Deputy Head of Information Security - IT Services - 103211 - Grade 9

at  University of Birmingham

POSITION DETAILS

IT Services
Location: University of Birmingham, Edgbaston, Birmingham UK
Full time starting salary is normally in the range £56,021 to £64,914 with potential progression once in post to £84,644
Grade: 9
Full Time, Permanent
Closing date: 24th September 2024
UK travel may be required for this role

REQUIRED KNOWLEDGE, SKILLS, QUALIFICATIONS, EXPERIENCE

• Educated to degree level (or equivalent qualifications) in Information Security, Computer Science, or Business plus substantial work experience in a relevant technical and/or management/supervisory role in a specialist area.
• Substantial experience as an information security professional – especially in the area of information security strategy, governance, information security policy creation and maintenance and information security monitoring and compliance.
• Formal certification (CISSP or CISM) and formal training in information security standards and best practice. This will include experience implementing and/or maintaining formal best practice information security compliance or certification (e.g. ISO 27001/2, NIST CSF, Cyber Essentials, PCI DSS).
• A proven track record of creating and maintaining an information security service and developing, maintaining, implementing, and enforcing information security policy in a large institution or organisation. Experience in having dealt successfully with information security incidents.
• Experience of evaluating, creating, managing, and providing information security training.
• Demonstrated ability to operate within a secure environment on sensitive data, data request and information security incidents against strict information security policies.
• Up to date knowledge of key information security technologies including encryption, vulnerability and penetration testing, compliance checking, anti-virus, firewall, other perimeter security and intrusion detection technologies as well as risk management systems, asset management and security event and incident management and monitoring.
• Demonstrated ability and experience in establishing, tracking, measuring, and weighing information security risk.
• Demonstrated ability to build relationships at different levels of the organisation including the capability of working with and earning the respect of senior customer stakeholders.
• Able to articulate and agree a clear vision for information security strategy.
• Excellent presentation skills and the ability to create persuasive and accessible presentations to nonspecialist staff at many levels of the organisation.
• Experience of building and managing teams, including senior level responsibility for HR and financial management at divisional level.
• Experience of working with information security suppliers, both in procurement and delivery of services.
• In depth knowledge and experience with key national and international information security and digital data standards, legislation and guidance relevant to the academic and research sectors including: The Freedom of Information Act, The Data Protection Acts, The General Data Protection Regulation, The Regulation of Investigatory Powers Act, The Human Rights Act, The Privacy and Electronic Communications (EU Directive) Regulations and including recent UK and EU legislation such as the Data Retention and Investigatory Powers Act 2014 and the Counter-Terrorism and Security Act 2015.
• Experience building and maintaining a strong information security and risk governance structure within a large organisation.
• Experience with NHS information security policies, standards and regulations including NHS IG toolkit.
• Experience of acting as chair of governance committees or boards.
• Demonstrable high level strategic thinking and planning skills.
• Experience of working with and established relationships with security agencies such as the National Crime Agency (NCA), National Cyber Security Centre (NCSC), MI5 and GCHQ.
• Professionally active and known within the information or cyber security sector, a confident and authoritative public speaker and writer. It will be beneficial to have a network of senior-level contacts within the Higher Education sector, government, and industry both in the UK and internationally.
• A demonstrable commitment to leadership development of self and others as it relates to this area of professional specialist work.
• Demonstrable professional development through a series of progressively more demanding and influential work roles.
• Ability to exercise a substantial degree of independent professional responsibility and discretion, and apply an expert understanding of their specialist to the needs of the University.
• Evidence of literacy and numeracy.
• Experience of championing Equality, Diversity and Inclusion in own work area.
• Ability to monitor and evaluate the extent to which equality and diversity legislation, policies, procedures are applied.Ability to identify issues with the potential to impact on protected groups and take appropriate action
• 
  Informal enquiries to Tim Lucas, email: t.lucas@bham.ac.uk or Nigel Gildea, email: n.gildea@bham.ac.uk
  View our staff values and behaviours here
  We believe there is no such thing as a ‘typical’ member of University of Birmingham staff and that diversity in its many forms is a strength that underpins the exchange of ideas, innovation and debate at the heart of University life. We are committed to proactively addressing the barriers experienced by some groups in our community and are proud to hold Athena SWAN, Race Equality Charter and Disability Confident accreditations. We have an Equality Diversity and Inclusion Centre that focuses on continuously improving the University as a fair and inclusive place to work where everyone has the opportunity to succeed. We are also committed to sustainability, which is a key part of our strategy . You can find out more about our work to create a fairer university for everyone on our website

ROLE SUMMARY

The Deputy Head of Information Security is a key leadership position within the IT Services department. This role is responsible for supporting the Head of Information Security in developing, implementing, and managing the University’s information security strategy; drives the University’s information security posture using a risk-based approach; and takes a comprehensive approach to information security.
The Deputy Head of Information Security will collaborate with various departments across the University, managing the information and technology risk to the University’s IT facilities and information from internal and external threats; advises the University at a strategic level on existing and emerging threats; and develops the necessary IT security policies, standards, and procedures.
We would like to draw to your attention that this role is based on-site at the University of Birmingham. Whilst the University operates discretionary hybrid working arrangements for some staff, this is not guaranteed in the future. This role is not a remote position, and that on-site attendance will be required to fulfil your duties, including where needed at short notice.

MAIN DUTIES

The responsibilities of the Deputy Head of Information Security include:

• Strategic Planning : Taking a lead role in supporting the Head of Information Security in developing and executing the University’s information security strategy, policies, and procedures. This role will set the direction for the operational implementation of security architecture across the University.
• Risk Management : Identify, assess, and manage information security risks. Implement measures to mitigate risks and ensure compliance with relevant regulations, acting as an escalation point for the Information Security Team where a high level of complexity is identified. This role will work with the Head of Information Security to identify IT security risks based on changes to the external environment, setting the long term operational direction to ensure the University is prepared for future security threats.
• Security Architecture : Contribute to the design and implementation of secure systems and architectures, considering emerging threats and technological advancements. This role will provide a very high level of technical expertise in testing the market for new security solutions and evaluating their benefits to the University, working within the framework set out in the Digital Strategy.
• Incident Response : Lead and coordinate incident response efforts, working closely with IT and other departments to minimize the impact of security incidents.
• Training and Awareness : Assist with the development and delivery of information security training programs for university staff, promoting a culture of security awareness.
• Collaboration : Work directly with academic and professional services functions to facilitate risk assessment and risk management processes as well as raise awareness of risk management concerns. This role will be required to advise senior colleagues on any IT security risks relevant to their section and influence the teams to ensure risks are mitigated.
• Compliance : Ensure the IT Information Security operation is compliant with relevant laws, regulations, and standards related to information security in the academic environment
• Vendor Management : Evaluate and manage security aspects of third-party vendors and service providers to ensure the protection of university data.
• Communication : Represent the University externally as an authoritative voice in the area of information and cyber security and governance.
• Planning : Assist with overall technology planning, providing a current knowledge and future vision of technology and systems.
• Governance : Play a key role in supporting the development, maintenance and enhancement of the University’s information security management framework and all related policies and processes. This role will be responsible for the policies and standards related to the operation of IT security.
• Actively manages equality, diversity and inclusion through monitoring and evaluation and actively challenging unacceptable behaviour.
• Supports the University’s sustainability agenda through resource efficient working.
• Any other duties commensurate with the grade.