Chief Information Security Officer

  • Location

    Milton Keynes, Buckinghamshire

  • Sector:


  • Job type:


  • Salary:

    Up to £100000.00 per annum

  • Contact:

    Michael Kieran

  • Contact email:

  • Job ref:


  • Published:

    2 months ago

  • Expiry date:


  • Client:


Chief Information Security Officer

About the role

The Chief Information Security Officer is an Executive role within the CIO Portfolio which services the entire Client establishment. The role holder will provide a clear vision and direction for information and Cyber Security operations. They will promote continuous improvement, innovation and agility in service delivery, whilst working in consultation and collaboration with colleagues across the establishment.

As the Chief Information Security Officer, you will be responsible for overseeing a range of technical and process security controls and leading a programme of continuous improvement in response to changing security threats and risk.

The role requires a thorough understanding of the technology underpinning the Client's IT systems, as well as a broad, up-to-date knowledge of information security frameworks, pertinent regulation and legislation, vulnerability management, incident management and response, secure development techniques and approaches, Cyber Security engineering and operations, and management and governance of Cyber risk and Cyber Security.

This is a fantastic opportunity to join a world class institution in a pivotal and highly visible leadership role which will require high levels of personal energy and commitment.

Key responsibilities

Information and Cyber Security Strategic Direction

  • Define, develop and maintain a business-aligned Information and Cyber Security strategy and operating model
  • Define and embed an Information Security Policy Framework across the establishment that addresses the needs of the client, its staff, students, and other external stakeholders in line with relevant legislation and industry standards
  • Provide advice and direction to the client's senior leadership team (Vice Chancellor's Executive), in the integration of security practices into the client's strategic and operational processes
  • Drive and deliver change to the client's Information and Cyber Security systems, processes and procedures by continuously analysing and reviewing new security technologies and practices as informed by industry best practice
  • Report to client committees and management groups on Information and Cyber Security matters
  • Represent the client on national and international external consortium groups and boards and engage effectively in appropriate external networks, ensuring the client can anticipate, meet and respond to new Information and Cyber Security challenges and threats

Person specification


  • Substantial experience in senior management in a complex IT organisation encompassing service delivery, application development and IT infrastructure
  • A track record in the management and delivery of transformational security improvements across an organisation
  • Proven experience at engaging, influencing and managing stakeholders across departmental and organisational boundaries up to and including director/Vice Chancellor Executive level
  • A track record in directing and managing innovative change and continuous improvement, ensuring excellent organisational performance and outcomes across a complex portfolio of responsibilities
  • Proven experience at managing complex budgets and resources with a track record of identifying and securing approval for business cases at enterprise level for organisational investment in information and cyber security
  • Experienced in leading, developing and motivating a team of subject matter experts


  • An excellent understanding of best practice within Information Security and risk management including standards such as ISO/IEC 27001, Cyber Essentials and CObIT
  • An excellent understanding of legislation and regulations that impact information Security E.g. Data Protection Act (2018), Freedom of Information Act, PCIDSS
  • An understanding of current and emerging threats and countermeasures and the organisational challenges to addressing these threats
  • An understanding of Application Security threats and countermeasures
  • A good practical knowledge of security technologies and wider business solutions including Firewalls, IDS/IPS, Identity and access management, SIEM, remote working and cloud technologies


  • A collaborative leader with strategic acumen and problem-solving skills, able to inspire and motivate colleagues
  • An ability to articulate strategy in an empowering, collegiate and inspiring way which also informs transparent, viable and sustainable planning processes
  • The ability to work within a regulatory framework and to articulate its potential as a tool for continuous improvement
  • Demonstrable creativity and a commitment to future-proofing service and delivery in a fast paced, ever-changing environment
  • A Self Starter with the ability to lead and drive change through an organisation
  • Excellent communication skills, both written and verbal. Ability to present complex or highly technical issues in simple and easy-to-understand formats
  • Ability to build strong relationships and influence decisions with internal and external stakeholders
  • A good understanding of project management methodology and how to implement security within them
  • Good analytical skills and the ability to challenge the norm
  • An ability to think and plan strategically and systematically while recognising the need to deliver to the business requirements
  • The ability to be pragmatic while balancing the needs of the client against security
  • The ability to cut through organisational and political barriers to achieve the overall goal