Chief Information Security Officer

This job has now expired please search on the home page to find live IT Jobs.

Chief Information Security Officer

About the role

The Chief Information Security Officer is an Executive role within the CIO Portfolio which services the entire Client establishment. The role holder will provide a clear vision and direction for information and Cyber Security operations. They will promote continuous improvement, innovation and agility in service delivery, whilst working in consultation and collaboration with colleagues across the establishment.As the Chief Information Security Officer, you will be responsible for overseeing a range of technical and process security controls and leading a programme of continuous improvement in response to changing security threats and risk.The role requires a thorough understanding of the technology underpinning the Client's IT systems, as well as a broad, up-to-date knowledge of information security frameworks, pertinent regulation and legislation, vulnerability management, incident management and response, secure development techniques and approaches, Cyber Security engineering and operations, and management and governance of Cyber risk and Cyber Security.This is a fantastic opportunity to join a world class institution in a pivotal and highly visible leadership role which will require high levels of personal energy and commitment.

Key responsibilities

Information and Cyber Security Strategic DirectionDefine, develop and maintain a business-aligned Information and Cyber Security strategy and operating modelDefine and embed an Information Security Policy Framework across the establishment that addresses the needs of the client, its staff, students, and other external stakeholders in line with relevant legislation and industry standardsProvide advice and direction to the client's senior leadership team (Vice Chancellor's Executive), in the integration of security practices into the client's strategic and operational processesDrive and deliver change to the client's Information and Cyber Security systems, processes and procedures by continuously analysing and reviewing new security technologies and practices as informed by industry best practiceReport to client committees and management groups on Information and Cyber Security mattersRepresent the client on national and international external consortium groups and boards and engage effectively in appropriate external networks, ensuring the client can anticipate, meet and respond to new Information and Cyber Security challenges and threats

Person specification

EXPERIENCESubstantial experience in senior management in a complex IT organisation encompassing service delivery, application development and IT infrastructureA track record in the management and delivery of transformational security improvements across an organisationProven experience at engaging, influencing and managing stakeholders across departmental and organisational boundaries up to and including director/Vice Chancellor Executive levelA track record in directing and managing innovative change and continuous improvement, ensuring excellent organisational performance and outcomes across a complex portfolio of responsibilitiesProven experience at managing complex budgets and resources with a track record of identifying and securing approval for business cases at enterprise level for organisational investment in information and cyber securityExperienced in leading, developing and motivating a team of subject matter experts KNOWLEDGEAn excellent understanding of best practice within Information Security and risk management including standards such as ISO/IEC 27001, Cyber Essentials and CObITAn excellent understanding of legislation and regulations that impact information Security E.g. Data Protection Act (2018), Freedom of Information Act, PCIDSSAn understanding of current and emerging threats and countermeasures and the organisational challenges to addressing these threatsAn understanding of Application Security threats and countermeasuresA good practical knowledge of security technologies and wider business solutions including Firewalls, IDS/IPS, Identity and access management, SIEM, remote working and cloud technologies SKILLSA collaborative leader with strategic acumen and problem-solving skills, able to inspire and motivate colleaguesAn ability to articulate strategy in an empowering, collegiate and inspiring way which also informs transparent, viable and sustainable planning processesThe ability to work within a regulatory framework and to articulate its potential as a tool for continuous improvementDemonstrable creativity and a commitment to future-proofing service and delivery in a fast paced, ever-changing environmentA Self Starter with the ability to lead and drive change through an organisationExcellent communication skills, both written and verbal. Ability to present complex or highly technical issues in simple and easy-to-understand formatsAbility to build strong relationships and influence decisions with internal and external stakeholdersA good understanding of project management methodology and how to implement security within themGood analytical skills and the ability to challenge the normAn ability to think and plan strategically and systematically while recognising the need to deliver to the business requirementsThe ability to be pragmatic while balancing the needs of the client against securityThe ability to cut through organisational and political barriers to achieve the overall goal