensure that the Firm's Data Architecture documentation remains current.

• Deliver a consistent and effective third-level technical support service to business customers and IT support teams.

What we need from you:

• A broad range of (current) technical IT skills is essential for this role, including (but not limited to) the following:

• Strong understanding of Power Apps, Power Automate, Power BI, and full stack development tools like C#.

• Familiarity with integrating with 3rd party systems and applications.

• Business analysis skills, including requirements gathering, process modelling, and documentation.

A\\DvM. INISTRATION\23523223\v.1 3 Classification:

• Experience with integrating with AI platforms like Azure AI and Microsoft Copilot.

• Experience with data modelling.

• Familiarity with Azure services, including Azure AI, Azure Functions and Logic Apps.

• Strong problem-solving and analytical skills.

• Excellent communication and collaboration skills.

• Must understand the development lifecycle, including design, delivery, testing and transition phases.

• Must keep abreast of technological advances, technology delivery and service innovation.

• Must be highly focused on the customer’s needs and maintain close attention to the quality and perception of the service being delivered.

• A strong communicator who can explain complex technical subject matter in a way that non- technical colleagues can understand within the firm.

What you’ll bring to the team:

At each stage of your career at Burges Salmon, expected behaviours are clearly set out in your Contribution Framework, these frameworks form the basis of your annual performance review and career aspiration conversations. This role falls under the “Specialist” framework, the main expectations are:

• Planning and Performance – emphasis on applying specialist know-how to support the firm and your department’s vision and strategy.

• Improvement and Innovation – use specialist insights to help optimise the firm’s performance

through its processes and people.

• Stakeholder support - understand the needs and expectations of the business, the individuals in it, and the commercial context in which they operate, ensuring their delivery is aligned with strategy.

• Collaboration – work with others both internally and externally, adding value through

specialist expertise to teams and projects to support delivery of key objectives and initiatives.

• Developing others – actively contribute to the development of our people, through knowledge sharing and demonstrating role modelling behaviours.

The duties listed in this job description may be subject to variation by the firm as necessary for

responsible business purposes.