The Head of IT Security is a leadership role accountable for the development, implementation, and execution of the company’s information security strategy to ensure that information assets are adequately protected.
You’ll be responsible for developing and implementing an information security programme, with policies, standards and procedures designed to protect enterprise communications, systems, and assets from both internal and external threats.
You will also be responsible for delivering and assuring the company’s key security controls whilst ensuring continuous improvement in response to changing security risks and threats.
The remit of the role is across all Openwork entities with the aim of extending our Information Security offerings to the wider Openwork Partnership.
This is a hybrid role based in our Swindon office.

• Manging a team of information security specialists (circa team size of 10) covering security engineering and operations, third party risk management, security awareness training and governance and assurance activities.
• The role will develop and maintain a business aligned information and cyber security strategy and operating model.
• Develop, implement, and monitor a strategic and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled, or processed by the company.
• Maintain and embed the Openwork Information Security Policy Framework across the company to address the security needs of our colleagues, partners, and other external stakeholders in line with relevant legislation and industry standards.
• Ensure Information Security is managed effectively throughout the IT Service Delivery lifecycle (incl. Security Operations, Security Architecture and Security Assurance).
• Identify, evaluate, and report on information security risk, practices, and projects to the executive management team.
• Take accountability for and lead the response to the most senior and complex security incidents.Pursue associated disciplinary and legal matters, liaising with the Data Protection Team on data protection legislation ensuring root causes of such breaches and understood and addressed.