HEAD OF INFORMATION SECURITY

Salary: £95,000 - £99,000 per annum
Department: Technology, Chief Operating Office
Hours: Full-time (we’re happy to discuss flexible working arrangements)
Location:Stratford, London Office-based with high flexibility (typically 1-2 days per week in the office)

AT CANCER RESEARCH UK, WE EXIST TO BEAT CANCER.

We are professionals with purpose, beating cancer every day. But we need to go much further and much faster. That’s why we’re looking for someone talented, someone determined, someone like you.
We have an exciting opportunity for a Head of Information Security to join us.
In this position, you’ll be responsible for developing and implementing Cancer Research UK’s information security strategy, ensuring the protection of sensitive data, and maintaining compliance with relevant regulations. You’ll lead a team of security professionals, manage security incidents, and foster a culture of security across the organisation, working very closely with CRUK’s Cyber programme.
In a supportive working environment, you’ll discover something new every day, whether it’s a new connection, a new method of engagement or a talent you never knew you had. You’ll also be surrounded by people who are as dedicated to beating cancer as you are.

WHAT SKILLS ARE WE LOOKING FOR?

• Significant experience of senior information security leadership in a multisite, data-rich environment, as well as hands-on experience with security architecture for cloud and hybrid networks.
• Highly effective people manager, of both technical and non-technical teams.
• Confidence engaging C-suite, trustees, regulators and technical teams alike; clear, persuasive communicator.
• Proven communication skills with the ability to influence and negotiate through risk-based decision making.
• Continuous improvement mindset with the ability to find creative solutions to problems and a willingness to challenge conventional thinking by the development of alternative solutions.
• Highly organised with excellent project, service and supplier management skills.
• Certifications: CISSP, CISM, CCSP, or ISO 27001 Lead Auditor/Implementer.

• Strategic Leadership: Develop and execute CRUK’s information security strategy, aligning with organisational goals and risk appetite.
• Incident Management: Oversee security incidents and investigations, ensuring effective response and remediation.
• Compliance and Governance: Ensure compliance with UK GDPR, Data Protection Act 2018, PCIDSS v4.0, and other relevant regulations. Collaborate with Data Privacy, Risk, and Audit teams.
• Security Operations: Implement and enhance security controls across various platforms (Microsoft 365/Azure, AWS, Salesforce, etc.). Manage threat intelligence, monitoring, and incident response.
• Policy Development: Develop and maintain information security policies, procedures, and guidance.
• Stakeholder Engagement: Communicate effectively with C-suite, trustees, regulators, and technical teams. Represent CRUK in external security networks.
• Lead and develop a growing team of information security specialists (7+ FTE).