Deputy Head of Information Security - Cherwell, Oxfordshire, United Kingdom - University of Birmingham

Description

Deputy Head of Information Security - IT Services Grade 9 University of Birmingham

View company page

Location: University of Birmingham, Edgbaston, Birmingham UK

Full time starting salary is normally in the range £56,021 to £64,914 with potential progression once in post to £84,644

Grade: 9

Full Time, Permanent

UK travel may be required for this role

Our offer to you

People are at the heart of what we are and do.

The University of Birmingham is proud to have been a part of the City of Birmingham and the wider region for over 100 years, andweare equally proud to be recognised as a leading global university.We want to attract talented people from across the city and beyond, support them to succeed, and celebrate their success.

We are committed to helping the people who work here todevelopthrough our sector-leading Birmingham Professional programmewhichprovides allprofessionalservices staff with development opportunities and the encouragement to reach their full potential.With almost 5,000professionalservices jobs in a wide-range of functionsin Edgbaston andin our campus inDubai, there are plenty of opportunities foryou to be able to develop yourcareer at the University.

We believe there is no such thing as a typical member of staff and that diversity is a source of strength that underpins the exchange of ideas, innovation, and debate.We warmly welcome people from all backgrounds and are committed to fostering an inclusive environment where diversity is at the heart of who and what we are,and how we work.

Supporting our people to achieve a healthy work/life balance is important both to our employees andtothe success of the University and, depending on the role, we offer avarietyof flexible working arrangements. We therefore welcome discussions on all forms of flexible working.In addition, you will receive a generous package of benefits including 40 dayspaid holidaya year, one paid day a year for volunteering, occupational sick pay, and a pension scheme. We also have three high quality subsidised day nurseries.

The University is situated in leafy Edgbaston and there are excellent transport links to our beautiful campus, including main bus routes and a train station on site.On campus we have a state-of-the-art sports centre with pool, shops,places to eat and drink,our own art gallery, museum and botanical gardens.

Over the next decade, our aspiration is to establish Birmingham in the top 50 of the world's leading universities. That's a pretty big aspiration, and high-quality digital services and infrastructure are crucial to achieving it. In recognition of that, our Digital Strategy combined with significant investments in technology mean this is an exciting time to join IT Services, 'making IT happen' at the University of Birmingham.

We want to attract outstanding, inspirational, and talented people, support them to succeed, and celebrate their success. It's our role to ensure that our community has access to accessible, responsive, resilient, and secure systems and support. What we do enables our students, staff, researchers, visitors and partners to confidently and creatively use digital services, technology and data for the benefit of their learning, teaching, research or work.

The culture of IT Services is one of innovation, collaboration, excellence, and inclusivity, and we apply the principles of customer focus and continuous improvement to everything we do. We have an active People and Culture network, Equality, Diversity and Inclusion and Women in IT group, bi-annual making IT happen awards recognition programme, and a superb Social Committee which arranges regular activities and events.

Role Summary

The Deputy Head of Information Security is a key leadership position within the IT Services department. This role is responsible for supporting the Head of Information Security in developing, implementing, and managing the University's information security strategy; drives the University's information security posture using a risk-based approach; and takes a comprehensive approach to information security.

The Deputy Head of Information Security will collaborate with various departments across the University, managing the information and technology risk to the University's IT facilities and information from internal and external threats; advises the University at a strategic level on existing and emerging threats; and develops the necessary IT security policies, standards, and procedures.

Main Duties

The responsibilities of the Deputy Head of Information Security include:

• Strategic Planning : Taking a lead role in supporting the Head of Information Security in developing and executing the University's information security strategy, policies, and procedures. This role will set the direction for the operational implementation of security architecture across the University.
• Risk Management : Identify, assess, and manage information security risks. Implement measures to mitigate risks and ensure compliance with relevant regulations, acting as an escalation point for the Information Security Team where a high level of complexity is identified. This role will work with the Head of Information Security to identify IT security risks based on changes to the external environment, setting the long term operational direction to ensure the University is prepared for future security threats.
• Security Architecture : Contribute to the design and implementation of secure systems and architectures, considering emerging threats and technological advancements. This role will provide a very high level of technical expertise in testing the market for new security solutions and evaluating their benefits to the University, working within the framework set out in the Digital Strategy.
• Incident Response : Lead and coordinate incident response efforts, working closely with IT and other departments to minimize the impact of security incidents.
• Training and Awareness : Assist with the development and delivery of information security training programs for university staff, promoting a culture of security awareness.
• Collaboration : Work directly with academic and professional services functions to facilitate risk assessment and risk management processes as well as raise awareness of risk management concerns. This role will be required to advise senior colleagues on any IT security risks relevant to their section and influence the teams to ensure risks are mitigated.
• Compliance : Ensure the IT Information Security operation is compliant with relevant laws, regulations, and standards related to information security in the academic environment
• Vendor Management : Evaluate and manage security aspects of third-party vendors and service providers to ensure the protection of university data.
• Communication : Represent the University externally as an authoritative voice in the area of information and cyber security and governance.
• Planning : Assist with overall technology planning, providing a current knowledge and future vision of technology and systems.
• Governance : Play a key role in supporting the development, maintenance and enhancement of the University's information security management framework and all related policies and processes. This role will be responsible for the policies and standards related to the operation of IT security.
• Actively manages equality, diversity and inclusion through monitoring and evaluation and actively challenging unacceptable behaviour.
• Supports the University's sustainability agenda through resource efficient working.
• Any other duties commensurate with the grade.

Required Knowledge, Skills, Qualifications, Experience

• Postgraduate degree, Masters or PHD, in Business, Information Security or Computer Science.
• Substantial experience as an information security professional – especially in the area of information security strategy, governance, information security policy creation and maintenance and information security monitoring and compliance.
• Formal certification (CISSP or CISM) and formal training in information security standards and best practice (e.g.: ISO 27001/2, COBIT). This will include experience implementing and/or maintaining formal best practice information security compliance or certification (e.g. ISO 27001/2, COBIT).
• A proven track record of creating and maintaining an information security service and developing, maintaining, implementing, and enforcing information security policy in a large institution or organisation. Experience in having dealt successfully with information security incidents.
• Experience of evaluating, creating, managing, and providing information security training.
• Demonstrated ability to operate within a secure environment on sensitive data, data request and information security incidents against strict information security policies.
• Up to date knowledge of key information security technologies including encryption, vulnerability and penetration testing, compliance checking, anti-virus, firewall, other perimeter security and intrusion detection technologies as well as risk management systems, asset management and security event and incident management and monitoring.
• Demonstrated ability and experience in establishing, tracking, measuring, and weighing information security risk.
• Demonstrated ability to build relationships at different levels of the organisation including the capability of working with and earning the respect of senior customer stakeholders.
• Able to articulate and agree a clear vision for information security strategy.
• Excellent presentation skills and the ability to create persuasive and accessible presentations to nonspecialist staff at many levels of the organisation.
• Experience of building and managing teams, including senior level responsibility for HR and financial management at divisional level.
• Experience of working with information security suppliers, both in procurement and delivery of services.
• In depth knowledge and experience with key national and international information security and digital data standards, legislation and guidance relevant to the academic and research sectors including: The Freedom of Information Act, The Data Protection Acts, The General Data Protection Regulation, The Regulation of Investigatory Powers Act, The Human Rights Act, The Privacy and Electronic Communications (EU Directive) Regulations and including recent UK and EU legislation such as the Data Retention and Investigatory Powers Act 2014 and the Counter-Terrorism and Security Act 2015.
• Experience building and maintaining a strong information security and risk governance structure within a large organisation.
• Experience with NHS information security policies, standards and regulations including NHS IG toolkit.
• Experience of acting as chair of governance committees or boards.
• Demonstrable high level strategic thinking and planning skills.
• Experience of working with and established relationships with security agencies such as the National Crime Agency (NCA), National Cyber Security Centre (NCSC), MI5 and GCHQ.
• Professionally active and known within the information or cyber security sector, a confident and authoritative public speaker and writer. It will be beneficial to have a network of senior-level contacts within the Higher Education sector, government, and industry both in the UK and internationally.
• A demonstrable commitment to leadership development of self and others as it relates to this area of professional specialist work.
• Demonstrable professional development through a series of progressively more demanding and influential work roles.
• Ability to exercise a substantial degree of independent professional responsibility and discretion, and apply an expert understanding of their specialist to the needs of the University.
• Evidence of literacy and numeracy.
• Experience of championing Equality, Diversity and Inclusion in own work area.
• Ability to monitor and evaluate the extent to which equality and diversity legislation, policies, procedures are applied.
• Ability to identify issues with the potential to impact on protected groups and take appropriate action

View our staff values and behaviourshere

We believe there is no such thing as a 'typical' member of University of Birmingham staff and that diversity in its many forms is a strength that underpins the exchange of ideas, innovation and debate at the heart of University life. We are committed to proactively addressing the barriers experienced by some groups in our community and are proud to hold Athena SWAN, Race Equality Charter and Disability Confident accreditations. We have an Equality Diversity and Inclusion Centre that focuses on continuously improving the University as a fair and inclusive place to work where everyone has the opportunity to succeed. We are also committed to sustainability, which is a key part of our strategy . You can find out more about our work to create a fairer university for everyone on our website .

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.